Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


III. Privacy topics

Internet and consumer privacy


Sending commercial announcements via email or other means of electronic communications is regulated by the Law on Information Society Services.1 In principle, this law forbids sending commercial announcements to ordinary persons unless they have expressly consented to receiving them. Commercial enterprise that have obtained a person's email address, may use it for the purpose of sending other commercial announcements as long as the announcements concern similar goods or services and the person has not opted out of receiving them. Each message must include an option to block further use of the email address.


No specific information has been provided under this heading.

Online behavioural marketing and search engine privacy

No specific information has been provided under this heading.

Online social networks and virtual communities

No specific information has been provided under this heading.

Online youth safety

No specific information has been provided under this heading.

Workplace privacy

In 2005, the Inspectorate prepared recommendations on personal data protection in the workplace in the form of a handbook for employers and employees which explains what personal data may be processed by employers and whether they must inform their employees about the data processing performed.2

The Inspectorate also issued a decision on workplace email monitoring. The Inspectorate stated that where the employer provides the means for communications intended for use in carrying out the employees' duties, the employer has the right to monitor the communications. However, the employer must notify employees of the monitoring.3

Health and genetic privacy

Medical records

Privacy of medical records is protected by the Law on the Rights of Patients.4 According to Section 10 of this law, information relating to an identifiable patient is protected in accordance with the regulations covering the protection of the data of natural persons. Such information shall not be disclosed even after the death of the patient. Information regarding a patient may only be disclosed with his or her written consent or in the cases prescribed by this law.

The patient's data recorded in the medical documents may be used in research as long as the patient cannot be directly or indirectly identified by the information to be analysed, or if the patient has consented in writing to its use in specific research. The patient data recorded in medical documents may also be used in research without observing the conditions referred to in paragraph 7 of this Section if the following conditions exist concurrently: (1) the research is being performed in the public interest; (2) a competent State administrative institution has allowed the use of the patient data in specific research in accordance with the procedures specified by the Cabinet of Ministers; (3) the patient has not previously prohibited the transfer of his or her data to a researcher in writing; (4) it is not possible to acquire the consent of the patient with proportionate means; or (5) the benefit of the research for public health is commensurate with the restriction of the right to the inviolability of private life.

Genetic identification

The Law on Establishment and Use of National Database of DNA also regulates the exchange of results of genetic research with other countries and international organisations.5

Financial privacy

As mentioned above, starting in 2004, coordinated amendments were made to the laws governing credit institutions:  the Prevention of the Laundering of the Proceeds from Crime and Law on Financial Instruments. In 2008 a new Law on the Prevention of the Laundering of the Proceeds from Crime and Financing of Terrorism was adopted.6

Though the basic principle in the law on credit institutions classifies information about clients and their dealings as protected information, lawmakers have widened the scope of exceptions. The law now requires that information on clients (existing and prospective) and their dealings  be revealed to specified institutions on any of 16 occasions, in some cases without needing the consent of a judge.7