The Agency for the Protection of Personal Data (AZLP) determined that the company "Codepixel" was obliged to obtain the consent of AZLP for publishing data about people in isolation on the website corona.cg.live/samoizolazija, which would have been fine if they had not controlled the wrong site .
This can be seen from the documentation that "Vijesti" had access to.
The Center for Civic Education (CGO) said they were surprised, because their initiative to the AZLP Council was related to the legality of processing personal data on the crnagorakorona.com/home page, and not to coronacg.live/samoizolija.
"And we also felt discomfort due to the fact that you clearly did not read our initiative with due care, thereby ruining the reputation of the institution you lead. In addition, you caused unnecessary inconvenience to someone who should not have been subject to surveillance ('Codepixel'), because we are knowledgeable enough in this matter that we would never have reported that subject", said Human Rights program coordinator Tamara Milaš.
He notes that the crnagorakorona.com/home page is still active and has been collecting all categories of personal data of people in self-isolation for a long time.
The AZLP controllers determined that the data from coronacg.live/samoizolija was collected from the Government's website, which in March, under the pretext of a measure to prevent the spread of the coronavirus, published lists of citizens in self-isolation and their addresses. It was also established that the company "Codepixel" removed the disputed page, after the Government had previously done so.
The AZLP did not answer the questions of "Vijesti" whether it is true that they made a mistake, how it happened that they controlled an entity that no one reported, and not the one that was supposed to and, finally, whether they also controlled the one that was supposed to and how have decided accordingly
In a letter to the president of the AZLP Council Sreten Radonjić, the representative of CGO requests a written apology for the mistake to them and to the company "Codepixel", as well as a record of the surveillance conducted on the owners of the real page.
This institution did not answer the questions of "Vijesti" as to whether it is true that they made a mistake, how it happened that they controlled an entity that no one reported, and not the one that was supposed to, and, finally, whether they also controlled the one that was supposed to as they determined accordingly.
AZLP found in its findings that the site no longer exists. On the aforementioned application, in addition to information on the number of infected, hospitalized and cured cases and statistical data, data on persons who were in mandatory self-isolation were published and periodically updated, with data on the address of residence and the date of discharge of those persons being published. Therefore, the data that could be searched on the web application by the site visitor were the date of the decision and the address, i.e. pin on the map, which was displayed using the Google Maps service. No other personal data was available to third parties, i.e. users of the web application in the sense of the Personal Data Protection Act.
It is added that no physical databases were used or stored for data processing and display, and that location data was displayed using Google maps services.
"Please note that these services are quite unreliable, so there is a possibility that the pins displayed on the map were incorrect and inaccurate," the company said.
Analyzing the data on visits to the application, which were collected through the Google Analytics service, it was established that the disputed service had the lowest number of views, and that the focus of visitors was on data on patients, cured...
It is also added that each user was informed that only available data from the website of the Government and the Institute of Public Health were used. Also, the application made it possible to locate the device on the map with the consent and permission of the user.
The Government's National Coordinating Body for Combating Infectious Diseases has decided to start publishing data with the consent of the AZLP, although the CGO believes that their opinion does not correspond to the legal regulations.
This decision of the NKT met with fierce criticism from the public and the civil sector. Later, they pulled it from the official website of the Government, and the Constitutional Court announced the evaluation of the constitutionality and legality of this measure.
Milaš: For the column "believe it or not"
Milaš told "Vijesta" that the CGO was taken aback by the AZLP letter "even though we have so far witnessed numerous and diverse situations in which we have seen ignorance, superficiality, unscrupulous work and abuse of official positions in institutions".
"We reported one entity for which we asked the AZLP to determine whether it complied with the Law, and they "based on our initiative" went and supervised a completely different entity and sent us a report on that. That's for the 'believe it or not' column, because it's unbelievable that they didn't even read our memo with due care, and acted on it. However, it is not funny when you see that this is being done by an institution that should be independent and professional in its work and that the citizens of Montenegro pay well for it," Milaš said.
In addition to embarrassing themselves, she says, the AZLP Council caused unnecessary inconvenience to someone who should not have been subject to supervision.
"And to us too, because we are knowledgeable enough in this matter that we would never report that subject." I would like to remind you that we submitted the initiative on March 25 and it related to determining the legality of personal data processing on the website http://www.crnagorakorona.com, which is still active, and which for a long time generated all categories of personal data of persons in self-isolation. CGO never asked the Council of AZLP to supervise the application http://www.coronacg.live created by the company Codepixel doo, which they went to control", Milaš reminded.
She also stated that "significant time and resources were invested in order to supervise the wrong subject, so the question arises as to who will be held accountable for such a mistake".
"Given that it was the AZLP Council headed by Sreten Radonjić who made the conclusion that the inspectors acted on, it would be logical for the determination of responsibility to start with the Council's president, but also to include the director. We, of course, do not expect that because we know how these people got to these positions, but we appreciate that it is important for the public to know how they work through examples like this, because it is all paid for from the budget that all citizens fill in order to have professional institutions, which is clearly not the case now".
Bonus video:
