Support the AIP
Home > Personal Data > Legal help by AIP > Summary of cases

2010

20122011201020092008200720062005

Excerpt from AIP annual report Access to Information in Bulgaria 2010


 

In 2010, AIP team also provided legal help and consultation in cases related to the personal data protection. We were addressed by citizens who had concerns about their personal data being unlawfully processed, but also by personal data administrators who had questions regarding the correct application of the provisions of the Personal Data Protection Act. An employee from a national university hospital asked for consultation regarding the overall internal regulation of the personal data protection in the hospital. AIP team advised the drafting of internal rules for personal data processing, the organization and description of the hospital registers, as well as necessary measures which the management should take to guarantee lawful processing of the data of the patients.

 

Personal Data Protection and the Schengen Information System

 

In the beginning of November 2010, Bulgaria was included in the Schengen Information System (SIS). The topic triggered the interest of the journalists. The AIP team was often addressed with questions about the content, operating mechanism of the system and citizens' rights in processing their personal data. What exactly is the SIS and whose personal data are processed? What could citizens do if they had suspected violation of their rights at the processing of data in the SIS? Which are the national competent bodies, responsible for the operation of the system and which is the oversight body with regard to the lawful processing of personal data? Those were some of the most frequently asked questions.

The Schengen Information System is the largest shared database on maintaining public security, supporting police and judicial co-operation and managing external border control. The SIS contains entries, called “alerts,” on wanted and missing persons, lost and stolen property and entry bans. Everybody has the right of access to their personal data contained in the SIS if any had been collected. If citizens suspect unlawful processing of their personal data in the SIS, they should address the national body responsible for the collection of the data (in Bulgaria this is the Ministry of Interior) or the national authority for protection of personal data (in Bulgaria – the Commission for Personal Data Protection).

 

Personal Data Protection and Video Surveillance

 

Are video records from the cameras installed in banks, shops, ATMs, hospitals, schools, and kindergartens personal data subject to protection? Should personal data administrators declare the processing of these data in the public register of data administrators maintained by the Commission for Personal Data Protection (CPDP)? Such questions were referred to AIP by citizens, as well as data administrators subject to registration to the CPDP. Citizens inquired about the cases and places where video surveillance was allowed, while the administrators questioned about their obligations with regard to video surveillance personal data protection. According to a written statement by the CPDP as of July 27, 2010, each administrator processing personal data by producing a video record from a surveillance tool is obliged to keep and declare a specific register Video Surveillance. The administrators should inform the persons about the video surveillance with signs put in a visible way containing information, identifying the respective personal data administrator, including contact information.

 

Right to Information and Personal Data Protection

 

In several cases, AIP has provided representation in proceedings before the Commission for Personal Data Protection. The newspaper Rositsa from the town of Sevlievo has requested our assistance. In 2009, the newspaper had published part of the bulletin of the Ministry of Interior which contained information about arrested persons for alleged robbery identified with the first letters of their names. After “recognizing” themselves in the publication, the perpetrators filed an appeal to the Commission for Personal Data Protection arguing that the newspaper had violated their right to privacy by publishing information about their arrest containing their initials. The Commission dismissed the appeal against the journalists motivating their decision in the fact that initials are not enough to identify a person in an unambiguous way. That is why there was no violation of the Personal Data Protection Act.