14
Sun, Aug
57 New Articles

„Do-not-call“ Registry – What Data Protection Does It Provide in Practice?

„Do-not-call“ Registry – What Data Protection Does It Provide in Practice?

Serbia
Tools
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

The Croatian data protection authority has recently passed a decision establishing the violation of the right to personal data protection in terms of the articles 5, 6 and 14 of the General Data Protection Regulation of EU 2016/679 (“GDPR”), due to a phone call made to the number listed in “Do-not-call” registry.

Facts and Holding

The respective decision established that a company has unlawfully processed personal data, by calling the phone number of a natural person listed in “Do-not-call” registry, with the request to partake in a survey, hence in this manner the natural person concerned had clearly denied its consent to processing the subject personal data.

The above said company is therefore prohibited from further processing of the respective user’s personal data, and it is ordered to delete the subject phone number from its internal database.

Namely, Article 6 of the GDPR stipulates that processing shall be lawful only if and to the extent that – inter alia – it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (in particular where the data subject is a child). In addition, the GDPR prescribes that the controller is liable to undertake appropriate organizational and technical measures to ensure that requirements set out by Article 5 of the respective regulation are met. Also, in this particular case the controller has also violated provisions of Article 14 of the GDPR, as it did not provide sufficient information to the data subject with respect to the subject processing.

“Do-not-call” registry under the Serbian Consumer Protection Law

As elaborated in one of our previous articles, “Do-not-call” registry is introduced to the legal system of the Republic of Serbia by the new Consumer Protection Law, which entered into force in the end of the previous year, and which stipulates that it is prohibited to make calls and/or messages by telephone to consumers whose telephone numbers are listed with the register of consumers who do not want to receive calls and/or messages within the promotion and/or sale by telephone.

The registry concerned shall be maintained by the regulatory body responsible for electronic communications (RATEL), whereby the registration therein shall be undertaken at the request of the consumer and free of charge, by an electronic communications operator with whom the consumer has an agreement concluded.

First step towards establishing of this registry is passing of the by-law by the Ministry of trade, tourism and telecommunications, within one year from entry into force of the new law, which shall regulate manner of registration and deregistration from the respective registry, conditions and manner of use and maintenance of the registry, as well as the form of the application for registration and deregistration from the registry.

Given that the afore-mentioned by-law is still not passed, i.e., as the registry concerned, at this moment, is not established, it remains to be seen what the practice of local authorities will be in this regard.

This article is to be considered as exclusively informative, with no intention to provide legal advice. If you should need additional information, please contact us directly.

By Lara Maksimovic, Senior Associate, PR Legal