WorldLII [Home] [Databases] [WorldLII] [Search] [Feedback]

EPIC --- Privacy and Human Rights Report

You are here:  WorldLII >> Databases >> EPIC --- Privacy and Human Rights Report >> 2006 >>

[Database Search] [Name Search] [Recent Documents] [Noteup] [Help]

EPIC --- Privacy and Human Rights Report 2006

Title Page Previous Next Contents | Country Reports >Republic of Macedonia

Republic of Macedonia

Constitutional Privacy Framework

The Constitution of the Republic of Macedonia[3403] recognizes the rights of privacy, data protection and secrecy of communications. Article 25 states: "Each citizen is guaranteed the respect and protection of the privacy of his or her personal and family life and of his or her dignity and repute." Article 26 states: "(1) The inviolability of the home is guaranteed. (2) The right to the inviolability of the home may be restricted only by a court decision in cases of the detection or prevention of criminal offences or the protection of people's health. Article 18 states: "(1) The security and confidentiality of personal information are guaranteed. (2) Citizens are guaranteed protection from any violation of their personal integrity deriving from the registration of personal information through data processing." Equally guaranteed is the freedom and confidentiality of correspondence. Article 17 states: "(1) The freedom and confidentiality of correspondence and other forms of communication is guaranteed. (2) Only a court decision may authorise non-application of the principle of the inviolability of the confidentiality of correspondence and other forms of communication, in cases where it is indispensable to a criminal investigation or required in the interests of the defence of the Republic."

Data Protection Framework

Several laws regulate the right of privacy in the Republic of Macedonia. The Law on Personal Data Protection (LPDP) was adopted on January 25, 2005.[3404] The LPDP explicitly identifies the exceptions from its application, focused on processing of personal data performed by natural persons purely for personal or household activities, processing of personal data in criminal procedure, as well as protection of the interests of security and defense of the Republic of Macedonia.[3405] According to the law, the personal data shall be processed fairly and lawfully, in conformity with the law and shall be collected for specified, explicit and legitimate purposes and shall be processed in a manner according to these purposes; they shall be adequate, relevant and not excessive in respect to the purposes they are collected or processed for.[3406] The data shall be accurate, complete and updated as needed. Inaccurate or incomplete data, having in mind the aims for which they were collected or processed, will be erased or rectified. The personal data shall be kept in a form that enables identification of the subject of personal data for not longer than it is necessary to fulfill the purposes for which the data were collected or for which they are further processed. The data controllers are responsible for complying with the abovementioned principles concerning the quality of personal data.[3407]

The LPDP, in accordance with the Council of Europe (CoE) Convention No. 108, provides that consent of the data subject is mandatory for processing of personal data. Personal data can be processed without the consent of the subject if it is necessary for performance of a contract where the subject of personal data is a contracting party, or upon a request of the subject of personal data, prior to entering into a contract; for compliance with a legal obligation of the data controller; for protection of the vital interests of the subject of personal data; for performance of activities of public interest or of official authority vested in the data controller or a third party to whom the data were disclosed.[3408] Furthermore, the law prohibits processing of special categories of personal data. The LPDP stipulates that processing must be specially designated and protected, while transfer through a telecommunications network may be carried out if the data are specially protected with encryption methods to render them unreadable during transmission.[3409]

The rights of the data subject include the right to examine the data collection; the right to submit a request to rectify, erase or block the processing of personal data, if the data are incomplete, inaccurate or out of date, or if their processing is not in conformity with the provisions of this law; and the right to request that their personal data are not used for advertising purposes.[3410] Furthermore, the LPDP guarantees that no court decision that produces legal effects concerning the performance of certain person can be based solely on automated data processing, the purpose of which is evaluation of certain personal aspects relating to that person.

The LPDP also established an obligation for data controllers to notify the Directorate for Protection of Personal Data before performing wholly or partly automatic processing operations and an obligation of the data controller to submit data on any newly opened collection of personal data, as well as any change of data from the existing personal data collections.[3411] The records from the Central Register kept by the Directorate are publicly accessible, and they are published in the Official Gazette of the Republic of Macedonia.[3412] Additionally, transfer of personal data to other countries can be performed only if the third country provides an adequate level of protection of personal data.

Data controllers can make personal data available on the basis of a written request submitted by the user, if the data are needed to perform activities within the legally established scope of competences of the user. The LPDP stipulates a prohibition on providing personal data processing that cannot be carried out in accordance with the provisions of this law, and the purpose for requesting such personal data must be in accordance with specific, clear and lawful purposes for which personal data is collected.[3413]

The Directorate for Personal Data Protection is currently reviewing and proposing amendments to the existing Law on Personal Data Protection.[3414] The main amendments and modifications include: adding specific provisions regarding video surveillance; the independence of the Directorate; harmonizing with recent changes in the Criminal Code and Central Register; and transfers of data to third countries. These amendments and modifications of the Law on Personal Data Protection are in compliance with the EU Directive 46/95 and they are aimed at improving the effectiveness of the work of the Directorate, i.e. the ability to directly impose sanctions, instead of just providing expertise for privately initiated court cases.[3415]

The constitutional guarantee of protection of personal data is also regulated by the Criminal Code.[3416] The "abuse of personal data" is considered a crime under the Criminal Code. The punishment for this criminal offence consists of a prescribed fine or prison sentence of up to one year for the perpetrator who, contrary to conditions established by law and without the consent of the citizen, collects, processes or uses his personal data. The same fine is provided for the person who will break into computerized information systems of personal data with the intention to use the data for himself or herself or another person in order to gain benefit or to cause harm to another person. The criminal offence of "abuse of personal data" has an aggravated form if it is committed by officials carrying out their duty, and that punishment is a prison sentence of three months to three years. The attempt to commit such a crime is also punishable. With the new amendments of the Criminal Code in 2004, legal persons can also be perpetrators of the primary form of this crime and be punished with a fine.[3417]

The Law on Organisation and Operation of State Administrative Bodies[3418] provides that state administrative bodies do not disclose data related to national security, official and business secrets, and personal data of citizens in accordance to the law that governs protection of personal data of citizens.

The Law on Voter's List[3419] protects the personal data collected in accordance with the LPDP and they must not be used for any purpose other than for exercising citizens' voting right in accordance with the Law on Voter's List. Any citizen may, within the period determined with this law, file a request for registering, amending or deleting data in the copies of the voter's list provided for public inspection in case they or any other citizen are not correctly registered on the list. Copies of the voter's list, with data related to the ordinal number, surname, name, gender, date of birth and address, are provided to registered political parties and to independent candidates.[3420]

The Law on Reporting Dwellings and Residence of Citizens[3421] stipulates that the Ministry of the Interior provides protection from unauthorized access and use of the data contained in the records on the dwelling, change of home address and residence of the citizens.

The personal data on asylum seekers, recognized refugees and persons under humanitarian protection, as well as the data on their residence and the rights they enjoy in the Republic of Macedonia are contained in the Central Collection of Data, established, processed and used by the Ministry of the Interior (Asylum Section). The above collection of data is established, processed and used by the person handling the collection in accordance with the provisions of the LPDP. In accordance with the Law on Asylum and Temporary Protection,[3422] the data from the Central Collection of Data cannot be exchanged with the country of origin of the person to whom such data relates or with the country of origin of the members of his family.

The personal identification number of the citizen is a unique designation on the identification documents of the citizen. In accordance with the Law on Personal Identification Number,[3423] the Ministry of the Interior designates a personal identification number to the citizen according to the place of registration of the newborn child in the Registry of Births kept on the territory of the Republic of Macedonia. The Ministry of the Interior provides for the retention, use and protection of the data from unauthorized access in accordance with law.

Law enforcement officers, in accordance with the Code of Police Ethics,[3424] are obliged to adhere to the citizens' right to privacy in accordance with the Constitution and the laws of the Republic of Macedonia. The collection, retention and use of personal data by the police is performed in accordance with law and the ratified international agreements for protecting personal data, restrictively and to the extent necessary for carrying out legal duties.

The Law on Classified Information[3425] establishes the measures and activities for protecting classified information. The measures and activities for security of individuals, such as issuing a security certificate, are significant. The satisfaction of the conditions for issuing a security certificate is established through a security audit carried out upon previous written consent of the person to whom a security certificate is to be issued. The data from the completed security questionnaire are used for the purposes of the audit. The law comprises the NATO and EU standards on classified information.[3426]

The Law on State Statistics[3427] regulates the protection of individual data (of natural or legal persons) collected and processed for statistical purposes. The individual data related to a legal or natural person, collected and processed for statistical purposes, are confidential data and as such can be used as separate data for statistical purposes only. By exception, access to such data is allowed for scientific purposes (without the identification data about the data subject). Publication or preparation of statistical data must be conducted in a form preventing the identification of the data subject, unless the data subject has agreed to such publishing. Data providers are notified of the data protection. The measures and techniques for protecting individual data collected and processed for statistical purposes are established in a Rulebook on the Measures and Techniques on the Protection of Individual Data Collected for Statistical Purposes (SSO internal document), adopted by the Director of the State Statistical Office. A Commission for Protection of Data has been established within the above state administrative body to supervise the protection of data.[3428]

Illegal invasion of the privacy of communications are prohibited and punishable. In accordance with the Law on Electronic Communications the holders, operators of telecommunication networks and means, as well as the providers of public telecommunication services are obliged to provide inviolability of message confidentiality within their technical abilities.[3429] Furthermore, the law contains provisions regulating protective measures for providing networks and services, communication confidentiality, caller or connecting line identification, and location information that is not traffic information, automatic call diverting, etc. The law provides privacy protection with prohibition of unauthorized wiretapping and data retention, lawful wiretapping, and prohibition of unrequited communication including telemarketing and spamming in compliance with EU standards (opt-in for inclusion in mailing lists, and the right to opt-out for users of existing mailing lists).[3430] The Act creates an inspectorate within the Agency for Electronic Communications stipulates monetary penalties of 4-7% of the annual income for legal entities and additional DEN 20,000-25,000 (around EUR 327-410) for the responsible individuals.[3431] In April 2007, Ministry of Transport and Communications initiated amendments to this Law which would increase the penalties for the offenders to EUR 1500-8000 for individual offenders.[3432]

However, there have been no cases of implementation of privacy protection provisions of the Law on Electronic Communications, and spamming remains widespread practice in the Macedonian business sector.[3433] Moreover, at least one company provides spamming services for other companies, and the number of Macedonian legal entities who publish their privacy policy (if any) remains insignificant.[3434]

The Law on the National Bank of the Republic of Macedonia[3435] obligates the members of the Council of the National Bank and the employees of the National Bank to keep official and business secrets. This obligation binds these persons for five years following the end of their membership in the Council of the National Bank. The data that are official or business secrets may be provided only upon written request of the court. Furthermore, the Banking Law[3436] establishes the persons who may not reveal data and information established as a business secret of the bank by law, statute and other bank acts. The obligation to keep a business secret that persists after the termination of employment with the bank also relates to persons with special rights and responsibilities, bank employees and other persons with access to bank operations. The data on savings and bank deposits of natural and legal entities, as well as data on the account operations of natural and legal persons, are business secrets of the bank. The above data may be provided only in the following cases: (1) If the client provides written consent to reveal the data; (2) Upon written request or order of the competent court; (3) Upon written request of the national bank for the purpose of supervision, or another body authorized by law; or (4) If the data are provided to the Directorate for Money Laundering Prevention, in accordance with law. Additionally, in accordance with the Law on Securities,[3437] the management and the employees of the Central Securities Depositary, as well as certified auditors, are obliged to keep the confidentiality of the data learned through their employment, unless they are obliged to provide such information in accordance with specified law.

Other regulations partially or indirectly regulate the privacy right. The Law on Single Registry of the Population in the Republic of Macedonia[3438] provides for the introduction, retention and contents of the single automated registry of the population in the Republic of Macedonia, the competent authority for keeping the registry, the protection of the data from the registry and the processing, publishing and use of the data from the registry.

The Law on Personal Identification Records of the Insured and Beneficiaries of Pension and Disability Insurance Rights[3439] provides for protection of the in such records. This protection encompasses undertaking measures and activities for protecting the data from: unauthorised access, unauthorised processing, and prevention of destruction, loss, modification, abuse and unauthorised use of the data.

The Law on Keeping Labour Records[3440] stipulates that the data contained in such records can be used for statistical purposes and for other official needs. Legally established data can also be used by individuals to whom the mentioned data refer to in order to exercise their rights.

The Law on Social Care[3441] provides an obligation for the social security institution and the employees to keep professional and official secrets. The Law protects the data and the facts discovered during procedures and decision-making concerning the rights of beneficiaries of social security, of legal family protection, and on the competencies established by criminal regulations.

Furthermore, the Law on Family[3442] establishes that the data on adoptions are an official secret. The Law on Health Care[3443] specifies that health sector workers are obliged to take care of patients, to respect their dignity, to adhere to medical ethics and to keep professional secrets. The obligation to keep professional secrets refers, to any worker who use medical records or in any way (in performing their tasks) comes across data contained therein. In accordance with the Law on the Protection of the Population from Contagious Diseases,[3444] the reporting of AIDS and the HIV infection, as well as microbiological findings for Treponema pallidum, Neisseria gonorhoeae, congenital infections with the Rubella virus, Tohoplasma gondii and Chlamydia gondii is anonymous.

Data Protection Authority

The LPDP foresees establishment of a Directorate for Protection of Personal Data, as an independent supervisory authority over the legality of processing of personal data, no later that August 9, 2005. The LPDP provisions regulate the establishment of the Directorate as an independent and autonomous state body with a capacity of a legal entity. The Directorate is managed by a director who is appointed and dismissed by the Parliament of the Republic of Macedonia, upon a nomination by the Government of the Republic of Macedonia. The Director is appointed for a five-year term, with the right to be re-elected twice. The director and the deputy director of the Directorate are accountable to the Parliament of the Republic of Macedonia. The director and the employees of the Directorate must keep as official secrets the data that they have encountered in their work, both during the terms of office or employment within the Directorate and afterward. The staff of the Directorate increased from 3 to 13 in 2006.[3445]

The Directorate will: assess the legality of the processing of personal data; publish the principles of processing of personal data and ensure that the Data Controllers respect them; investigate and has access to the collections of personal data established by data controllers, according to type of subjects and aims; control the operations for processing of personal data that data controllers use; collect data necessary for proper performance of its tasks; maintain a central register of collections of personal data; maintain records on transfer of personal data to other countries; receive reports or complaints related to processing of personal data by data controllers; issue prohibitions of further processing of personal data to data controller; provide opinion on the secondary legislation of the Data Controllers; and perform other tasks established by law.

The Central Register is still under construction, and the projected date for its launch is by the end of 2007. Citizens should have access to the Central Register via Directorate website. The controllers who are obliged to notify their personal data filling systems to the Central Register (by December 19, 2007) will be allowed to do that automatically, once a system for their electronic identification has been set up.

If violations of the provisions of the LPDP in the course of processing of personal data are found, the data controller must, within 30 days from the date when the violations were detected: bring its work in line with the provisions of this law and remove the reasons that led to the violations; complete, update, correct, disclose or maintain the confidentiality of the personal data; adopt additional measures for protection of the collection of personal data; interrupt the transfer of personal data to other states; secure the data or their transfer to other entities; and erase the personal data. Against a decision of the director, an administrative dispute can be initiated.[3446]

According to Directorate’s report from October 2006 to June 2007, the most frequent violations of personal data based on citizens’ complaints include: unlawfully collection and processing of Personal Identification Number; unauthorized disclosure of personal data; processing of personal data without subject’ consent on the Internet; identity theft; unlawful revealing of personal data to users and unauthorized transfer of personal data to other countries; and unauthorized recording and publication of photographs on the Internet.[3447]

LPDP specifies a transition period in which data controllers must fully adjust their operations to the Law within two years from the adoption of the by-laws (i.e. until December 19, 2007). During this transition period, Directorate cannot not impose direct sanctions for the above mentioned breaches of the LPDP, so supervision interventions were mostly of educative and consultative character.

Wiretapping and Surveillance Rules

The Constitution of the Republic of Macedonia in Article 17 guarantees the freedom and confidentiality of correspondence and other forms of communication. In 2003, an amendment of this article was made in order to regulate wiretapping and other surveillance authorities. The new Article 17 provides for violation of the confidentiality of correspondence and other forms of communication, only in cases where it is indispensable to prevent or to discover a crime, to a criminal investigation or required in the interests of the defence of the Republic. Search of homes and personal search and seizure are regulated in the Law on Criminal Procedure.[3448] In general, a judge's warrant must be issued prior to such searches.

Even though wiretapping is regulated and unauthorized wiretapping is prohibited, the wiretapping cases initiated in the past have not reached closure in court. Most notable example is the process against the state initiated by 17 journalists who have been subject to surveillance in the "Big Ear" affair of 2001.[3449] Over seven years, four different judges have unsuccessfully presided over this trial, and it was finally resolved at a retrial in June 2007. The state was found guilty, but the 17 plaintiffs stated that they remain dissatisfied with the compensation and the whole process.[3450] Their representatives stated that they won't discontinue the trial already underway at the European Court of Human Rights in Strasbourg, based on their complaint.[3451]

Members of Parliament have accused the government of conducting surveillance on over 1,400 individuals.[3452] The executive and judiciary branch of the government have so far failed to provide adequate responses to statements by Members of Parliament dealing with wiretapping.[3453]

Computer and Cybercrime Related Provisions

Computer crimes are regulated by Article 251 of the Criminal Code.[3454] This act was added to the Criminal Law in 1996. It is included in chapter 23, Criminal Acts against Property of the Republic of Macedonia.

Law enforcement professionals base their actions on the provisions of the LPDP and must obtain a court order (a warrant) in order to obtain information from private companies, such as internet providers (ISPs) or cybercafés. None of the major five ISPs displays a public copy of their privacy policy, and the Internet access or web hosting contracts do not include information about it or the rights of users according to the LPDP, or internal procedures and responsibilities for dealing with sensitive information.

Cybercafés operate under the Law for Entertainment Games and Games of Chance,[3455] and are not required to implement additional standards in regard to protection of the privacy of the users. The only provision in that law related to privacy is the obligation of confidentiality in regard to winning or losing.[3456] As a result, customers use the cybercafés at their own risk, and a number of cases of publishing excerpts of private conversations (IMs, IRC) suggests that many cafés retain activity logs and monitor the traffic in their establishments, without making that clear to their customers. Users are also threatened by other users, who use low security in the cafés to install spyware and harvest data.

Very few Macedonian websites in general display privacy protection clauses explaining what type of data they gather from each visit and what they use it for. Such examples include the sites of ISPs (with one exception),[3457] portals, media companies (all newspapers and TV stations), and state bodies (Government, President, Assembly, Ministries).

The government assigned a Minister in charge of Information Society Development, who announced creation of special laws on e-commerce and cybercrime. In contrast to similar policy efforts in the past—including the landmark National Strategy for Information Society Development (2004-2005) and the National Strategy for Electronic Communications and IT Development (Jan-Apr, 2007)—by end of May 2007 the task force working on these laws failed to include civil society representatives, and deadlines and progress of this initiatives remain hidden from public view.[3458]

Media Laws and Practice

According to representatives of both the regulatory Broadcasting Council of the Republic of Macedonia[3459] and the Association of Journalists in Macedonia,[3460] media laws in Macedonia do not specifically address the protection of privacy. Article 62 of the Law on Broadcasting[3461] includes provision of the right to response and correction if a medium publishes incorrect data, but includes no sanctions for revealing personal data.

Article 7 of Code of Journalists of Macedonia,[3462] adopted by the Association and enforced by the Council of Honour states: "The journalist shall respect the privacy of every person, except in cases when that is on the contrary with the public interest." Members of the association are "obliged to respect the personal pain and grief," and must obtain consent of parent or guardian to interview or photograph children or persons "with special needs, who are not able to decide rationally." [3463] Both above sources indicated that, to their knowledge, nobody complained about any journalistic breach of privacy during the examined period, while they had numerous suits against journalists for slander and libel.

A search commenced with "Najdi," the Macedonian search engine[3464] that indexes online news sources, provides an illustration of low media interest in the area of privacy. The search[3465] revealed 120 articles from June 1, 2004 to April 30, 2005 containing forms of the word "privacy" (keyword: privatnost, in Cyrillic), constituting 0.12%) of the total of 96,808 pages from that period.

The following breakdown provides a rough illustration of the trends in the media. Namely, only 43% of the listed privacy-related articles referred to various forms of the actual notion of privacy in the country, while the rest were either referring to developments abroad (54%) or were irrelevant (horoscopes).

Of the articles dealing with privacy in Macedonia: 31% dealt with mutual accusations of politicians during election and referendum campaigns, and the issue of their right to stay away from the public eye; 27% dealt with the life of local celebrities, with the term "privacy" ("privatnost") often incorrectly used instead of "private life" ("privaten zhivot"); 21% referred to other privacy-related issues, such as search and seizure, sanctity of the home, privacy in health care and in public sector enterprises; 11% dealt with NGO activism; 8% discussed reactions to the new wiretapping law, and 2% included a review of anti-spyware software.

NGOs' Advocacy Work

The NGO Metamorphosis Foundation organizes an annual International Conference on Privacy Protection and Open Government, providing a forum for regional cooperation and networking of decision makers and activists from the Western Balkans with the purpose of Euro-integration, especially by continuous inclusion of EU-based European Digital Rights (EDRi) representatives as speakers and participants.[3466] The Open Society Institute Macedonia (FOSIM) advocates open government through public monitoring, educational and lobbying efforts aimed at promotion of the Law on Free Access to Information of Public Character, the LPDP and the Law on Classified Information in cooperation with the relevant state bodies and Metamorphosis.

On the occasion of International Data Protection Day, January 28, 2007, Metamorphosis and the Directorate, in cooperation with the EU project for Technical Assistance to the Establishment of the Directorate and Enforcement of the Data Protection Principles, prepared and published a special issue of the periodical Metamorphosis ICT Guide titled “Privacy as Basic Human Right.” 500 printed copies have been distributed to government officials, MPs, media, and other stakeholders, including university students free of charge, and the e-version of the Guide remains available for download on Metamorphosis website.[3467]

Individual citizens have contributed in raising public awareness on privacy protection issues. The media showed significant attention to the public disclosure of the effects of 40-year state surveillance over the poet Jovan Koteski by the communist regime.[3468] In addition, a number of Macedonian bloggers have also tackled privacy issues, in posts about information society development or politics on national level.[3469]

Freedom of Information Laws

Free access to information, the freedom of reception and transmission of information are guaranteed by the Macedonian Constitution.[3470] After a drafting process of over four years, the Law on Free Access to Information of Public Character came into force on September 1, 2006.[3471] The Commission for Protection of the Right to Free Access to Public Information is in charge of monitoring of its implementation.[3472]

The Law on Local Self-Government of the Republic of Macedonia recognizes the right for informing the public. Article 8 states: "(1) The organs of the municipality, the council committees, and public agencies established by the municipality shall be obliged to inform the citizens about their work, as well as about the plans and programs which are of importance for the development of the municipality without any compensation, in a way determined by the statute. (2) The municipality shall be obliged to enable access to the basic information about the services that it provides to its citizens, in a way and under conditions determined by the statute of the municipality."[3473]

In July 1999, Republic of Macedonia signed and ratified the Convention on Access to information, Public participation in decision-making and Access to justice in environmental matters (Arhus Convention).[3474]

International Obligations

The Republic of Macedonia is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data No. 108.[3475] Furthermore, the Republic of Macedonia has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms,[3476] and in June 2004 ratified the CoE Convention on Cybercrime.[3477] The LPDP is compatible and aligned with the standards and the criteria set forth by the European Parliament and the European Council Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data 95/46/EC of 1995.

[3403] Published in the Official Gazette of the Republic of Macedonia, Nos. 52/91, 01/92, 31/98, 91/01, 84/03. The Constitution is available at the website of the Constitutional Court <>, and the website of the President <>.

[3404] No. 07/05.
[3405] LPDP at Article 4.
[3406] Id. at Article 5.
[3407] Id. at Article 5, paragraph 2.

[3408] LPDP at Article 6.
[3409] Id. at Article 8.

[3410] Id. at Article 10.

[3411]Id. at Article 29, paragraph 1: "Data Controller is obligate to submit a report to the Directorate, containing data which is in accordance to the article 27 of the law, before performing wholly or partly automatic processing of personal data. Data Controller is obligate to report the Directorate for each change of the data from the existing personal data collections."
[3412] LPDP at Article 30.

[3413] Id. at Article 34, paragraph 1 and 3: "(1) Data Controller can make personal data available on the basis of a written request submitted by the user, if the data are needed to perform activities within the legally established scope of competencies of the user. (3) Providing personal data whose processing, i.e. use cannot be carried out in accordance with the provisions of this Law is prohibited."

[3414] Law on Personal Data Protection, Official Gazette, #7, Feb. 1, 2005.
[3415] Email from Filip Stojanovski, Metamorphosis Foundation, Macedonia, to Allison Knight, Research Director, Electronic Privacy Information Center, July 10, 2007 (on file with EPIC),

[3416] Criminal Code, No. 37/96, 80/99, 4/02, 43/03 and 19/04, available online at <>.

[3417] Criminal Code, Article 149: "(1) A person who collects, processes or uses personal data from a citizen without his permission, contrary to the conditions determined by law, shall be punished with a fine, or with imprisonment of up to one year. (2) The punishment from item 1 shall apply to a person who penetrates a computerized information system of personal data, with the intention of using them in order to attain some benefit for himself or for another, or to inflict some harm upon another. (3) If the crime from items 1 and 2 is committed by an official person while performing his duty, he shall be punished with imprisonment of three months to three years. (4) The attempt is punishable. (5) If the crime from item 1 is committed by a legal entity shall be punished with a fine."

[3418] Nos. 58/00 and 44/02.

[3419] Nos.42/02 and 35/04, available at <>.
[3420] Law on Voter's List, Part III: "Protection of the personal data of the Voter's list," Article 28.

[3421] Nos. 36/92, 12/93 and 43/00.

[3422] No. 49/03.

[3423] No. 36/92.

[3424] No. 03/04.

[3425] No. 9/04.
[3426] "Macedonian Parliament resumes 53rd session," February 10, 2005, MT. net News.

[3427] No. 54/97.

[3428] The website of State Statistical Office is available at <>. According to the LPDP, Commission for Protection of Data is to be elected six months after the law goes into force, August 1, 2005. That is why the commission still does not have a homepage.

[3429] No. 13/05 adopted on February 22, 2005.

[3430] No. 13/05 adopted on February 22, 2005.
[3431] Agency for Electronic Communications, <>.
[3432] Email from Filip Stojanovski, supra.

[3433] An e-mail advertisement by DataBank company from May 20, 2007, offers access to 43,000 “business addresses” to its prospective customers for a fee of EUR 97. They send about 10 e-mails with advertisements from various companies daily.
[3434] Id.

[3435] Nos. 03/02, 51/03, 85/03 and 40/04.
[3436] Nos. 63/00, 103/00, 70/01, 37/02, 51/03, 85/03, 83/04.
[3437] Nos. 63/00, 103/00, 34/01, 04/02, 37/02, 31/03, 85/03 and 96/04.

[3438] Published in the Official Gazette of the SRM, No. 46/90.

[3439] Published in the Official Gazette of the Republic of Macedonia, No. 16/04.

[3440] No. 16/04.

[3441] No.50/97, 16/00, 17/03 and 65/04.

[3442] No. 80/92, 09/96, 38/04 and 83/04 – consolidated text.
[3443] No. 38/91, 46/93, 55/95, 17/97 – consolidated text and 10/04.
[3444] No. 66/04.

[3445] Email from Filip Stojanovski, supra.

[3446] LPDP at Article 47, paragraphs 1 and 2.

[3447] Ivana Bilbilovska, “Everybody Collects Personal Data for PR Campaigns,” Vreme, Feb. 7, 2007 available in English at <,en/>.

[3448] Nos. 15/97, 74/04.

[3449] Natali N. Sotirovska. "New Trial for the Great Ear," Dnevnik, May 31, 2007, available at <> (in Macedonian).
[3450] Each of the 17 wiretapped journalists received 6000 EUR in damages. "First Big Ear Sentence, the journalists win wiretapping process," Utrinski vesnik, June 16, 2007, available at <> (in Macedonian).
[3451] Email from Filip Stojanovski, supra.

[3452] Jasminka Dogova, "1.400 Persons Wiretapped?!," April 28, 2006, available at <> (in Macedonian).
[3453] Email from Filip Stojanovski, supra.

[3454] Criminal Code, supra.

[3455] Draft Law for Modification and Amendment to the Law on Games of Chance and Entertainment Games, Official Gazette of the Republic of Macedonia No 10/97 and 54/97.

[3456] Law for Entertainment Games and Games of Chance at Article 82.

[3457] uses the same privacy policy of its mother company, the Macedonian Telecom, which was developed for the purposes of landline telephony. (Personal inquiry with the staff of the legal department.)

[3458] Email from Filip Stojanovski, supra.

[3459] Broadcasting Council of the Republic of Macedonia websitet <>.
[3460] Association of Journalists in Macedonia website <>.
[3461] Published in the Official Gazette of the Republic of Macedonia, No.20/97 and 70/03.

[3462] Code of Journalists of Macedonia <>.
[3463] Id. at Article 9.

[3464] Najdi! – the Macedonian search engine is available at <>.

[3465] The URL for this particular search is <>. Please note that the above results referr to search commenced June 1, 2005. Najdi! constantly updates its list of sources and results may vary as archives of new sites are indexed.

[3466] Metamorphosis Foundation <>; E-society Conference webpage <>. The E-society Conference is supported by OSCE and FOSIM; FOSIM <>; European Digital Rights <>.

[3467] <,en/>.

[3468] <>.
[3469] The following URL by blog aggregator Najdi! presents a list of all articles from almost all Macedonian blogs which mention any form of the word privacy in Macedonian language <*&submit1=%CD%E0%BC%E4%E8%21&metaname=swishdefault&sort=timestamp&reverse=on>.

[3470] Article 16 of the Constitution.
[3471] Law on Free Access to Information of Public Character, Official Gazette, #13. February 1, 2006.
[3472] <>.

[3473] Published in the Official Gazette of the Republic of Macedonia, No.5/2002.

[3474] No.40/1999.

[3475] Published in the Official Gazette of the Republic of Macedonia, No. 07/05. Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS no.: 108).

[3476] Convention for the Protection of Human Rights and Fundamental Freedoms (ETS no.: 005).
[3477] Published in the Official Gazette of the Republic of Macedonia, No. 41/04. Convention on Cybercrime (ETS no.: 185).

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback