The 1992 Constitution provides for protections for privacy, data protection, and secrecy of communications. Article 16 states, "(1) The inviolability of the person and its privacy is guaranteed. It can be limited only in cases defined by law." Article 19 states, "(1) Everyone has the right to the preservation of his human dignity, personal honor and good reputation, and the protection of his name. (2) Everyone has the right to protection against unwarranted interference in his private and family life. (3) Everyone has the right to protection against the unwarranted collection, publication, or other illicit use of his personal data." Article 22 states "(1) The privacy of correspondence and secrecy of mailed messages and other written documents and the protection of personal data are guaranteed. (2) No one must violate the privacy of correspondence and the secrecy of other written documents and records, whether they are kept in private or sent by mail or in another way, with the exception of cases to be set out in a law. Equally guaranteed is the secrecy of messages conveyed by telephone, telegraph, or other similar means."[2302]
The Act on Protection of Personal Data in Information Systems was approved in February 1998 and went into effect on March 1, 1998.[2303] The Act replaces the previous 1992 Czechoslovakian legislation.[2304] It limits the collection, disclosure and use of personal information by government agencies and private enterprises either in electronic or manual form. It creates duties of access, accuracy and correction, security, and confidentiality on the data processor. Processing of information on racial, ethnic, political opinions, religion, philosophical beliefs, trade union membership, health, and sexuality is forbidden. Special protections are provided for sensitive data, defined as data revealing "racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership and data concerning health or sex life and conviction." Transfers to other countries are limited unless the country has "adequate" protection. All systems are required to be registered with the Statistical Office of the Slovak Republic.[2305]
The Act created a new office, the Inspection Unit for the Protection of Personal Data, headed by the Commissioner for Personal Data Protection, to supervise and enforce the Act.[2306] The Commissioner is appointed by the Government on the basis of a recommendation by the President of the Statistical Office. Mr. Pavol Husar took office as the first Commissioner in February 1999. The Commissioner monitors the implementation of the law, reviews registered systems, inspects the processing of personal data in information systems, receives and handles complaints concerning the violation of personal data protection in information systems, initiates corrective actions whenever a breach of legal obligations is ascertained, and participates in the preparation of generally binding regulations in the field of personal data. The Commissioner is required, to file an annual report on the status of data protection with the Government and the National Council (parliament).
As of September 2001, the office had nine staff members.[2307] In January 2001, the Commissioner said publicly that the act was going to be much more vigorously enforced and large fines imposed for violations, including non-registration. He noted that there were only 400 information systems registered when the number should really be around 20,000.[2308] Since 2001 the Unit has received eighty two serious complaints under the Act and prepared over 300 informational documents for citizens and public administration bodies on data protection issues.[2309]
One of the top priorities for the Inspection Unit over the last few years has been to secure amendments to the Act on Protection of Personal Data in Information Systems in order to bring it into full compliance with the EU Directive.[2310] In September 2001, a draft amendment to the Act was submitted to the Legislative Council of the government for approval. In November 2001, the Legislative Council reviewed the draft and made several recommendations and suggestions, including the establishment of a new independent supervisory authority, to be called the Office for Personal Data Protection. At the Council's request the Commissioner drafted a completely new Act to incorporate these changes and resubmitted it in December 2001. The new bill was approved by the Government and submitted to Parliament in February 2002. Many of the bill's provisions dealt with restructuring the supervisory authority. It also created new protections for the processing of sensitive information, defined as information relating to racial or ethnic origin, political views, religion or philosophical belief, membership in political parties, participation in political movements or trade unions, health, and sex life. It also places restrictions on the processing of the national identity number. The bill failed to pass into law, when in late June the President refused to sign it on the grounds that it did not clearly define the establishment of the new office. He also objected to the proposed implementation date of July 1, 2002, stating that it would interfere with the general election planned for September 2002. Under the election laws at the time, political parties were required to submit petition sheets containing over 10,000 signatures and including signatory's identity numbers (so called "birth numbers"), a requirement that would contradict the new law. On July 3, the Parliament passed an amended bill taking into account these objections.[2311]
On September 1, 2002, a bill known as Act. No. 428 of July 3, 2002 on Protection of Personal Data, went into effect. The law establishes the Office for Personal Data Protection and purports to provide a higher degree of protection to the subjects of data collectors.[2312] In particular, subjects of data collection are given the right to obtain a copy of his or her personal data from the controller.[2313]Moreover, the law imposes new duties on controllers who are to secure better protection of personal data and to take safeguards to mitigate the risk of infringement of personal data. The law also allows the Office to publish/issue in specific situations binding statements (measures). The law enables the imposition of stricter sanctions[2314] for violation of the act's provisions.[2315]
The Addendum to the Report on Slovakia's Progress in its Integration into the European Union states:
The National Council of the Slovak Republic adopted Personal Data Protection Act No. 428/2002 Coll. with effect from 1 September 2002. The Act ensures full compatibility with European Parliament and Council Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. The Act also accounts for written recommendations of Commission experts who examined the protection of personal data in the Slovak Republic.[2316]
Since inception of the Office of Personal Data Protection in September of 2002 through April 30, 2003, the office received thirty six complaints of Data Subjects. The office undertook nine inspections, issued five measures, referred two cases to criminal justice agencies, and registered 1752 information systems.[2317]
The Inspection Unit, now the "Office of Personal Data Protection," maintains close relations with the data protection authorities in other central and eastern European countries. In December 2001, the Data Protection Commissioners from the Czech Republic, Hungary, Lithuania, Slovakia, Estonia, Latvia, and Poland signed a joint declaration agreeing to closer cooperation and assistance. The Commissioners agreed to meet twice a year in the future, to provide each other with regular updates and overviews of developments in their countries, and to establish a common website for more effective communication.[2318]
Under the 1993 Police Law, the police are required to obtain permission from a court or prosecutor before undertaking any telephone tapping or mail surveillance.[2319] This type of activity is supposed to be used only in cases of extraordinarily serious premeditated crimes or crimes involving international-treaty obligations. However, the communist-era secret police still remain in positions of power and over the years there have been many public revelations of illegal wiretapping of opposition politicians, reporters and dissidents.[2320] In 2001 there were allegations that members of the SMK and SMER parties were being monitored and their telephones tapped.[2321] Active monitoring of The Church of Scientology by the Ministry of the Interior was also reported.[2322] Under the Criminal Code, police require a judicial search warrant to enter a private home and the court may only issue this warrant with good cause. Police are required to present the warrant before conducting the search or within twenty-four hours. There are continuing reports of Roma homes being entered without warrants.[2323]
There are legal protections for privacy in the Civil Code. Article 11 states, "everyone has the right to the preservation of his personality, mainly of life and health, personal honor and human dignity as well as privacy, name and exhibitions of personal nature." There are also computer-related offenses linked with the protection of a person (unjustified treatment of personal data).[2324] The Slovak Constitutional Court ruled in March 1998 that the law allowing public prosecutors to demand to see the files or private correspondence of political parties, private citizens, trade union organizations and churches, even when not necessary for prosecution, was unconstitutional. Court chairman Milan Cic said this was "not only not usual, but opens the door to widespread violation of peoples' basic rights and their right to privacy."[2325] Moreover, there are sector specific privacy provisions to protect an individual's medical, financial and tax records.[2326] A draft new media law, containing provisions on the protection of privacy and rights of correction, is also moving forward.[2327]
The Act on Free Access to Information was approved by the Parliament in May 2000. It sets broad rules on disclosure of information held by all "Obligees," which means state agencies (including parliament, government, courts, etc.) municipalities, legal entities established by law and by state agencies, as well as legal entities and natural persons that have been given the power by law to make decisions in the area of public administration.[2328] There are limitations on information that (a) is classified; (b) constitutes a trade, bank, or tax secret; (c) is a tax secret; (d) is a bank secret; (e) is intellectual property; (f) would violate privacy; (g) was obtained "from a person not required by law to provide information, who upon notification of the Obligee instructed the Obligee in writing not to disclose information;" (h) is information published regularly by the Obligee under a special act; (i) "concerns the decision-making power of the courts and law enforcement bodies;" or (j) identifies localities of protected animals and plants, minerals and fossils. The information requests to obligees must be disposed without undue delay, but not later than in ten days. Appeals are made to higher agencies and can be reviewed by an administrative court.[2329]
During the implementation of this Act in practice, some difficulties have been found in cases regarding appeals against decisions made by obligees that do not have their own superiors, e.g. municipalities, the National Property Fund of SR, etc. In these cases, it is not clear what is the appropriate appellate body. For example, in the case of municipalities, two different provisions of two different acts collide. On one hand, the Act on Free Access to Information states in article 19 that "if it is a decision of the municipal office, the decision on the appeal shall be made by the mayor." In practice, this is not possible because the municipal office is only an executive body of the mayor, as well as the municipal council. On the other hand, the Act No. 369/1990 on Municipalities states in article 13 that "in administrative proceedings the mayor is the administrative body." This means that the mayor is the only body that is allowed to make first-degree administrative decisions. The municipal office is not allowed to do this. Under article 27 of the Act on Municipalities, the court is the appellate body to the mayor's decision on the rights and responsibilities of natural persons or legal entities in matters of self-governance, including the disclosure of information. During more than the three years of implementing the Act on Free Access to Information, there has been no adjudication that would unify these two contradicting provisions of two different acts. Moreover, from January 1, 2003, several provisions in Act No. 99/1963 on Civil Court Procedure have changed. Among them are provisions that are important for proceedings of the court as an appellate body to the mayor's decision in matters of self-governance. The most important change is that the requester can file an appeal against the court adjudication to a higher court, a step that was not possible before. Courts have no obligatory time limit within which they must decide. The consequence of this change in the Act on Civil Court Procedure is that the process for obtaining information can be extended indefinitely while the value of the information originally requested declines in value.
There are also separate requirements for disclosure of environmental information that covers private organizations. It became effective January 1, 2001[2330] and revoked Act 171/1998 of the National Council on Free Access to Environmental Information. In February 2001, the government approved a draft law on Protection of Confidential Information to harmonize the handling of classified documents with NATO standards, despite the Data Protection Commissioner's objections that it violated human rights.[2331]
On May 30, 2001, the National Council of the Slovak Republic adopted Act. No. 241 on Protection of Confidential Information. Most of the law became effective in July, 1, 2001, the rest on November, 1, 2001.
On August 19, 2002, the National Council of the Slovak Republic adopted the act on Access to Documents Concerning the Activities of the State Security Services between 1939 and 1989 and on Establishment of the Institute of National Memory Act No. 553/2002 Coll (National Memory Act). The National Memory Act allows Slovak citizens and foreigners to request access to documents containing information about the applicants collected and maintained by the state security services between 1939 and 1989. The Act purports to provide historians, victims, and their relatives with access to documents collected by the former state security services.[2332]
The National Memory Act sets forth the principles for evidence, collection, registration, disclosure, and management of certain documents created and maintained by the security services of the German Third Reich and the former Soviet Union as well as the Czechoslovak and Slovak security agencies in the so-called "totality era," that is the period from April 18, 1939 to December 31, 1989. Specifically, the National Memory Act deals with documents concerning crimes committed on Slovak nationals as well as Slovak citizens of other nationalities. The crimes in question include (i) Nazicrimes, (ii) communist crimes, (iii) other crimes against peace, humanity, or war crimes, and (iv) other retaliations for political reasons.[2333]
Slovakia is a member of the Council of Europe and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108.[2334] In August 2001, it signed the Additional Protocol to Convention 108 regarding supervisory authorities and transborder data flows.[2335] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[2336] Slovakia joined the OECD in September 2000.