Different institutions have many different ways of making part of their services electronically available to citizens.That is the reason why it is inevitable to look for different models of establishing a system for the protection and security of personal data when using those services.
The mobile application “Moj DDV” is available on Google Play Store and App Store, and before the installation, citizens can inform themselves about the technical specifications, the way of scanning the receipts and also, they can find the answers to frequently asked questions.
An additional confusion for the citizens who want to be informed about their right to privacy is the presentation of the Usage Policy of UJP.GOV.MK from 2017 as a document that also regulates the protection of personal data of the users of “Moj DDV”.
The StopKorona! mobile application is intended for detecting close contact with potentially infected persons through a procedure for detection of proximity to mobile devices/applications via Bluetooth technology, and its use is based on the consent of the personal data subject, i.e. voluntary download by citizens.
Electronic Registry – E-portal
The Office for Management of Registers of Births, Marriages and Deaths under the Ministry of Justice has created an Electronic Registry through which citizens can apply for services under the jurisdiction of this institution.
Each user needs to create their own username and password to continue using the services. The nature of the services, i.e. the documents for which one can apply through this portal inevitably requires the entry of a large amount of personal data (some of which are sensitive). Additionally, the portal provides the possibility for electronic payment, so that in addition to the legally established personal data, the citizen must also enter their bank account information, card number, etc.
According to the Law on Personal Data Protection and the General Data Protection Regulation (GDPR), every institution when defining the conditions for the functioning of e-services should start from the legality of personal data processing and the principle of transparency in such processing.
When the personal data is collected from citizens, the controller, in this case the institutions in charge of providing the services, at the moment of collecting the personal data, provide the following information: categories of personal data collected during the use of the e-service, legal basis for collecting personal data, identity and contact data of the controller as well as the Personal Data Protection Officer, the purposes of the processing for which the personal data are intended, information on whether the controller intends to transfer personal data to a third country or international organization, the time period for which the personal data will be stored, the way in which the citizens can exercise their rights of access, correct or delete their personal data, the right to withdraw consent at any time, the right to submit a request to the Agency for Personal Data Protection, and information on whether the controller intends to continue processing personal data for a purpose other than that for which personal data are collected in the first place.
Background illustration: Photo by David MG from Shutterstock / Shutterstock license