Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


IV. Governance issues


There are large, ongoing e-government projects in Croatia, notably the e-Firm project, e-Health and e-Justice. So far, there have been no legal cases emerging from these projects, as the whole issue is rather new (the implementation of some elements of e-government began in 2007).

As far as e-Health is concerned, the introduction of e-prescription and e-treatment orders may jeopardise the privacy of patients and the right to protection of their health data. Critics have claimed that with the implementation of e-prescriptions the doors will be wide open for all kinds of abuse of data about patients, whether they are politicians, businessmen, or just ordinary citizens. It will be easy to get to the protected information simply by knowing an individual’s OIB (PIN – Personal Identification Number). All information could be available over the phone, just by posing as a pharmacist or an employee in a hospital, claiming to a doctor that you there are problems in reading a specific e-prescription or e-medical records.

Critics have also argued that because of a lack of adequate safeguards, the Croatian Central Medical Information System (CEZIH),1 infringes Article 37 of the Constitution, provisions of the Personal Data Protection Act, as well as the Convention 108 of the Council of Europe because citizens’ personal medical records were included within the system without any notification or consent. The concern now is that with this central information system in place, information about the patients will circulate widely, including among the pharmacies, as well as public and perhaps even private institutions.

The Minister of Health has claimed that the system has been tested and ready and that the system of data protection (HL7) that has been implemented in accordance with principles from both the WHO and the European Commission. The Minister has also stressed that because there are two identical servers – in Rijeka and in Zagreb -- there is no risk of data loss. However, the president of the Chamber of Pharmacists has said that the system has not been fully functional so far, as there have been difficulties in accessing the system due to its sluggishness and other communication problems.

Open government

No specific information has been provided under this section.

Other developments

A hot topic recently in Croatia was the anonymous and unauthorised publication on the Internet of the War Veterans Registry.2 The War Veterans Registry was not publicly available and it contains various personal data on approximately 500,000 persons with the status of war veteran. Its publication was a highly discussed political subject in recent years due to requests for its publication, and claims that the number of war veterans and rights pertaining to them had been overinflated.

The Agency issued an opinion stating that the publication of the registry is a violation of personal data protection regulations, since there is no prior consent by the data subjects to the publication and no law that would allow the publication of such registry. The Agency clearly stated that the reasons of public interest are not above the relevant data protection laws.

The publication caused a crackdown by the authorities, which started a criminal investigation on the persons who made the registry public, though so far without results.3

The Croatian authority responsible for legal intercept of telecommunication services, citing security reasons and the fight against crime, recently requested that the Government issue regulations requiring mobile phone operators to register their pre-paid mobile phone users. Non-registered numbers would cease to be valid. This caused resistance from the mobile phone operators and the public. Mobile phone operators are currently negotiating and trying to postpone adoption of the legislation needed for the abovementioned. Currently it seems that such plans will be put on hold until 2011 or 2012. According to the Agency, upon adoption of the necessary legal framework, registration of pre-paid mobile phone users itself will be possible and legitimate and will not be in conflict with data protection regulation. The draft of the legal framework is not yet publicly available.

Civil society advocacy


Some NGOs have cooperated with the Personal Data Protection Agency and there are many NGOs active in the field of human rights and consumer protection. Among them, the largest and most influential are Consumer (Potrošač), Croatian Helsinki Committee and others, which have done advocacy work on privacy as a part of their regular activities.

International obligations and International cooperation

Croatia has been party to the 1966 UN International Covenant on Civil and Political Rights (ICCPR) and acceded to its First Optional Protocol, which establishes an individual complaint mechanism.4

Croatia, as a member state of the Council of Europe, has accepted the provisions of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention No. 108) and the Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows.5 Convention 108 also established the Consultative Committee of the Convention for the protection of Individuals with regard to automatic processing of personal data (T-PD). The Republic of Croatia has voting rights in the work of the T-PD.

The Republic of Croatia has signed an agreement with Eurojust on 9 November 2007 and has been exchanging opinions and information while cooperating closely on personal data issues ever since.6

EUROJUST is an EU body established in 2002 and its main objectives are reinforcing the effectiveness of cooperation and coordination between competent bodies of the EU Member States in terms of investigation of serious cross-border organised crime and prosecution procedures as well as in terms of providing more complex forms of international legal aid in criminal matters and for the purpose of accelerating of extradition procedures.

The Republic of Croatia became a member state of the International Conference of Data Protection and Privacy Commissioners in 2008. The Republic of Croatia is also a member state of Central and Eastern European Data Protection Authorities (CEEDPA).