Category Archives: Slovenia

The Information Commissioner of the Republic of Slovenia

The IPRS issues a report on the Use of Drones

On 30 July 2015, the Information Commissioner (IP) issued a report on the use of drones in relation to the Data Protection Act.

It highlighted the features of such processing of personal data which may include; weapon systems, systems for the transportation and delivery and systems for control and data acquisition and outlined a wide range of risks which differ depending on what kind of data acquisition systems are used, giving a special enphasis to data capture by the police, especially in the case of mass captures and processes data.

One section of the report analyses risks associated with protecting information privacy and explain in detail to a wide range of stakeholders the principle of legality and the press exception and the principle of proportionality according to its national Data Protection Act.

Ultimately, the report examined the use of unmanned aircrafts by law enforcement authorities as they have important implications not only for the full range of constitutionally protected human rights but also as an ethical imperative and gave the following recommendations based on International Working Party on Data Protection and Telecommunications and the Article 29 Working Party:

a) The use of drones should be regulated in a way that ensures safe use and at the same time providing adequate safeguards for the provision and protection of fundamental rights.

b) They must ensure compliance with the reasonable expectations of privacy, both in private contexts such as in public places.

c) The collection and further processing of personal data by public sector shall be defined by law or under the terms of Article 9 of the PDPA-1.

d) They shall comply with the requirements regarding the protection of personal data (eg. the statements and actions of awareness among managers, certification of operators, etc.) and if necessary, the identification of the exemption for journalistic purposes.

e) In cooperation with the supervisory authorities for data protection regulators, it should develop an appropriate scheme for carrying out Data Protection Impact assesment, which will help operators of unmanned aircrafts.

f)  It is also necessary to improve the cooperation between the Civil Aviation Agency and the supervisory authorities for data protection and involve all stakeholders, including representatives of the media, non-governmental organizations, operators and service providers, among others.

h) Ultimately, it is indispensable to encourage the development of self-regulatory codes of conduct and other initiatives to ensure responsible use of drones.


The Information Commissioner of the Republic of Slovenia

Guidelines on Privacy Impact Assessment in e-Government Projects

The purpose of these guidelines is to present Privacy Impact Assessment as identification, analysis and risk-reduction tool for the purpose of lawful processing of personal data within the scope of e-Government development strategy implementation.

The target audiences of these guidelines are policy-makers, personal data controllers, service developers, providers of information and communication technologies as well as other stakeholders in e-Government development strategies.

The Information Commissioner of the Republic of Slovenia

Guidelines on Privacy Impact Assessment for the Introduction of new Police Powers

The main purpose of these guidelines is to provide a tool that law enforcement policy makers can use when introducing new police powers, particularly those entailing the use of technical measures. This tool will aid in conducting of a thorough privacy impact analysis (PIA), help in assessing the necessity, adequacy, effectiveness and proportionality of the new measures, allow for due public debate on the subject, and assist in providing adequate safeguards against serious infractions of fundamental constitutional rights.

These guidelines are intended to Law enforcement, Office of the Attorney General, Ministry of Justice and general public.

The Information Commissioner of the Republic of Slovenia

Guidelines on cloud computing

The purpose of the document is to establish common control points, by which user as well as supervisory  authorities will be able to come to informed decisions regarding the use and oversight of the cloud computing services in part where processing of personal data is concerned. The initiatives for safer use and certifications of cloud services on the other hand are offered guidelines for future developments with the goal of compliance with personal data protection legislation.

The document is aimed at users of cloud computing – small and medium enterprises and organizations; (Local) providers of cloud computing; State supervisors for data protection; (certified) auditors of information systems and Internal and external auditors.