Different institutions have many different ways of making part of their services electronically available to citizens. That is the reason why it is inevitable to look for different models of establishing a system for the protection and security of personal data when using those services. When it comes to different models of protection and security of personal data, the first matter that comes to mind is the technical aspect because some of the services are available through e-portals where citizens need to create their own profile to be able to use the service (uslugi.gov.mk). Some of the services are available through mobile applications whose use in some cases is conditioned by connection to another database (“Moj DDV”), or by turning on Bluetooth (StopKorona). Other services are included in the provided electronic services although the citizens cannot use them on their own. Their use requires mediation from authorized persons (“Moj Termin”, e-recept).
The StopKorona! mobile application is intended for detecting close contact with potentially infected persons through a procedure for detection of proximity to mobile devices/applications via Bluetooth technology, and its use is based on the consent of the personal data subject, i.e. voluntary download by citizens.
Electronic Registry – E-portal
The Office for Management of Registers of Births, Marriages and Deaths under the Ministry of Justice has created an Electronic Registry through which citizens can apply for services under the jurisdiction of this institution. Each user needs to create their own username and password to continue using the services. The nature of the services, i.e. the documents for which one can apply through this portal inevitably requires the entry of a large amount of personal data (some of which are sensitive). Additionally, the portal provides the possibility for electronic payment, so that in addition to the legally established personal data, the citizen must also enter their bank account information, card number, etc.
No matter of the way in which e-services are available to the citizens, the legislation on personal data protection sets the standards for their legal functioning. According to the Law on Personal Data Protection and the General Data Protection Regulation (GDPR), every institution when defining the conditions for the functioning of e-services should start from the legality of personal data processing and the principle of transparency in such processing. When the personal data is collected from citizens, the controller, in this case the institutions in charge of providing the services, at the moment of collecting the personal data, provide the following information: categories of personal data collected during the use of the e-service, legal basis for collecting personal data, identity and contact data of the controller as well as the Personal Data Protection Officer, the purposes of the processing for which the personal data are intended, information on whether the controller intends to transfer personal data to a third country or international organization, the time period for which the personal data will be stored, the way in which the citizens can exercise their rights of access, correct or delete their personal data, the right to withdraw consent at any time, the right to submit a request to the Agency for Personal Data Protection, and information on whether the controller intends to continue processing personal data for a purpose other than that for which personal data are collected in the first place.
Author: Metamorphosis Foundation