From the beginning, the announced payout of the one-time financial assistance caused intensive reactions of the academic community in the area of personal data protection. Namely, at the end of April 2020, the Ministry of Finance announced that the citizens will be obliged to disclose their personal name and surname, unique personal identification number, personal ID number, and the name of the chosen bank, to apply for the financial assistance.
The suggestions of the academic community, pointing out that collecting and processing of all the mentioned data would not be in accordance with the Law on Personal Data Protection (hereinafter referred to as: the Law), caused the Ministry to try and comply with the recommendations and legal provisions.
However, that attempt remained unsuccessful.
Although the Ministry did exclude the obligation of submitting the citizen’s name and surname, unfortunately, they also failed to provide all the mandatory notices to the citizens – data subjects.
According to the Law, in this case, the Ministry of Finance acts as a personal data controller. Each controller, regardless of whether it is a government authority or not, is under clearly prescribed legal obligations, which have to be fulfilled whenever it comes to personal data processing. Otherwise, some of the fundamental citizens’ rights regarding privacy and personal data protection may be breached.