II. Surveillance policies
National security, government surveillance and law enforcement
Wiretapping, access to, and interception of communications
According to the Code of Criminal Procedure, the police are required to obtain permission from a court before undertaking any telephone tapping or mail surveillance in criminal investigations.1 These activities should only be used in cases of extraordinarily serious premeditated crimes or crimes involving international treaty obligations. If it is not possible to obtain a warrant in advance and the matter is urgent, the warrant may be issued by a prosecutor. However, it must be approved by a court within 24 hours of its issuance.
Further protection outside of criminal investigations is provided by Act No. 166/2003 Coll. on Protection against Unlawful Use of Information and Technical Means (Wiretapping Protection Act). This Act defines the technical means that can be employed by specific public authorities (Police Department, Slovak Intelligence Service, Military Intelligence, Railway Police Department, Department of Corrections and Judicial Police, and the Customs Administration) in order to collect information and determines how the collected information should be used. Apart from the Slovak Intelligence Service, which is itself allowed to use both the information and the technical means to obtain it, the Police Department provides these services for the other public authorities. The municipal authorities, private security services, or other natural or legal persons may not use the information and/or the technical means to obtain it themselves. These means may only be used by Police Department, Slovak Intelligence Service, Military Intelligence, Railway Police Department, Department of Corrections and Judicial Police, and the Customs Administration if it is necessary in order to protect national security or national defence, prevent or detect crime, or to protect the rights and freedoms of others. A warrant to use the information and technical means is required and is valid for six months (it may be extended repeatedly by another six months). Only the Police Department is permitted to use the information and technical means in urgent cases without a warrant; however, a court must be notified within one hour and a request for a warrant within six hours from the commencement of using the means. If the warrant is not issued within 12 hours, or if the court dismisses the request, the use of the means must cease and any data that has been obtained cannot be used and must be destroyed.2
In 2006, the Constitutional Court heard the case of an individual who claimed it was illegal to tap his telephone calls on the basis of two court-issued warrants that had been obtained for this purpose (one was issued on the basis of the Criminal Procedural Code; the second on the basis of the Wiretapping Protection Act).3 He claimed that the warrants were issued without sufficient evidence to justify interference with his right to privacy (at the time when the warrants were issued the individual's file contained only a resolution to initiate an investigation). This view was confirmed by the Constitutional Court. Moreover, although the law stipulates the obligation to substantiate wiretapping warrants, the Constitutional Court found that the warrants in question merely contained a formalistic substantiation quoting the wording of the relevant acts. According to the Court's ruling, "no doubt can exist that a warrant must be justified in any case" and "for review of the warrant's legitimacy it is necessary that the warrant is substantiated by relevant and specific argumentation as to by what facts the statutory requirements for such interference of the right to privacy were fulfilled."4
In 2001, allegations were made that members of the Hungarian Coalition Party (Strana maďarskej koalície or SMK) and Social democracy (Sociálnademokraciaor SMER) were being monitored and their telephones tapped.5 Active monitoring of the Church of Scientology by the Ministry of the Interior was also reported.6 Under the Criminal Procedural Code, police require a judicial search warrant in order to enter a private home and the court may only issue one with good cause. Police are required to present the warrant before conducting the search or within 24 hours. There are ongoing reports of Roma homes being entered without warrants.7
Legal protection of privacy is stipulated also in the Civil Code. Article 11 states, "everyone has the right to the preservation of his personality, mainly of life and health, personal honour, and human dignity as well as privacy, name, and exhibitions of personal nature." There are also computer-related offences linked to the protection of a person (unjustified treatment of personal data).8 The Slovak Constitutional Court ruled in March 1998 that the law allowing public prosecutors to demand to see the files or private correspondence of political parties, private citizens, trade union organisations, and churches, even when not necessary for prosecution, was unconstitutional. Chairman of the Court Milan Cic, said this was "not only not usual, but opens the door to widespread violation of peoples' basic rights and their right to privacy."9 Moreover, there are sector-specific privacy provisions to protect an individual's medical, financial, and tax records.10
National security legislation
No specific information has been provided under this section.
The legal basis forth retention of telecommunications traffic data as required by Directive 2006/24/EC (Data Retention Directive) was laid down in the form of the 2007 amendment to the Act on Electronic Communications. The retention period concerning operational data, localisation data, and traffic data on communicating parties has been set at six months with regard to Internet communications data, and at 12 months for other types of communication.
The purpose of data retention is specified in the Act No. 610/2003 Coll. on Electronic Communications and is aimed at investigating, detecting, and prosecuting crimes related to terrorism, illicit trafficking, organised crime, and threats to the disclosure of classified information and crimes committed by dangerous groups.
National databases for law enforcement and security purposes
On 21 December 2007, the Slovak Republic joined the Schengen area, which allows the free movement of persons within the internal boundaries of the countries participating in the 1985 Schengen Agreement and the Schengen Convention implementing the Schengen Agreement.11 Both international treaties form part of the European Union acquis communautaire.
The Schengen Convention established the Schengen Information System (SIS) to maintain public policy and public security, including national security, in the territories of the Schengen Convention parties and use information communicated via this system to apply the provisions of the Schengen Convention relating to the movement of persons in those territories. Data on persons included in alerts sent through the system shall only include the following specific information: (a) surname and forenames, plus any aliases (possibly entered separately); (b) any specific, objective physical characteristics that are not subject to change; (c) the first letter of the second forename; (d) date and place of birth; (e) sex; (f) nationality; (g) whether the persons concerned are armed; (h) whether the persons concerned are violent; (i) reason for the alert; (j) action to be taken.12
Sensitive information, i.e., information concerning racial origin, political, religious, or other beliefs, health, and sexual activities may not be entered.
Integrating the competent Slovak state authorities into the SIS required a number of legislative amendments and adjustments. Amendments to the Act on the Police Department and of a Decree of the Ministry of the Interior adopted in 2007 designated the Ministry of the Interior as the controller of the national part of the SIS (N-SIS) which is connected to the central system (C-SIS). The second-generation Schengen Information System (SIS II) will replace the current system, providing enhanced functionalities. It is currently undergoing extensive testing in close cooperation with European Union (EU) countries and associated countries participating in the Schengen area.13
National and international data disclosure agreements
No specific information has been provided under this section.
As a result of the cooperation among non-governmental public and private actors, project www.zodpovedne.sk("responsibly") was launched in August 2007 with the aim of raising awareness of how to use the Internet and mobile communications responsibly and prevent related crimes. The project was co-funded by the European Commission within the "Safer Internet Plus" programme. It dealt with risks related to the use of the Internet and mobile communications for paedophilia, pornography, victimisation, racism, xenophobia, violence, grooming, disclosure of personal data, and fraud.14
Currently, Slovakia has no law governing the protection of critical infrastructure. In 2007, the Government adopted a document entitled: "The Concept of Critical Infrastructure in the Slovak Republic and of its Protection and Defence".15 Based on the same concept, the "National Programme of Protection and Defence of Critical Infrastructure" was adopted in 2008.16 However, both documents only provide a general outline of the critical infrastructure protection strategy in Slovakia and do not encompass a detailed description of proposed measures. Moreover, the documents do not in any way address the issue of safeguarding individuals' privacy in connection with protection measures.
According to the PDPA, public premises may be monitored by video or audio recording only for purposes of securing public order and safety and for the detection of crime or breaches of national security. The premises being monitored must be visibly marked as such, and the recording may only be used for the purposes of criminal or administrative proceedings. If the recordings are not used for the above-mentioned purposes within seven days, they must be destroyed.17
The OPDP performed several inspections of the monitoring systems at public premises in the past. In 2007 and 2008, several inspections aimed at monitoring systems operated by municipalities were performed (involving the capital city of Bratislava and other towns such as Prešov, Prievidza, and Komárno, as well as several other minor municipalities). All inspections identified shortcomings in the operations of the monitoring systems or in maintaining the related documentation (the system's security guidelines). The most common shortcomings were failure to visibly mark the monitored premises and failure to destroy the recordings within the prescribed period.18
Location privacy (GPS, mobile phones, location-based services, etc.)
In line with the Directive on privacy and electronic communications, the Act No. 610/2003 Coll. on Electronic Communications defines location data as any data processed in the network that indicates the geographical location of publicly available service users' terminal equipment.19 Location data other than traffic data may only be processed if it has been anonymised or if the user's consent has been given and then only to the extent and time necessary to provide value-added services. The enterprise providing services shall inform the user of the purposes of the processing, the time-frame, and whether the data will be transferred to a third party to provide value-added services prior to obtaining the user's consent for location data other than traffic data. Users are entitled to revoke their consent at any time, and also to temporarily deny the processing of location data, free of charge.
There is an exception related to emergency calls, in which case the enterprise is obliged to provide coordination and an operations centre for the integrated rescue system even if the calling station (terminal equipment) has failed to supply identification or the user has not given consent to the processing of location data.
Travel privacy and border surveillance
As of 1 January 2008 the use of passport holders biometric data – digital facial scan and fingerprint – has been 'made compulsory for travel identification documents such as passports. These data are stored on an RFID chip contained in the travel document. The data contained in the biometric carrier may not be processed in any manner other than that stipulated by law; therefore, it may only be used for verification of the authenticity of the passport and the identity of its holder. For the purposes of issuing a passport, citizens are obliged to provide their biometric data and, on the other hand, the administrative body issuing the passport has the right to demand the data.20
The Ministry of the Interior maintains a database of passports that falls within the scope of the PDPA, meaning that no special regulation applies to protection of data contained therein other than provisions of PDPA. The database is subject to supervision of the OPDP.
National ID and smart cards
Each and every citizen who has attained 15 years of age and has a permanent residence in Slovakia is obliged to have a national identity card (občiansky preukaz). The identity card contains the following personal data: name, surname and birth surname, sex, country of citizenship, date and place of birth, birth number, permanent address, a photographic image of the holder's face, and the user's signature. Furthermore, the identity card displays information as to whether the person's legal capacity has been limited or diminished. Due to its nature, the identity card is protected against misuse and fines up to the amount of €335 may be imposed for offences such as the unlawful seizure of another person's identity card, intentionally damaging or destroying it, or intentionally carrying out unlawful changes to the card.21
With the same status as a public deed, counterfeiting the national identity card is also considered a crime under the Criminal Code and can be sanctioned by imprisonment for up to three years.22
The Ministry of the Interior maintains a database of identity cards that falls within the scope of the PDPA.
A project for central e-ID infrastructure is currently being implemented in Slovakia. The Ministry of Interior plans to introduce high-tech ID cards. Electronic ID cards will incorporate advanced electronic signatures, which are required by the Act on Electronic Signatures for communication with government bodies. To date, unique identifiers for citizens have been employed, and these are still being used within all sectors of applications. For the future, a new system has been planned, which will create new personal identifiers (called BIFO) using cryptographic algorithms.23
No specific information has been provided under this section.
The Criminal Procedural Code stipulates the obligation of an individual to undergo a bodily examination if it is necessary for determining whether the body bears the traces or after-effects of a crime. The examination is to be performed by a person of the same sex unless performed by a medical doctor. Furthermore, individuals are obliged to undergo blood sampling or similar, unless it is hazardous to the individual's health, for the purpose of securing evidence within a criminal investigation. Provision of biological samples that does not interfere with the individuals' physical integrity (i.e., non-invasive sampling) may be performed either by the individuals themselves or by law enforcement officials, with the individuals' consent.24
Provision of biological samples for the purpose of DNA analysis is governed by special legislation, i.e., Act No. 417/2002 Coll. on Use of DNA Analysis for the Purpose of Identification of Individuals.25 Under this act, DNA samples may be taken from individuals without their consent for the purpose of identification in the context of criminal proceedings, search for missing persons, or identification of unknown individuals, or from prison inmates. Upon the prior written consent of the individuals concerned, a DNA sample may be taken from the relatives of a missing person being sought. The resulting data is stored in a database maintained by the police. An individual's record is to be deleted from the database in the following cases: (i) if the charges against the individual were dropped or if the individual was found not guilty by the court, or (ii) if the individual was convicted or could not be prosecuted or convicted, e.g., due to lack of the individual's criminal liability; in the latter case the record shall be deleted after the lapse of 100 years after the individual's day of birth.
With regard to the provision of healthcare, the Act No. 576/2004Coll. on Healthcare stipulates a general obligation on the part of healthcare providers to obtain informed consent of the patient to treatment (save for certain specific cases where informed consent cannot be obtained). However, there have been several cases in which Romani women were allegedly involuntarily sterilised in public health facilities. Thanks in part to the initiative of non-governmental organisations, several civil court cases were filed. In one of these, three Romani women claimed that they were sterilised without giving informed consent.26
In 2006 the Constitutional Court ruled that regional prosecutors had violated the Constitution and the European Convention on Human Rights by improperly closing the investigation of the original claim, and awarded each of the claimants 50,000 Koruna (approx. €1,660).27 The Court instructed the prosecution to reopen its investigation in 2007, but the investigation did not yield any new results. The NGO representing the victims filed another appeal to the Constitutional Court, which was dismissed in 2010.28 Two additional cases were pending at regional courts following subsequent appeals, and four cases were pending before appellate courts. Three forced sterilisation civil suits that pre-date the 2005 law were filed at the ECtHR in 2004; two are still pending.29
In April 2009 the ECtHR ruled in favour of eight Romani women who suspected they had been sterilised without their knowledge. The hospitals where the procedures had been performed allegedly denied them access to their medical records and the ECtHR ruled that this denial of access was a violation of privacy; the allegation of uninformed sterilisation was not at issue. Four of the women subsequently received access to their medical files, and at least one discovered she had been sterilised. The remaining four women continued to be denied access to their medical records despite the court ruling. In 2007 the Ministry of Health informed the NGO representing the Romani women that the women's medical records had been lost. After numerous unsuccessful civil proceedings, the plaintiffs were each awarded € 3,500 in damages.30
- 1. Code of Criminal Procedure, Articles 115 and 116.
- 2. Act No. 166/2003 Coll. (Wiretapping Protection Act), Art. 4, in Slovak at http://www.mosr.sk/data/files/628.pdf?PHPSESSID=63594e4a.
- 3. Constitutional Court of the Slovak Republic, June 2006, I. ÚS 274/05, in Slovak at http://www.concourt.sk/Zbierka/2006/06_31s.pdf.
- 4. Id.
- 5. US State Department Human Rights Report 2001 – Slovakia, available at http://www.state.gov/g/drl/rls/hrrpt/2001/eur/8338.htm.
- 6. Id.
- 7. US State Department Human Rights Report 2006 – Slovakia, available at http://www.state.gov/g/drl/rls/hrrpt/2006/78838.htm.
- 8. European Commission, Agenda 2000 "Commission Opinion on Slovakia's Application for Membership of the European Union, Doc 97/20", 15 July 1997.
- 9. "Court Rules Law on Public Prosecutors Unconstitutional," CTK National News Wire, 4 March 1998.
- 10. Act No. 576/2004 Coll. on Health Care; Act No. 21/1992 on Banks (later cancelled and replaced by Act. No. 483/2001 on Banks); Act No. 511/1992 on Tax Fee Administration; see Christopher Millard and Mark Ford, "Data Protection Laws of the World," (Clifford Chance, Sweet & Maxwell 2000).
- 11. Convention implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders.
- 12. Id.
- 13. For more information see http://europa.eu/legislation_summaries/justice_freedom_security/free_mov....
- 14. Miroslav Drobný, "O projekte" ("About the Project"), in Slovak at http://www.zodpovedne.sk/kapitola4.php?cl=zodpovedne_sk.
- 15. Available in Slovak at the Ministry of Interior's website, at http://www.minv.sk/?ochrana-kritickej-infrastruktury&subor=10691.
- 16. Available in Slovak at the Ministry of Interior website, at http://www.minv.sk/?ochrana-kritickej-infrastruktury&subor=10692.
- 17. Act No. 428/2002 Coll. on Protection of Personal Data (PDPA), supra, sections 10 (7) and 13 (7).
- 18. Správa o stave osobných údajov 2007 – 2008 (Report on state of personal data), National Council of the Slovak Republic, June 2009.
- 19. Act No. 610/2003 Coll. on Electronic Communications, supra.
- 20. Act No. 647/2007 on Travel Documents, Artt. 5 – 6.
- 21. National Identity Card Act No. 224/2006 Coll., Art. 3, 4 and 14.
- 22. Criminal Code, Art. 352.
- 23. ePractice, eGovernment Factsheet –Slovakia – National Infrastructure (January2010), available at http://www.epractice.eu/en/document/288355
- 24. Code of Criminal Procedure, Art. 155.
- 25. Available in Slovak at http://www.minv.sk/swift_data/source/mvsr/dokumenty/pravne_normy/zakon_o....
- 26. "2009 Human Rights Report:Slovakia,"US Bureau of Democracy, Human Rights, and Labor, 11 March 2010, at http://www.state.gov/g/drl/rls/hrrpt/2009/eur/136057.htm.
- 27. Constitutional Court of the Slovak Republic, December 2006 – decision III. ÚS 194/06-46, available in Slovak at http://www.concourt.sk/rozhod.do?urlpage=dokument&id_spisu=79025.
- 28. Constitutional Court of the Slovak Republic, May 2010, I. ÚS 174/2010, www.concourt.sk.
- 29. 2009 Human Rights Report Slovakia," supra.
- 30. Id.