Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

New Czech Republic data protection law soon ready [2000] PLBIRp 17; (2000) 53 Privacy Laws and Business International Report 17

New Czech Republic data protection law soon ready

A report by Karel Neuwirt

A NEW DATA PROTECTION BILL is in its final phases in the Czech Republic Parliament. It is expected that the new law, harmonised with the EU Directive and Council of Europe Convention 108, will come into force on 1st December 2000.

The current Czech Republic Data Protection Act no. 256 entered into force in 1992. This law is harmonised neither with the Council of Europe Convention (ETS 108), nor with the EU Directive. Critical opinion by the Council of Europe, and new requirements arising from the position of the Czech Republic as an applicant state to the EU, were the main motivation to prepare a new data protection law.

A Bill has been prepared by the Office of the State Information System. It was adopted by the Czech Cabinet in September 1999. Since October last year, the Bill has been debated in the Czech Parliament. Some amendments have been adopted by both chambers of the Parliament, the Chamber of Deputies and the Senate. Final debate and voting in the Chamber of Deputies will be on the agenda in April.

NEW LAW FOLLOWS THE DIRECTIVE

In contrast to Act no. 256, the new law uses terminology and definitions comparable with the EU Directive. For example, the Bill uses the terms "personal data" and "data subject" instead of the former "information" and "affected person". Article 4 (Definitions) includes, among others, new definitions of "processing of personal data" and "sensitive data".

The scope of the law includes state authorities, public administration bodies and other natural or legal persons who process personal data. The law will apply to automatic or manual processing of personal data which are collected systematically (filing system). Obligations of controllers and processors are stated in articles 5-15, rights of data subjects are determined in articles 21-26 of the Bill.

NEW ASPECTS

Completely new aspects in the Bill are provisions concerning establishing a data protection supervisory authority (the Office for Personal Data Protection), transfers of personal data to other countries, and sanctions. These issues are missing in the present Act, and that has resulted in many difficulties in the practical application of the law.

NOTIFICATION WILL BE INTRODUCED

A novelty in the Czech Data Protection Bill is also the obligation to notify the supervisory authority about data collection and processing (articles 16,17). It is expected that this obligation will cause some "stocktaking" of personal data files.

Enforcement of the law is ensured by sanctions specified in articles 44- 46. A controller or processor who violates the law will be punished by a penalty of up to CZK 20 million (approx. EUR 564,000). A natural person (for example an employee) can be punished with a fine up to CZK 50,000 (EUR 1,400).

During the preparation of the Bill, some lobbyists tried to change the parts of the law that determine the principles on data quality and the legitimacy of data processing. These lobbying activities, undertaken by direct marketers and credit referencing companies, were unsuccessful.

After a final vote in the Chamber of Deputies of the Czech Parliament, the Bill will pass on to the President of the Czech Republic, Vaclav Havel, for signature. The Bill proposes to establish the Office for Personal Data Protection from the beginning of June, and the law to enter in force on 1st December 2000.

Karel Neuwirt is head of the group of experts responsible for the preparation of the Bill. He is also a Czech delegate in the Council of Europe Project Group on Data Protection (CJ-PD), and a member of its Co-ordination Group. He can be contacted at the

Office for the State Information System Dept. of Personal Data Protection Havelkova 22,

Prague 3 130 00 Czech Republic.

Tel: + 420 (0) 2100 8111

e-mail: neuwirtk@usiscr.cz