WorldLII [Home] [Databases] [WorldLII] [Search] [Feedback]

EPIC --- Privacy and Human Rights Report

You are here:  WorldLII >> Databases >> EPIC --- Privacy and Human Rights Report >> 2006 >>

[Database Search] [Name Search] [Recent Documents] [Noteup] [Help]

EPIC --- Privacy and Human Rights Report 2006

Title Page Previous Next Contents | Country Reports >Slovak Republic

Slovak Republic

Constitutional Privacy Framework

The 1992 Constitution provides for protections for privacy, data protection, and secrecy of communications. Article 16 states, "(1) The inviolability of the person and its privacy is guaranteed. It can be limited only in cases defined by law." Article 19 states, "(1) Everyone has the right to the preservation of his human dignity, personal honor and good reputation, and the protection of his name. (2) Everyone has the right to protection against unwarranted interference in his private and family life. (3) Everyone has the right to protection against the unwarranted collection, publication, or other illicit use of his personal data." Article 22 states, "(1) The privacy of correspondence and secrecy of mailed messages and other written documents and the protection of personal data are guaranteed. (2) No one must violate the privacy of correspondence and the secrecy of other written documents and records, whether they are kept in private or sent by mail or in another way, with the exception of cases to be set out in a law. Equally guaranteed is the secrecy of messages conveyed by telephone, telegraph, or other similar means."[4550]

Data Protection Framework

The Personal Data Protection Act No. 428/2002 Coll. (PDPA) repealed the Act No. 52/1998 Coll. on Protection of Personal Data in Filing systems.[4551] The PDPA brings Slovakian data protection in line with the European Parliament and Council Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. The PDPA was amended in 2005 by Act 90/2005 Coll. The PDPA limits the collection, disclosure and use of personal information by government agencies and private enterprises either in electronic or manual form. It creates duties of access, accuracy and correction, security, and confidentiality on the data processor. Processing of information on racial, ethnic, political opinions, religion, philosophical beliefs, trade union membership, health, and sexuality is forbidden. Special protections are provided for sensitive data, defined as data revealing "racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership and data concerning health or sex life and conviction." Transfers to other countries are limited unless the country has "adequate" protection. All systems are required to be registered with the Office for Personal Data Protection of the Slovak Republic.[4552]

The OPDP asked the European Commission Data Protection Unit to review the latest PDPA amendments, in order to identify where further harmonization with the Directive 95/46/EC is needed. The EC Data Protection Unit provided detailed comments in February 2006, and the Unit’s recommendations are expected to form the next round of PDPA amendments.[4553]

Data Protection Authority

The 2002 Act created the Office for Personal Data Protection of the Slovak Republic (OPDP), headed by the President, to supervise and enforce the Act.[4554] The OPDP and its President replaced the Commissioner and his Inspection Unit of Personal Data Protection. The President is elected by the National Council. The OPDP monitors the implementation of the law, reviews registered systems, inspects the processing of personal data in information systems, receives and handles complaints concerning the violation of personal data protection in information systems, initiates corrective actions whenever a breach of legal obligations is ascertained, and participates in the preparation of generally binding regulations in the field of personal data. The OPDP is required to file a bi-annual report on the status of data protection with the National Council.[4555]

Several of the amendments over the last few years have brought Slovakia’s data protection scheme into compliance with the EU Directive. In addition to establishing the OPDP, the 2002 amendments provided subjects of data collection with the right to obtain a copy of their data from the controller.[4556] Moreover, the law imposes new duties on controllers, who are to secure better protection of personal data and to take safeguards to mitigate the risk of infringement of personal data. The law also allows the OPDP to publish or issue in specific situations binding statements (measures). The law enables the imposition of stricter sanctions, including fines, for violation of the act's provisions.[4557] In 2005, the OPDP annotated more than 100 legislative acts dealing with issues of personal data protection, and issued more than 690 statements.[4558]

The OPDP also organized numerous seminars and consultations about the recent amendments to the PDPA, gave many lectures, and launched a new website. The OPDP also conducted a survey of data protection awareness. The poll showed that awareness of citizens about personal data protection rights was 25% higher that in 1999. The most sensitive personal data, according to citizens, was the national ID, followed by property and financial data, health data, and biometric data.[4559]

By April 2006, the OPDP had registered 37,500 notifications of the appointment of personal data protection officials responsible for internal enforcement. Also, the OPDP had processed 13 registrations of filing systems, and received a total of 4,639 applications for registration of filing systems. The OPDP has given consent to 28 cases of cross-border transfer of personal data to third countries. In the first half of 2006, the OPDP received 38 complaints. The OPDP also conducted 28 preventive audits of video surveillance systems at municipal police stations, hospitals, gas stations, supermarkets, and other places.[4560]

The OPDP received several complaints about cases of fraud, faked contracts, and identity theft resulting in credit/debit card fraud. Many banks and private sector entities are instituting biometric authentication/verification in order to combat some of these abuses. However, consent to use biometric data is only required under the PDPA if the biometric data falls under the PDPA’s definition of personal data. There are no biometric-specific rules on collecting, using or disclosing this data.[4561]

The OPDP maintains close relations with the data protection authorities in other central and eastern European countries. In December 2001, the Data Protection Commissioners from the Czech Republic, Hungary, Lithuania, Slovakia, Estonia, Latvia, and Poland signed a joint declaration agreeing to closer cooperation and assistance. The Commissioners agreed to meet twice a year in the future, to provide each other with regular updates and overviews of developments in their countries, and to establish a common website for more effective communication.[4562]

Wiretapping and Surveillance Rules

Under the 1993 Police Law, the police are required to obtain permission from a court or prosecutor before undertaking any telephone tapping or mail surveillance.[4563] This type of activity is supposed to be used only in cases of extraordinarily serious premeditated crimes or crimes involving international-treaty obligations. However, the communist-era secret police still remain in positions of power and over the years there have been many public revelations of illegal wiretapping of opposition politicians, reporters and dissidents.[4564] In 2001, there were allegations that members of the SMK and SMER parties were being monitored and their telephones tapped.[4565] Active monitoring of the Church of Scientology by the Ministry of the Interior was also reported.[4566] Under the Criminal Code, police require a judicial search warrant to enter a private home and the court may only issue this warrant with good cause. Police are required to present the warrant before conducting the search or within 24 hours. There are continuing reports of Roma homes being entered without warrants.[4567]

There are legal protections for privacy in the Civil Code. Article 11 states, "everyone has the right to the preservation of his personality, mainly of life and health, personal honor and human dignity as well as privacy, name and exhibitions of personal nature." There are also computer-related offenses linked with the protection of a person (unjustified treatment of personal data).[4568] The Slovak Constitutional Court ruled in March 1998 that the law allowing public prosecutors to demand to see the files or private correspondence of political parties, private citizens, trade union organizations and churches, even when not necessary for prosecution, was unconstitutional. Court chairman Milan Cic said this was "not only not usual, but opens the door to widespread violation of peoples' basic rights and their right to privacy."[4569] Moreover, there are sector-specific privacy provisions to protect an individual's medical, financial and tax records.[4570] A draft new media law, containing provisions on the protection of privacy and rights of correction, is also moving forward.[4571]

Slovakia adopted the Act on Electronic Communications Services at the beginning of 2004. In February 2006, Slovakia added new provisions regulating cookies and unsolicited communications in order to fully implement EU Directive 2002/58/EC.[4572]

In April 2005, the Slovak government announced plans to start issuing biometric passports by September 1, 2006. New passports introduced by the Slovakian government in April 2005 have better security features than the previous travel document and, although they do not currently include any biometric identifier, are "biometric-ready." According to Interior Minister Vladimir Palko, a digital facial image of the holder will be included in passports starting in September 2006, while a fingerprint scan will be added starting March 1, 2008. The biometric passports will provide Slovakia with further arguments to negotiate visa-free travel to the United States for its citizens.[4573]

In addition, the Schengen Evaluation Mission visited Slovakia in February 2006 in order to examine the legal, institutional and organizational framework of personal data protection, particularly related to visas. The recommendations of the evaluation were incorporated into the Schengen action plan, in order to assist Slovakia in fulfilling the requirements of the European Commission.[4574]

EU member countries must make laws necessary to comply with the EU directive 2006/24/EU on Data Retention no later than September 15, 2007. Ireland has launched a legal challenge at the European Court of Justice to determine whether the European Commission and Parliament should have had any role in determining the data retention issue. This position is also supported by the government of Slovakia.[4575]

Major Privacy Case Law

In 2006, the European Court of Human Rights issued a decision on the impossibility to challenge in court a judicial declaration of paternity under Slovakia’s legal system. In 1970, a court had determined that the appellant was the father of a minor, to whom he subsequently paid support. Decades later, retesting with improved methods determined that the appellant was not, in fact, the father. However, he was unable to remove this status from several public documents, and was concerned how this legal finding of paternity would affect the disbursement of his estate. The ECHR found that the appellant’s inability to change this finding was a violation of the individual’s right to privacy found at Article 8 of the European Convention on Human Rights.[4576]

In situations that are not regulated by detailed provisions of the acts,[4577] the public administration has the discretion to interpret and apply general legal terms, such as "privacy" or "honor," in conformity with the Constitution, and thus may consider that the right to privacy is in certain cases[4578] restrained in favor of the right to information. The obligation of the public administration to consider constitutional principles[4579] was recognized by the Slovak Constitutional Court in the ruling II. ÚS 44/00, where held that making a film record of policemen performing their official duties is not an invasion of their right to privacy and should be allowed.

Another serious problem arises when the information about official duties (performing within public administrative bodies or institutions public functions) is considered personal data. This information is often withheld. For instance, the Ministry of Foreign Affairs refused to provide information about the names and functions of its employees to protect their personal data. Currently, two legal actions have been brought against the Ministry to the Regional court in Bratislava.[4580] At the end of the 2004, the Cabinet approved rewards for high state officials. However, when journalists asked the Cabinet to disclose the amount of the rewards or concrete sums and persons' names, the Cabinet responded that this information could not be disclosed on data protection grounds.[4581]

The Act No. 215/2004 on the Protection of Confidential Information states that Confidential Information Lists are created by the head of each authority that deals with confidential information. That means that one of the duties of the head of the authority is to determine the fundamental scope of classified information, and unless he or she determines otherwise, to decide on the period of, change to, and extinction of, the security classification level. The information can be classified as confidential information only in fields stipulated by the Government of the Slovak Republic in regulation No. 216/2004.

On August 19, 2002, the National Council of the Slovak Republic adopted the Act on Access to Documents Concerning the Activities of the State Security Services between 1939 and 1989 and on Establishment of the Institute of National Memory Act No. 553/2002 Coll (National Memory Act). The National Memory Act allows Slovak citizens and foreigners to request access to documents containing information about the applicants that was collected and maintained by the state security services between 1939 and 1989. The Act purports to provide historians, victims, and their relatives with access to documents collected by the former state security services.[4582]

The National Memory Act sets forth the principles for evidence, collection, registration, disclosure, and management of certain documents created and maintained by the security services of the German Third Reich and the former Soviet Union as well as the Czechoslovak and Slovak security agencies in the so-called "totality era," the period from April 18, 1939, to December 31, 1989. Specifically, the National Memory Act deals with documents concerning crimes committed on Slovak nationals as well as Slovak citizens of other nationalities. The crimes in question include (i) Nazi crimes, (ii) communist crimes, (iii) other crimes against peace, humanity, or war crimes, and (iv) other retaliations for political reasons.[4583]

Open Government

The Act on Free Access to Information was approved by the Parliament in May 2000. It sets broad rules on disclosure of information held by all "Obligees," which means state agencies (including parliament, government, courts, etc.) municipalities, legal entities established by law and by state agencies, as well as legal entities and natural persons that have been given the power by law to make decisions in the area of public administration.[4584] There are limitations on information that (a) is classified; (b) constitutes a trade, bank, or tax secret; (c) is a tax secret; (d) is a bank secret; (e) is intellectual property; (f) would violate privacy; (g) was obtained "from a person not required by law to provide information, who upon notification of the Obligee instructed the Obligee in writing not to disclose information"; (h) is information published regularly by the Obligee under a special act; (i) "concerns the decision-making power of the courts and law enforcement bodies"; or (j) identifies localities of protected animals and plants, minerals and fossils. The information requests to obligees must be disposed without undue delay, but not later than in 10 days. Appeals are made to higher agencies and can be reviewed by an administrative court.[4585]

During the implementation of this Act in practice, some difficulties have been found in cases regarding appeals against decisions made by obligees that do not have their own superiors, e.g. municipalities, the National Property Fund of SR, etc. In these cases, it is not clear what is the appropriate appellate body. For example, in the case of municipalities, two different provisions of two different acts collide. On one hand, the Act on Free Access to Information states in Article 19 that, "if it is a decision of the municipal office, the decision on the appeal shall be made by the mayor." In practice, this is not possible because the municipal office is also an executive body of the mayor. On the other hand, Act No. 369/1990 on Municipalities states in Article 13 that, "in administrative proceedings the mayor is the administrative body." This means that the mayor is the only body that is allowed to make first-degree administrative decisions. The municipal office is not allowed to do this. Under Article 27 of the Act on Municipalities, the court is the appellate body to the mayor's decision on the rights and responsibilities of natural persons or legal entities in matters of self-governance, including the disclosure of information. During more than the three years of implementing the Act on Free Access to Information, there has been no adjudication that would unify these two contradicting provisions of two different acts. Moreover, since January 1, 2003, several provisions in Act No. 99/1963 on Civil Court Procedure have changed. Among them are provisions that are important for proceedings of the court as an appellate body to the mayor's decision in matters of self-governance. The most important change is that the requester can file an appeal against the court adjudication to a higher court, a step that was not possible before. Courts have no obligatory time limit within which they must decide. The consequence of this change in the Act on Civil Court Procedure is that the process for obtaining information can be extended indefinitely, while the value of the information originally requested declines in value.

There are also separate requirements for disclosure of environmental information that covers private organizations. New requirements became effective January 1, 2001[4586] and revoked Act 171/1998 of the National Council on Free Access to Environmental Information. In February 2001, the government approved a draft law on Protection of Confidential Information to harmonize the handling of classified documents with NATO standards, despite the Data Protection Commissioner's objections that it violated human rights.[4587]

In July 2005, it was reported that the Interior Ministry sought to change the existing free access to information law, which gives citizens the right to get information from public and municipal authorities. If the changes are introduced, a public official who withholds information will no longer be committing an offense. At present, a bureaucrat who fails to provide information requested by a citizen can be fined up to SKK 50,000 (~ USD 1,570) and be suspended from the job for up to two years. In the Interior Ministry's proposal, however, the offence clause would be left out of the freedom of information law. Jana Pôbišová, of the Interior Ministry, said that this is because the state or municipal employees do not act as private entities, but rather in the name of legal entities, the state or municipal authorities, and should therefore not be punished as individuals. Activists claim, however, that if the clause is eliminated, it will be virtually impossible to identify who is responsible for withholding information.[4588]

International Obligations

Slovakia is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108).[4589] In August 2001, it signed, and later ratified, the Additional Protocol to Convention 108 regarding supervisory authorities and transborder data flows.[4590] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[4591] Slovakia joined the Organization for Economic Cooperation and Development (OECD) in September 2000. On May 1, 2004 Slovakia joined the European Union. Slovakia has signed, but has not ratified, the Convention on Cybercrime (ETS No.185).[4592]

[4550] Act No. 460 of September 1, 1992 Constitution of the Slovak Republic (September 1, 1992), available at <>.

[4551] Act No. 428/2002 Coll. on Protection of Personal Data (PDPA), as amended by the Act No. 602/2003 Coll., Act No. 576/2004 Coll. and the Act No. 90/2005 Coll., available at <>.
[4552] Id.

[4553] Ninth Annual Report of the Article 29 Working Party on Data Protection, June 2006, available at <>.

[4554] <>.
[4555] PDPA, supra.

[4556] Id.
[4557] Id.
[4558] Ninth Annual Report of the Article 29 Working Party on Data Protection, June 2006, supra.

[4559] Id.

[4560] Id.

[4561] Id.

[4562] Central and Eastern Europe Data Protection Authorities website <>.

[4563] Code of Criminal Procedure, Articles 86 to 88.
[4564] "Hungarian Politicians in Slovakia Are Being Bugged," CTK National News Wire, February 21, 1995; "Deputy Brings Charges Against Slovak Secret Services Spokesman," CTK National News Wire, August 21, 1997.
[4565] US State Department Human Rights Report 2001 – Slovakia, available at <>.
[4566] Id.
[4567] US State Department Human Rights Report 2006 – Slovakia, available at <>.

[4568] European Commission, Agenda 2000 - Commission Opinion on Slovakia's Application for Membership of the European Union, Doc 97/20, July 15, 1997.
[4569] "Court Rules Law on Public Prosecutors Unconstitutional," CTK National News Wire, March 4, 1998.
[4570] Act No. 277/1994 on Health Care; Act No. 21/1992 on Banks (later cancelled and replaced by Act. No. 483/2001 on Banks); Act No. 511/1992 on Tax Fee Administration; see "Data Protection Laws of the World," Christopher Millard and Mark Ford, Clifford Chance, Sweet & Maxwell 2000.
[4571] "Culture Ministry to Draft Own Media Law," BBC Worldwide Monitoring, February 9, 2001.

[4572] Act No.117/2006 Coll., effective April 2006.

[4573] "Slovakia to Issue Biometric Passports in 2006," eGoverment news, April 12, 2005.

[4574] Ninth Annual Report of the Article 29 Working Party on Data Protection, June 2006, supra.

[4575] “Data Retention Directive Passed,” Digital Rights Ireland, December 15, 2005 <>.

[4576] Paulik v. Slovakia, 10699/05, N° 90, European Court of Human Rights, October 10, 2006, available at <>.

[4577] In instances, where the general legal terms as "privacy" or "honor" are applied – for example under Section 11 of the Slovak Civil Code "A natural person has a right to the protection of his personality, honor, dignity, privacy, name and personal expressions."
[4578] See judgment II. ÚS 44/00 of the Slovak Constitutional Court.
[4579] Principle, that all laws shall be interpreted and applied in conformity with the Constitution. For instance Article 152 Paragraph 4 of the Constitution stipulates this principle.

[4580] These are pending cases and have not been decided yet. Numbers of court proceedings are: 1S 64/05 and 2S 94/05.

[4581] PRAVDA, December, 10 2004, available at

[4582] E-mail from Zuzana Babicová, Office for Personal Data Protection, Slovak Republic, to John Baggaley, EPIC, June 16, 2003 (on file with EPIC).

[4583] Id.

[4584] Act on Free Access to Information, available at <>.

[4585] E-mail from Vlado Pirosik, Public Interest Lawyer, Environmental Lobbying Facility, Slovak Republic, to John Baggaley, Law Clerk, EPIC, July 11, 2003 (on file with EPIC). The Act on Free Access to Information stipulates the duty for obligees to provide information "without undue delay, but not later than in ten days." If a requester does not get the information from either the obligee or from the appellate body (in the previous administrative proceedings), the requester has the right (Article 19, paragraph 4) to access the administrative court and let the court review both the administrative decisions. If the requester decides to use this right, from the moment she files a civil action, the proceeding is governed not by the Act on Free Access to Information, but by Act 99/1963 on Civil Court Procedure. Under this act, there is no obligatory time limit imposed upon the courts. Typically, in Slovakia, this procedure takes five to six months.

[4586] Act on Free Access to Information, available at <>.
[4587] "Government Approves New Version of Law on Confidential Information," BBC Summary of World Broadcasts, March 2, 2001.

[4588] "Ministry Proposes Changes to Law on Access to Information," The Slovak Spectator July 22, 2005, available at <>.

[4589] Signed April 14, 2000; ratified September 13, 2000; entered into force January 1, 2001, available at <>.
[4590] Ratified on January 1, 2004, available at <>.
[4591] Signed February 21, 1991; ratified March 18, 1992; entered into force January 1, 1993, available at <>.
[4592] Signed February 4, 2005, available at <>.

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback