Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


II. Surveillance policies

National security, government surveillance and law enforcement

Wiretapping, access to, and interception of communications

Presently, communications surveillance must be authorised by the Supreme Court or by the investigatory judges in criminal proceedings for which the rights and liberties granted by the Constitution may be suspended, for the maximum period of seven months.

However, privacy is insufficiently protected under the current legal regime, and the supervision of the powers granted to the police and secret services is weak. For example, it is impossible to determine how the data gathered for the analysis by the police in the past ten years are kept and used. Also, there is no qualified supervisory body except for intelligence agencies authorised to perform the supervision of the Operative Technical Centre for Telecommunications Surveillance (OTC), and critics claim that the supervision by the Parliamentary Committee for Interior Policy and National Security and the Council for Civil Supervision of the Security and Information Agencies has been ineffective.

According to Croatian law, with the exception of legal wiretapping, if the voice of a person is recorded, he/she must be informed, so phone companies usually inform their users about such a possibility via their pre-recorded messages. The evidence collected by secret recordings without informing the person that he/she is being recorded is not accepted in court proceedings.

National security legislation

The director of the Operative Technical Centre for Telecommunications Surveillance (OTC), the authority responsible for the legal interception (LI) of telecommunications services, has issued an instruction to the telecommunications operators and municipal and county courts to direct all orders to collect telecommunications data to the police or the OTC, and not to the telecommunications operators themselves. However, the opinion of the Supreme Court is that the courts have no obligation to adhere to the instructions from the intelligence community.

According to some experts, the problem is also in the opinion or the interpretation of the director of OTC that the secret surveillance of telecommunications pursuant to the Intelligence System Act should be considered equally admissible as the evidence that the court may request in criminal proceedings. The problem, however, is not in the information thus collected for the purposes determined by the court in the proceedings, for instance somebody's displacement in the past, as the right to privacy can be limited by a valid court order in criminal proceedings. 

Whereas previously the courts issuing surveillance orders could be supervised by higher courts, the OTC is practically unsupervised (except for the formal supervision by the Parliamentary Committee) and almost uncontrollable in its collection of private data, which may even be used as valid evidence in courts, in case of criminal proceedings which have not yet been initiated.

Data retention

In the last year and a half, the Croatian authority responsible for the legal interception of telecommunications services (Operativno-tehnički centar za nadzor telekomunikacija) started exercising its rights towards the telecommunications operators in order to implement the Ordinance of the Government of the Republic of Croatia on Obligations of Telecommunication Operators in the Area of National Security (Uredba o obvezama iz područja nacionalne sigurnosti RH za pravne i fizičke osobe u telekomunikacijama).1 The Ordinance requires fixed and mobile telephone operators, Internet service providers, email providers, Internet telephony providers, and other data communication providers to store extensive data on all electronic communications for 12 months, including, but not limited to, the IP address, caller and recipient phone numbers, date and duration of the communication, type of service, IMSI and IMEI, geographical location, and other data. Providers' implementation costs are not refunded.

The courts can also request that operators provide such data, e.g. from computers and mobile phones, which can be used in criminal proceedings in a court of law.

National databases for law enforcement and security purposes

No specific information has been provided under this section.

National and international data disclosure agreements

No specific information has been provided under this section.


According to experts from the National CERT (Computer Emergency Response Team) of CARNet (Croatian Academic Research Network), the most pervasive form of cybercrime in Croatia is phishing, and it is usually committed by foreign criminals.

Critical infrastructure

No specific information has been provided under this section.

Territorial privacy

Video surveillance

The penal code provides for sanctions against persons who collect images or make videos of persons without their consent (via mobile phones, cameras, etc), but there have been no significant cases.

Video surveillance exists in many locations in large cities, usually in front of banks, embassies, and other important sites, and the evidence thus collected can be used in courts, as everybody is supposed to be aware of the fact that they are being recorded. Such evidence has actually been used in some cases of bank robberies. Video surveillance has been introduced in some schools, usually private schools with the permission of the students' parents, but its introduction in state schools has usually been opposed by the public.

Location privacy (gps, mobile phones, location based services, etc.)

The OTC and the police have the legal right to locate people with GPS and to supervise mobile phones, but so far there has been no obligation to register unregistered (non-subscription) mobile phones.

Travel privacy (travel identification documents, biometrics, etc.) And border surveillance

The introduction of biometric passports has been proposed, as a part of the agreement to lift US visa requirements for Croatian citizens, but this has not yet been implemented.

National ID

The introduction of new IDs has suppressed the use of the citizen's identity number (MBG), which can be disclosed and processed only with the permission of the person. Instead, a new number has been introduced for identification of personal bank accounts and other financial transactions, called OIB (personal identification number), which can be accessed and searched online, or received via mobile phone.

In the context of collecting information for petitions or referenda the Agency for Personal Data Protection has concluded that the request for provision of the former unique citizen's number (MBG) or any other identification number (OIB) is neither necessary nor adequate for the purpose of data collection (Article 6 paragraphs 1 and 2 of the Act).

Social Security IDs containing data about illnesses and medication have been proposed as a part of the new e-Health project, which is to be implemented in 2011.

Rfid tags

No specific information has been provided under this section.

Bodily privacy

No specific information has been provided under this section.


  • 1. Official Gazette No. 64/08 from 4 June 2008. The Ordinance entered into force on 4 June 2008.