Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Chapter: 

I. Legal framework

Constitutional framework

The Constitution of the Republic of Macedonia1 recognises the rights of privacy, data protection, and secrecy of communications. Article 25 states, "Each citizen is guaranteed the respect and protection of the privacy of his or her personal and family life and of his or her dignity and reputation." No one may interfere in personal and family life except in cases in which the expression and conduct of the person threatens the generally accepted social norms. Article 26 states, "The inviolability of the home is guaranteed. The right to the inviolability of the home may be restricted only by a court decision in cases of the detection or prevention of criminal offences or the protection of people's health." Article 18 states, "The security and confidentiality of personal information are guaranteed. Citizens are guaranteed protection from any violation of their personal integrity deriving from the registration of personal information through data processing."

Equally guaranteed is the freedom and confidentiality of correspondence. Article 17 states, "The freedom and confidentiality of correspondence and other forms of communication is guaranteed. Only a court decision may authorise non-application of the principle of the inviolability of the confidentiality of correspondence and other forms of communication, in cases where it is indispensable to a criminal investigation or required in the interests of the defence of the Republic".

Privacy and data protection laws and regulations

Comprehensive law

Several laws regulate the right of privacy in the Republic of Macedonia. The Law on Personal Data Protection (LPDP) was adopted on 25 January 2005.2 The LPDP explicitly identifies the exceptions from its application, focusing on the processing of personal data performed by natural persons purely for personal or household activities, processing of personal data in criminal procedure, and protecting the interests of security and the defence of the Republic of Macedonia.3 According to the law, personal data shall be processed fairly and in conformity with the law, and shall be collected for specified, explicit, and legitimate purposes, and shall be processed in a manner consistent with these purposes; they shall be adequate, relevant, and not excessive in respect to the purposes they are collected or processed for.4 The data shall be accurate, complete, and updated as needed. Inaccurate or incomplete data, bearing in mind the purposes for which they were collected or processed, will be erased or rectified. Personal data shall be kept in a form that enables identification of the subject of personal data for no longer than is necessary to fulfil the purposes for which the data were collected or for which they are further processed. Data controllers are responsible for complying with the above-mentioned principles concerning the quality of personal data.5

The LPDP states that consent of the data subject is mandatory for processing of personal data.6 Personal data can be processed without the consent of the subject if doing so is necessary for performance of a contract to which the data subject is a contracting party, or upon request, prior to entering into a contract; for compliance with a legal obligation laid upon the data controller; for protection of the vital interests of the data subject; for performance of activities of public interest or of official authority vested in the data controller or a third party to whom the data were disclosed.7 Furthermore, the law prohibits the processing of special categories of personal data. The LPDP stipulates that processing must be specially designated and protected, while transfer over a telecommunications network is allowed if the data are specially protected by encryption to render them unreadable during transmission.8

The rights of the data subject include the right to examine the data collection; the right to submit a request to rectify, erase, or prevent the processing of personal data if the data are incomplete, inaccurate, or out of date, or if their processing does not conform to the provisions of this law; and the right to request that their personal data are not used for advertising purposes.9 Furthermore, the LPDP guarantees that no court decision that produces legal effects concerning the performance of a particular person can be based solely on automated data processing whose purpose is to evaluate certain personal aspects relating to that person.

The LPDP also established obligations for data controllers to notify the Directorate for Protection of Personal Data before performing wholly or partly automatic processing operations; to submit information about any newly opened collection of personal data; and any change of data from existing personal data collections.10 The records from the Central Register kept by the Directorate are publicly accessible and are published in the Official Gazette of the Republic of Macedonia.11 Additionally, the transfer of personal data to other countries may be performed only if those countries provide an adequate level of protection for personal data.

Data controllers may make personal data available on the basis of a written request submitted by the user if the data are needed to perform activities within the user's legally established scope of competence. The LPDP prohibits providing personal data processing that cannot be carried out in accordance with the provisions of this law, and the purpose for requesting such personal data must be in accordance with specific, clear, and lawful purposes for which personal data is collected.12

During July 2008, the Parliament also enacted the Law that amended the LPDP,13 strengthening the legal framework in the area of personal data protection.

The Law on Amendments and Modification to the Law on Personal Data Protection stipulates that the articles referring to inspection will enter into force after a transitional period that expired on 28 of February 2009. With the implementation of the new inspection provisions, persons authorised to perform the inspection became inspectors for personal data protection, and are authorised to issue decisions in cases where a violation of the Law has been found. In disputed cases, an appeal to the Administrative Court may be applied for. If the inspectors determine there is a violation of the Law of Personal Data Protection, they take legal action to require adherence to the Law of Misdemeanours; if the alignment is rejected, the inspector files a request to initiate a misdemeanour procedure to the Misdemeanour Commissions of the Directorate.

Under Amendment XX to the Constitution of the Republic of Macedonia, the new Misdemeanour Law, and the Law on Amendments and Modification to the Law on Personal Data Protection, the Directorate for Personal Data Protection is granted the status of the misdemeanour adjudicating body. Prior to adopting the amendments and modifications to the LPDP, this function was performed by Macedonian courts. Now it is placed separately in a chapter of the law dedicated solely to the misdemeanours. In order to carry out this role, the Directorate for Personal Data Protection has already created a Misdemeanour Commission composed of three experienced lawyers, who will conduct and implement the misdemeanour procedure in practice. In general, this new arrangement will increase citizens' confidence in the legal system and, in particular, its ability to protect privacy and personal data.

The Law on Amendments and Modification to LPDP raised the fines for data protection breaches and created three graduated tiers that depend on the gravity of the infringement. For data controllers, fines range from €500 to €900 for ordinary persons; from €700 to €1,200 for persons acting as data controllers within legal entities; and finally from €2,000 to €4,000 for legal entities. For data processors the fine is €600; for persons acting as data processors within legal entities €700 and up; and for legal entities €2,500 and up.

LPDP adopted several bylaws in the form of rulebooks. These cover:

  1. the evidentiary requirements for misdemeanours, the sanctions imposed, and the decisions adopted, as well as the manner of access to the information contained in the evidence files;14
  2. the performance of inspections;15
  3. the form and content of official identity card, as well as their issuance and revocation;16
  4. notification requirements for the Central Register of personal data collections;17
  5. the technical and organisational measures regarding the provision of secrecy and personal data protection.18
Sector-based laws

The constitutional guarantee to protect personal data is also regulated by the Criminal Code.19 The punishment for the offence of "Misuse of personal data" is under the Criminal Code consists of a prescribed fine or prison sentence of up to one year for the perpetrator who, contrary to conditions established by law and without the consent of the citizen, collects, processes, or uses his personal data. The same fine is levied against the person who breaks into computerised information systems with the intention of using the data directly or via a third party in order to gain benefit or to cause harm to another person. The criminal offence of "abuse of personal data" is aggravated if it is committed by officials in the course of duty, and is punishable by a prison sentence of three months to three years. The attempt to commit such a crime is also punishable by law. The 2004 amendments to the Criminal Code make it possible for fine legal persons to for committing the primary form of this crime.20

The Law on Organisation and Operation of State Administrative Bodies21 prohibits state administrative bodies from disclosing data related to national security, official and business secrets, and personal data of citizens in accordance with the law that governs the protection of personal data of citizens.

The Law on Voter's List22 protects personal data collected in accordance with the LPDP. Such data may not be used for any purpose other than for exercising citizens' voting rights in accordance with the Law on Voter's List. Any citizen may, within the period defined by this law, file a request for registering, amending, or deleting data in the copies of the electoral rolls provided for public inspection in the event that they or others are not correctly registered. Copies of the voter's list, with data including the ordinal number, surname, name, gender, date of birth, and address, are provided to registered political parties and to independent candidates.23

The Law on Reporting Dwellings and Residence of Citizens24 stipulates that the Ministry of the Interior must provide protection from unauthorised access and use of the data contained in the records of citizens' dwelling, change of home address, and residence.

The personal data on asylum seekers, recognised refugees, and persons under humanitarian protection, as well as the data on their residence and the rights they enjoy in the Republic of Macedonia are contained in the Central Collection of Data, which is established, processed, and used by the Ministry of the Interior (Asylum Section) in accordance with the provisions of the LPDP. In accordance with the Law on Asylum and Temporary Protection,25 the data from the Central Collection of Data cannot be exchanged with the data subject's country of origin or that of the members of his family.

Every citizen's personal identification number is a unique designation on that person's identification documents. In accordance with the Law on Personal Identification Number,26 the Ministry of the Interior assigns a personal identification number to the citizen according to the place of registration in the Registry of Births kept on the territory of the Republic of Macedonia. The Ministry of the Interior provides for the retention, use, and protection of the data from unauthorised access in accordance with law.

The Law on State Statistics27 regulates the protection of individual data (of natural or legal persons) collected and processed for statistical purposes. The data related to a legal or natural person are collected and processed for statistical purposes, and are confidential data and as such can be used individually for statistical purposes only. An exception allows access to such data for scientific purposes (without information identifying the data subject). Publication or preparation of statistical data must be conducted in a way that prevents the identification of the data subject unless the data subject has agreed to publication. Data providers must be notified of the data protection rules. The measures and techniques for protecting individual data collected and processed for statistical purposes are established in an internal document, a Rulebook on the Measures and Techniques on the Protection of Individual Data Collected for Statistical Purposes (SSO, which has been adopted by the Director of the State Statistical Office. A Commission for Data Protection has been established within the above state administrative body to supervise the protection of data.28

Illegal invasion of the privacy of communications are prohibited and punishable. In accordance with the Law on Electronic Communications, both operators of telecommunication networks and media and the providers of public telecommunication services are obliged to provide inviolate message confidentiality within their technical abilities.29 Furthermore, the law contains provisions requiring protective measures for providing networks and services, communications, caller or connecting line identification, and location information (where it is not traffic information, automatic call diverting, etc. The law provides privacy protection by prohibiting unauthorised wiretapping and data retention, limiting lawful wiretapping, and, in compliance with EU standards, prohibiting unwanted communications including telemarketing and spamming (requiring opt-in for inclusion in mailing lists, and the right to opt out for users of existing mailing lists).30 The Act creates an inspectorate within the Agency for Electronic Communications, stipulates monetary penalties of 4 to 7 percent of annual income for legal entities and an additional €327 to €410 levied against the individuals responsible.31 In April 2007, the Ministry of Transport and Communications initiated amendments to this Law which would increase the penalties for the offenders to €1,500 to €8,000 for individual offenders.32 The changes in the Law on Personal Data Protection also tackle the issues of unwanted direct marketing, with fees of €500 if the offender is an individual citizen, €2,000 for legal entities plus €700 for the responsible executive.33 The Parliament is presently discussing changes to the Law on Electronic Communications, including "universal deep telco/Internet wiretapping," obliging telecommunications operators to provide direct and uninhibited access to traffic and other kinds of data to the Ministry of the Interior without prior notice or court order.34

Other regulations partially or indirectly regulate the right to privacy. The Law on Single Registry of the Population in the Republic of Macedonia35 provides for the introduction, retention, and contents of the single automated registry of the population in the Republic of Macedonia, specifies the authority charged with keeping the registry, and regulates the protection of the data from the registry as well as the processing, publishing, and use of registry data.

The Law on Personal Identification Records of the Insured and Beneficiaries of Pension and Disability Insurance Rights36 provides for protection of these records. This protection encompasses undertaking measures and activities for protecting the data from: unauthorised access, unauthorised processing, and destruction, loss, modification, abuse, and unauthorised use of the data.

The Law on Keeping Labour Records37 stipulates that the data contained in these records may be used for statistical purposes and for other official needs.

The Law on Social Care38 provides an obligation for the social security institution and its employees to keep professional and official secrets. The law protects data and facts discovered during procedures as well as decision-making concerning the rights of the beneficiaries of social security, of legal family protection, and the competencies established by criminal regulations.

Data protection authority

The Directorate for Protection of Personal Data (DPDP or the Directorate), as an independent supervisory body, was established in June 2005.39 The LPDP provisions regulate the establishment of the Directorate as an independent and autonomous state body with the rights of a legal entity. The Directorate is managed by a director who is nominated by the Governor of the Republic of Macedonia and appointed by Parliament. The director is appointed for a five-year term, with the right to be re-elected only twice. The director and deputy director are accountable to Parliament. The director and the employees of the Directorate must keep as official secrets the data that they have encountered in their work, both during their terms of office or employment and afterwards. Directorate employees have the status of civil servants. The Directorate's work is fully funded by the Budget of the Republic of Macedonia. The Directorate is a separate beneficiary of the Budget.40

From the establishment of the Directorate in June 2005 through the end of 2006, 11 new civil servants were hired, respecting the principle of equal opportunity. In 2007, three new employees were hired (one was transferred) bringing the Directorate to 15 employees and two elected officials. The Directorate was supposed to be fully staffed with 50 employees by 2010; however, currently it has 20 employees and three volunteers.

The Directorate has adopted all the necessary regulations for the implementation of the LPDP within the legally required term of six months. These are: Rulebook on the technical and organisational measures for secrecy and protection of personal data; Rulebook on the manner of record-keeping, and the record form for personal data collections; Rulebook on the form, contents, and manner of administration of the Central Register; Rulebook on personal data processing operations representing a special risk to the rights and freedoms of the data subject; Rulebook on the format, contents, and manner of record-keeping for the transfer of personal data to other States. Data controllers had two years (until 19 December 2007) to implement the LPDP regulations within their own business operations. When the two-year period expired the penal provisions of the LPDP entered into force.

The Directorate assesses the legality of the processing of personal data; publishes the principles of the processing of personal data and ensures that data controllers respect them; investigates and has access to the collections of personal data created by data controllers according to type of subjects and aims; control the operations for processing personal data that data controllers use; collects the data necessary for proper performance of its tasks; maintains a central register of collections of personal data; maintains records of transfers of personal data to other countries; receives reports or complaints related to the processing of personal data by data controllers; issues prohibitions on further processing of personal data to data controllers; provides opinions on the secondary legislation to data controllers; and performs other tasks established by law. The Directorate also provides expert opinions and interpretations in the area of personal data protection. For example, the Directorate issued recommendations for providers of social network services and users of social network services that are published on the Directorate's website. The most important recommendation for users of social networks is to be careful and think twice before publishing personal data.

Raising public awareness and informing the citizens about the right of personal data protection and privacy remains a key imperative of the work of the Directorate. To this end, the Directorate organises press conferences, interviews, and reports in printed and electronic media, and also holds a number of meetings, workshops, and roundtables for various target groups.

The Directorate followed the Norwegian example to raise public awareness of data protection among young people.41 The Directorate invited three secondary schools to the promotion of a data protection brochure it had developed in cooperation with the Metamorphosis Foundation.42 As part of its promotion activities, scholars participated in debates about how best to protect personal data when using the Internet and in everyday situations.

The Central Register of Data Controllers functions as part of the Directorate's website.43 The controllers, who were required to register their personal data filing systems with the Central Register (by 19 December 2007) will be allowed to do so automatically once a system for electronic identification has been set up.

If violations of the provisions of the LPDP are found in the course of processing of personal data, within 30 days of the date the violations were detected the data controller must: bring its work in line with the provisions of the law and rectify the violations; complete, update, correct, disclose, or maintain the confidentiality of the personal data; adopt additional measures for protecting the data; halt the transfer of personal data to other states; secure the data or their transfer to other entities; and erase the personal data. There is a right of appeal.44

According to the Directorate's report, from October 2006 to June 2007 the most frequent violations of personal data, based on citizens' complaints, include: unlawful collection and processing of Personal Identification Number; unauthorised disclosure of personal data; processing personal data on the Internet without the subject's consent; identity theft; the unlawful revelation of personal data to users and unauthorised transfer of personal data to other countries; and unauthorised recording and publication of photographs on the Internet.45

Priority areas for inspection in 2009 included: education, health, social security, telecommunications, property insurance, and local self-government. Inspections were carried out at the premises of state bodies, local self-government, NGOs, health institutions, public enterprises, and other legal persons with different activities. From 1 January to 30 June 2009, the Directorate's section for inspection performed three inspections in the area of electronic communications. Three others in the same area were performed between 1 July and 31 December 2009.

During 2009, citizens demanded investigations into video surveillance, the processing of biometrical data for purposes of employee control, the collection of citizens' Personal Identification Number without legal basis, and the retention of citizens' personal cards while inside the official premises of certain institutions. A further administrative dispute was initiated against two decisions issued by the Directorate; a decision from the Administrative court of the Republic of Macedonia is still awaited.

The Directorate has been continuously providing opinions on personal data matters. The majority of these opinions concern: clarifications of data processing procedures that personal data controllers have to carry out in accordance with different bylaws; draft laws and international agreements; assessments of the conditions required for the transfer of personal data to other countries; questions asked by natural or legal persons, particularly related to data protection on the Internet, at the workplace, and with respect to video surveillance. To enforce data protection provisions and principles as stated in the LPDP, the Directorate also issues reprimands to data controllers and processors.

From 1 January to 30 June 2009 the Directorate provided 16 opinions and one reprimand in the electronic communications area. From July 1 to 31 December 2009, the Directorate provided 34 opinions and four reprimands in the same area, making a total of 52 opinions and five reprimands.

In 2009, the issue which the Directorate focused on the most was the handling of complaints and requests filed by natural persons alleging the violation of their right to personal data protection. The Directorate is legally bound to investigate such cases. The term "complaint" refers to requests submitted for determining a violation of the right to private data protection ex Article 18 of the Law on Personal Data Protection. The term "request" refers to all other requests (not-Article 18) submitted by natural persons to the Directorate.

Of the total number of 32 complaints filed from January 1 to 31 December 2009, four were submitted for violations of data protection norms committed on the Internet: two concerned the disclosure and "abuse" of personal data on the Internet; two more concerned the "abuse" of personal data for the means of online social networks (like Facebook, Hi5, Twitter etc.). The total number of requests filed by citizens regarding the abuse of personal data on Internet social networks for the past year is 66. In the first semester of 2009, the number of requests by citizens regarding the "abuse" of personal data on social networks was 54. From 1 July to 31 December, citizens made 12 requests.

The most common violations included: identity theft, publishing on YouTube, creating blogs and fan groups using data from other persons, misuse of user names and passwords.

On 7 June 2010, the Foundation Open Society Institute Macedonia (FOSIM) and the Directorate for Personal Data Protection (DPDP) promoted the publications "Comments on the Law on Personal Data Protection" and "Guide for practical implementation of the Rulebook on technical and organisational measures for ensuring secrecy and protection of personal data processing".46 The purpose of these publications is to raise the level of personal data protection. The publications are available for download in PDF format from the Directorate's website in Macedonian and English.47

Major privacy and data protection case law

According to representatives of both the regulatory Broadcasting Council of the Republic of Macedonia48 and the Association of Journalists in Macedonia,49 media laws in Macedonia do not specifically address the protection of privacy. Article 62 of the Law on Broadcasting50 includes the right to response and correction but includes no sanctions for revealing personal data.

Article 7 of Code of Journalists of Macedonia,51 adopted by the Association and enforced by the Council of Honour states: "The journalist shall respect the privacy of every person, except in cases when that is contrary to the public interest." Members of the association are "obliged to respect personal pain and grief," and must obtain consent of a parent or guardian to interview or photograph children or persons "with special needs who are not able to decide rationally."52

After 2008, in addition to numerous suits against journalists for slander and libel (often used as political weapon for silencing the media by powerful politicians), there were several court cases with complaints for journalistic breach of privacy during the examined period. However, there is no consistent public record about these developments, and examination of this area requires further in-depth analysis.

Footnotes

  • 1. Published in the Official Gazette of the Republic of Macedonia, Nos. 52/91, 01/92, 31/98, 91/01, 84/03. The Constitution is available in Macedonian at the website of the Constitutional Court at http://www.ustavensud.mk/. For the English text see http://www.ustavensud.mk/domino/WEBSUD.nsf .
  • 2. Official Gazette No. 07/05.
  • 3. LPDP, Article 4.
  • 4. Id., Article 5.
  • 5. Id., paragraph 2.
  • 6. Cfr. Directive 95/46/EC of on the protection of individuals with regard to the processing of personal data and on the free movement of such data, 24 October 1995, Official Journal L 281, 23 November 1995, at 31, Article 7.
  • 7. LPDP, Article 6.
  • 8. Id. Article 8.
  • 9. Id. Article 10.
  • 10. Id., Article 29, paragraph 1: "Data Controller is obligate to submit a report to the Directorate, containing data which is in accordance to the Article 27 of the law, before performing wholly or partly automatic processing of personal data. Data Controller is obligate to report the Directorate for each change of the data from the existing personal data collections."
  • 11. LPDP, Article 30.
  • 12. Id., Article 34, paragraph 1 and 3: "(1) Data Controller can make personal data available on the basis of a written request submitted by the user, if the data are needed to perform activities within the legally established scope of competencies of the user. (3) Providing personal data whose processing, i.e. use cannot be carried out in accordance with the provisions of this Law is prohibited."
  • 13. "Указ за прогласување на Законот за изменување и дополнување на Законот за заштита на лични податоци" ("Decree for Enacting the Law for Changing and Amending the Law on Personal Data Protection"), Official Gazette of Republic of Macedonia, 19 August 2008.
  • 14. Official Gazette of the Republic of Macedonia No. 136/08.
  • 15. Official Gazette of the Republic of Macedonia Nos. 143/08 and 38/09.
  • 16. Official Gazette of the Republic of Macedonia No. 143/08.
  • 17. Id.
  • 18. Official Gazette of the Republic of Macedonia No. 38/09.
  • 19. Criminal Code, Official Gazette of the Republic of Macedonia Nos. 37/96, 80/99, 4/02, 43/03, and 19/04, available in English at http://www.mlrc.org.mk/law/CriminalCode.htm.
  • 20. Criminal Code, Article 149: "(1) A person who collects, processes or uses personal data from a citizen without his permission, contrary to the conditions determined by law, shall be punished with a fine, or with imprisonment of up to one year. (2) The punishment from item 1 shall apply to a person who penetrates a computerised information system of personal data, with the intention of using them in order to attain some benefit for himself or for another, or to inflict some harm upon another. (3) If the crime from items 1 and 2 is committed by an official person while performing his duty, he shall be punished with imprisonment of three months to three years. (4) The attempt is punishable. (5) If the crime from item 1 is committed by a legal entity shall be punished with a fine."
  • 21. Official Gazette ofthe Republic of Macedonia, Nos. 58/00 and 44/02.
  • 22. Official Gazette of the Republic of MacedoniaNos. 42/02 and 35/04, available in English at http://faq.macedonia.org/politics/elections/law.on.voters.lists.html.
  • 23. Law on Voter's List, Part III: "Protection of the personal data of the Voter's list," Article 28.
  • 24. Official Gazette of the Republic of MacedoniaNos. 36/92, 12/93 and 43/00.
  • 25. Official Gazette of the Republic of MacedoniaNo. 49/03.
  • 26. Official Gazette of the Republic of MacedoniaNo. 36/92.
  • 27. Official Gazette of the Republic of MacedoniaNo. 54/97.
  • 28. The website of State Statistical Office is available at http://www.stat.gov.mk/ . According to the LPDP, Commission for Protection of Data is to be elected six months after the law goes into force, 1 August 2005.
  • 29. Official Gazette of the Republic of MacedoniaNo. 13/05 adopted on 22 February 2005.
  • 30. Id.
  • 31. Agency for Electronic Communications website is available at http://www.aec.mk .
  • 32. Vlado Apostolov, "Имејл рекламите - бизнис или прекршок?" ("Commercials via email – business or offensecrime?"), Å pic, 11 June 2007, available at http://www.dzlp.mk/index.cfm?*%3EK*UY%5CO!Q1%5E)%3FP%20%20%0A . See also Filip Stojanovski, "Спамот е забранет во Македонија!" ("Spamming is prohibited in Macedonia!"], Razvigor (blog), 18 May 2007, available at http://razvigormk.blogspot.com/2007/05/blog-post_18.html .
  • 33. Natali N. Sotirovska, "За несакани спам-пораки казни од 500 до 2,000 евра" ("Fees ranging from 500 to 2,000 Euros for unwanted spam-messages"), Dnevnik, 29 August 2008, available at http://r.ping.mk/11n8 .
  • 34. SeeSection "Wiretapping, access to, and interception of communication," infra in this report.
  • 35. Official Gazette of the Socialist Republic of Macedonia No. 46/90.
  • 36. Official Gazette of the Republic of Macedonia No. 16/04.
  • 37. Official Gazette of the Republic of Macedonia No. 16/04.
  • 38. Official Gazette of the Republic of Macedonia Nos. 50/97, 16/00, 17/03 and 65/04.
  • 39. See The Directorate's homepage in English at http://www.dzlp.mk/INDEX.CFM?NTREE=1603&ID=5471&CONT=0 .
  • 40. Id.
  • 41. "You decide", at http://www.dubestemmer.no.
  • 42. This project was done in the framework of the CRISP project, see infra.
  • 43. Central Register of Data Controllers is available at http://www.dzlp.mk/cr/.
  • 44. LPDP, Article 47, paragraphs 1 and 2.
  • 45. Ivana Bilbilovska, "Everybody Collects Personal Data for PR Campaigns," Vreme, 21 March 2007, available at http://www.metamorphosis.org.mk/content/view/871/4/lang,en/.
  • 46. "Promotion of Publications on Personal Data Protection," Monday 7 June 2010, at http://www.metamorphosis.org.mk/macedonia/promocija-na-publikacii-od-obl....
  • 47. "Macedonia: Two Publications on Privacy Protection Available Online," Friday 09 July 2010, at http://www.metamorphosis.org.mk/macedonia/privatnost-eknigi-privacy-eboo....
  • 48. Broadcasting Council of the Republic of Macedonia's website, at http://www.srd.org.mk.
  • 49. Association of Journalists in Macedonia's website, st http://www.znm.org.mk.
  • 50. Official Gazette of the Republic of Macedonia, Nos. 20/97 and 70/03.
  • 51. Code of Journalists of Macedonia, available in Macedonian at http://www.znm.org.mk/index.php?option=com_content&view=article&id=47&It....
  • 52. Id., Article 9.