Open Letter: Facebook’s End-to-End Encryption Plans

4 October 2019

Dear Mr. Zuckerberg,

The organizations below write today to encourage you, in no uncertain terms, to continue increasing the end-to-end security across Facebook’s messaging services.

We have seen requests from the United States, United Kingdom, and Australian governments asking you to suspend these plans “until [Facebook] can guarantee the added privacy does not reduce public safety”. We believe they have this entirely backwards: each day that platforms do not support strong end-to-end security is another day that this data can be breached, mishandled, or otherwise obtained by powerful entities or rogue actors to exploit it.

Given the remarkable reach of Facebook’s messaging services, ensuring default end-to-end security will provide a substantial boon to worldwide communications freedom, to public safety, and to democratic values, and we urge you to proceed with your plans to encrypt messaging through Facebook products and services. We encourage you to resist calls to create so-called “backdoors” or “exceptional access” to the content of users’ messages, which will fundamentally weaken encryption and the privacy and security of all users.

Sincerely,

AfroLeadership
Access Now
ACM US Technology Policy Committee
American Civil Liberties Union
Americans for Prosperity
ARTICLE 19
Association for Progressive Communications (APC)
Asociación por los Derechos Civiles (ADC), Argentina
Bolo Bhi
Canadian Internet Registration Authority
Centro de Ensino e Pesquisa em Inovação (CEPI), FGV Direito SP, Brasil
Center for Democracy & Technology
Center for Studies on Freedom of Expression (CELE), Universidad de Palermo
Defending Rights & Dissent
Derechos Digitales, América Latina
Digital Rights Watch
Državljan D
Electronic Frontier Foundation
Electronic Privacy Information Center
Engine
epicenter.works – for digital rights
Fight for the Future
Free Press
Freedom of the Press Foundation
Fundación Karisma, Colombia
Future of Privacy Forum
Global Forum for Media Development
Global Partners Digital
Hiperderecho, Peru
Human Rights Watch
Index on Censorship
Instituto de Referência em Internet e Sociedade (IRIS), Brazil
Instituto de Tecnologia e Sociedade do Rio de Janeiro (ITS)
International Media Support (IMS)
Internet Society
Internet Society – Bulgaria
Internet Society UK England Chapter
Internews
ISUR, Universidad del Rosario, Colombia
IT-Political Association of Denmark
Iuridicum Remedium, z.s.
LGBT Technology Partnership
National Coalition Against Censorship
New America’s Open Technology Institute
Open Rights Group
OpenMedia
Paradigm Initiative
PEN America
Prostasia Foundation
R3D: Red en Defensa de los Derechos Digitales
Ranking Digital Rights
Restore The Fourth, Inc.
Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC)
SHARE Foundation
SMEX
S.T.O.P. – The Surveillance Technology Oversight Project
TechFreedom
Vrijschrift

BIRN and SHARE Join Efforts to Counter Digital Freedom Violations

In Southern and Eastern Europe, where online disinformation campaigns are increasingly endangering guaranteed individual freedoms and a notable decline in internet safety is ubiquitous, BIRN Hub will partner with SHARE Foundation to monitor digital threats and trends in their occurrence, raise awareness about violations of digital freedom and issue policy recommendations.

The organisations will identify the main players involved in disinformation and propaganda by establishing a Digital Monitoring database. The database will cover the state of digital rights in targeted countries by documenting cases of violations of digital rights and freedoms, with descriptions of cases and corresponding sources.

The project, supported by Civitates, will monitor digital freedom violations in Bosnia and Herzegovina, Croatia, Hungary, North Macedonia, Romania and Serbia.

The database will be part of the broader online BIRN Investigative Resource Desk (BIRD), a new resource platform for investigative journalists expected to launch this fall. The interactive database will allow the general public to access data collected through the monitoring system.

The use of SHARE Foundation’s expertise will result in the creation of a detailed methodology and guidelines for monitoring violations of digital rights and freedoms, as well as training for monitors to successfully gather data and file them in the newly created database. A three-day training for monitors will be held in the second half of July in Perast, Montenegro.

In parallel, BIRN journalists will produce and publish five investigations related to the topic. On the basis of monitoring activities, a one-of-a-kind cross-regional report will be produced, to be presented at the closing event.

The database will provide the data for periodical reports on the state of digital rights and freedoms in targeted countries. In terms of outcomes, the cross-regional report will compile collected data in order to introduce public to trends in violations of digital freedoms.

Continuous monitoring and reporting on digital threats will contribute to BIRN’s wider efforts to promote accurate and unbiased information. It will strengthen the capacities and skills of the network’s journalists, as well as exposing and countering threats that journalists and other engaged individuals face on a regular basis.

SHARE calls Facebook and Google to appoint their representatives in Serbia

Three months prior to the application of the new Law on Personal Data Protection, SHARE Foundation asked 20 companies from around the world – including Google and Facebook, to appoint their representatives in Serbia. Competent bodies and citizens of Serbia will thus be able to turn to these representatives regarding all the questions in terms of personal data processing.

Although the business models of these companies area already greatly based on monetization of personal data of their users, and therefore of the citizens of Serbia, too, it seems that they practically still do not have any way to enjoy their rights when it comes to data collected by the most famous companies.

However, the new Law on Personal Data Protection, modelled afterGeneral Data Protection Regulation (GDPR) stipulates the obligation of almost all big IT companies to appoint their representatives in Serbia. Namely, if a company offers products and services in Serbia or if it monitors the behavior of citizens, it must also appoint a representative, i.e. natural or legal entity to which citizens can address regarding their rights of persons to whom data refer. This entity will also cooperate with the Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia. Having in mind that Google, Facebook, Amazon, Netflix and other IT giants process the data of Serbia’s citizens in order to provide services, they are obligated to appoint a local representative.

For example, Google recognized the local market as a significant one years ago, and so many services such as Gmail, YouTube, Google Chrome and Google Search have been adapted to our citizens and available in Serbian language, too. Additionally, Google targets the citizens of Serbia by using advertisements, and monitors their behavior through cookies, therefore, it is certainly obligated to appoint its representative in Serbia. Facebook is also available in Serbian and has about 3 million users in Serbia only on its main social networking site, and it also owns Instagram and WhatsApp. Facebook performs mass collection of users’ data so they could be profiled and shown targeted ads, as it is described in detail in SHARE Lab’s Facebook algorithmic factory research.

However, policies of these companies, most of which have their main headquarters in the USA, basically do not observe Serbia as a part of Europe, which results in a situation that the citizens of Serbia do not have their rights on personal data guaranteed at all. On the other hand, if Facebook or Google appoint their representatives in Serbia, it would be more likely for citizens to exercise their rights or initiate proceedings before competent Serbian authorities. Since the citizens of Serbia enter into agreements with the US companies regarding using the services, while the EU citizens do so with the European representatives, it is obvious that there are parallel systems of protection.

Letters have been sent to the following companies: Google, Facebook, Amazon, Twitter, Snap Inc – Snapchat, AliExpress, Viber, Yandex, Booking, Airbnb, Ryanair, Wizzair, eSky, Yahoo, Netflix, Twitch, Kupujem prodajem, Toptal, GoDaddy, Upwork.

Letter sent to Google
Letter sent to Facebook

Huawei knows everything about cameras in Belgrade – and they are glad to share!

EDIT (30th March, 2019, 9:29h): Not long after this text had been published, case study about cameras for video surveillance in Belgrade was removed from the official website of Huawei. You can read the archived version of the case study at the following link: https://archive.li/pZ9HO.

New generation surveillance cameras have already been installed in Belgrade, as stated in a case study published on the official website of Huawei.

Unlike the Ministry of Interior, whose representatives gave unclear and contradictory statements, to finally refuse a freedom of information request from SHARE Foundation, Huawei published a case study on their company website with detailed information about the installation of cameras for video surveillance in Belgrade and cooperation with the Ministry of Interior of Serbia (MOI).

The case study represents a detailed description of cooperation between Huawei and MOI, which largely contradicts information provided by the Ministry of Interior.

In the beginning, Huawei states that thanks to advanced video surveillance technology, the suspect who fled to China after causing a car accident with fatal consequences in 2015, better known as the “Countryman case” in Serbian public, was apprehended only three days after his photo was received from MOI of Serbia. Thanks to this rapid arrest, the Ministry of Interior initiated cooperation with Huawei through the “Safe Society” project, with the goal to install an advanced video surveillance system in Serbia. The company also points out that it has offered Intelligent Video Surveillance (IVS) systems, Intelligent Transportation Systems (ITS), eLTE broadband trunking technology, unified data centers, and converged command centers to the MOI. It also says that in the beginning, 9 test cameras have been installed in 5 locations, including the MOI headquarters, a sports arena, a commercial center, and a police station. Huawei states that in the first phase, cameras have successfully performed several functions, such as video retrieval, video compression, automatic license plate recognition, behavior analysis, facial recognition, and video quality diagnosis. After a successful test phase, a Strategic Partnership Agreement was achieved in 2017.

In the first phase of the project, 100 high-definition video cameras were installed in more than 60 key locations and the command and data center in Belgrade was remodeled, as pointed out in Huawei’s study. Also, a large number of advanced technologies and products were used, including infrared license plate recognition, 4k video solutions, H.265 HD encoding, cloud-based cluster networking and SafeVideo to ensure data security and virtual checkpoint system.

It should be noted that Huawei had stated that video materials and received data are kept on an advanced storage device called “OceanStore”, which provides a number of options, such as data analysis and big data analysis, and retention period of received data is limited to one year.

In the end, it is said that thanks to realisation of Phase 1, which had been implemented more than five months before the study case was published, many criminals cases were solved, and that the police is now able to find suspects based on the stored video materials thanks to Huawei intelligent technology. As Huawei stated, the Ministry of Interior will develop a comprehensive “Safe City” solution, which will cover the whole Belgrade area in the beginning, while the final goal is to implement such a solution on the whole territory of Serbia.

Finally, the most important question for the citizens of Serbia concerns possible consequences to their privacy, and also the reliability of this technology. It is important to underline that smart technologies which use cameras for video surveillance, like facial recognition and behaviour analysis, represent very intrusive methods for citizen’s privacy, while on the other hand, they are not completely reliable. The technology which may lead to serious personal data abuse is used for storage of data collected by video surveillance. For keeping data in a one year period on the “OceanStore” device, of crucial importance is to establish transparency as to who exactly can access the data, in which cases and so on, because on the contrary, huge amounts of personal information of Serbian citizens may be the target of different abuses. 

As it is publicly known, the Minister of Interior announced the gradual installation of 1000 cameras in 800 locations during the next two years, and the Police Director explained that the future locations of stationary cameras were already known, and that before choosing the locations “significant research and analysis of events were made, foremost on the crimes on the territory of Belgrade”. However, in the reply to our FOI request, MOI stated that “the significant research and analysis” actually didn’t exist. On the other hand, by reading the detailed Huawei case study, it is possible to find information which may provide a better picture about what is actually happening with the process of installing cameras in Belgrade. 

It is very concerning that we can hear completely different information from many different sides about questions that concern constitutional civil rights and freedoms of citizens of Serbia. We believe that relevant actors have to come out to the citizens with accurate and complete information, and to provide the explanation to the public how will a private company be able to access their personal data, in which cases and, most importantly, why weren’t information about cooperation with Huawei available to citizens in the initial phase of the project.

New surveillance cameras in Belgrade: location and human rights impact analysis – “withheld”

Leading Serbian law enforcement officials announced a new system of video-surveillance in Belgrade, the nation’s capital, which would be highly intrusive for citizens. It was revealed that the main partner of the Government of Serbia was Huawei, the Chinese tech giant recently involved in several scandals. In pursuit for transparency of deploying such privacy-invasive technology, SHARE Foundation submitted Freedom of Information (FOI) requests to the Ministry of Interior.

However, the Ministry responded that all documents regarding the public procurement of video surveillance equipment in Belgrade were protected as ‘Confidential’. The information about the new facial and vehicle license plate recognition system was not provided either.

Earlier this year, the Serbian Minister of Interior and the Police Director announced that in the next two years, 1.000 new generation cameras using facial and license plate recognition software will be installed in 800 locations in Belgrade. Minister of Interior Nebojša Stefanović made a statement for Fonet news agency and said that ‘patrol cars and police officers in the street will gradually become equipped with these cameras’, while the network of cameras will then spread to both the highway and regional roads. Police Director Vladimir Rebić made an appearance on Radio-Television of Serbia and stated that the ‘establishing the functionality of face recognition is in its final stage’, and that the locations intended for stationary cameras were already determined based on ‘a broad examination and analysis of events, referring primarily to the criminal offences in Belgrade’.

 

Camera location – “confidential”

 

Based on the Law on Free Access to Information of Public Importance, SHARE Foundation, requested the information on locations of the cameras, including the analysis based on which these locations were determined, and details on the public procurement and relevant procedures.

The official responses of the Ministry stated that all the documents regarding the public procurement of the video equipment are protected as ‘confidential’, and the information on locations and analysis were not provided in any document or any medium, which is the legal precondition to exercise the access to the public importance information. SHARE Foundation requested a copy of the data protection impact assessment (DPIA), and the Ministry responded that the new Law on Personal Data Protection is not being applied yet, and explained that registry and processing of personal data contained in the video surveillance were regulated by the Law on Registry and Processing of Data in Interior Affairs.

Considering the fact that the responses of a FOI officer of the Ministry were in direct contrast to the statements made by the Minister and the Police Director, this ambiguity must be clarified without any further delay, keeping in mind that this is a fundamental question of human rights and civil freedoms guaranteed by law and the Constitution of Serbia.

 

Huawei as the partner of police

 

SHARE Foundation also requested information on the public procurement of equipment and software to be used for video surveillance. The response of the Ministry was that they began discussing possibilities and improvements of information and telecommunications system with Chinese company Huawei in 2011, and that they drafted the decision regarding the increase of general security of citizens within the project titled ‘Safe Society’. This project falls under the Agreement on Economic and Technical Cooperation Regarding Infrastructure between the governments of Serbia and China, previously signed in Beijing in 2009.

Furthermore, the Ministry stated that in 2014 they signed the Memorandum of Understanding with Huawei, referring to necessary steps for the implementation of the above-mentioned project. Based on the Agreement and the Memorandum, in 2017, the Ministry and Huawei signed the Agreement on Strategic Partnership for Introducing eLTE technologies and solutions for a ‘safe city’ in public security systems. The Government of the Republic of Serbia signed this Agreement so that the Ministry of Interior took over the obligations stipulated in the Agreement regarding expenses and procurement of the video surveillance system based on the capital project ‘Video surveillance in traffic – phase II’.

 

Intrusive technologies in “uncharted waters”

 

Serbia adopted a new Law on Personal Data Protection which mostly follows the new standards of European regulations in this field, i.e. GDPR, but at the same time, it does not provide for instruments and mechanisms for the better implementation of the Law. Also, so far there have been no steps taken in terms of drafting a law regulating video surveillance in public space.

Software used for identification is the latest technological achievement which gravely violates rights and freedoms of citizens and is an important topic of public discussions in democratic societies. Chinese company Huawei has been accused on several occasions over the past few years by USA and some European countries of industrial and political espionage in cooperation with Chinese authorities.

In the upcoming months, it is necessary to determine which equipment for video surveillance has been purchased, where and how the personal data will be processed as well as whether the personal data protection impact assessment has been carried out adequately.

Relevant documents:

SHARE Foundation FOI request – statement of Minister Stefanović

SHARE Foundation FOI request – TV appearance of Police Director Rebić

Decision of the Ministry on rejection of the request 

Response of the Ministry

Organisations from across Europe insist on a transparent appointment of the Commissioner in Serbia

Today, on 4 December, eight digital rights organisations from across Europe sent a letter to the National Assembly of Serbia, asking for a transparent process of the selection of the country’s new Data Protection Commissioner. The mandate of the current Commissioner for Information of Public Importance and Personal Data Protection of Serbia is to expire soon, and given the fact that the newly adopted Law on Personal Data Protection starts being applied in August 2019 and that Law on Free Access to Information of Public Importance is being reformed, it is of high importance that the new Commissioner is appointed as soon as possible, through a transparent process in accordance with the law, and that the best candidate is given the position.

The letter invites the Culture and Information Committee of the National Assembly of Serbia to:

  • Start the procedure for the election of a new Commissioner, as soon as possible;
  • To make the procedure for selecting the best candidate for the position transparent;
  • To determine the legal conditions for selection, where, in addition to general expertise and experience in the protection and promotion of human rights, priority should be given to candidates with specific expertise and experience in freedom of information and personal data protection;
  • To conduct interviews with the best candidates at a session that will be open to the public, in order to deliver a reasoned decision on the proposal to the National Assembly;
  • To justify the proposal for a decision on the best candidate’s choice according to each of the set conditions.

The organisations called upon the National Assembly, which appoints the Commissioner, to ensure the highest standards in the selection and appointment of the new Commissioner in order to respect the foundations of a free, innovative and open digital society that delivers the best data protection standards in Serbia, in line with the European Union General Data Protection Regulation (GDPR) and the Convention 108 of the Council of Europe.

Signatories:

European Digital Rights (EDRi) – Europe

Access Now – Europe

Association for Technology and Internet (APTI) – Romania

Electronic Frontier Norway – Norway

Epicenter.works – Austria

Homo Digitalis – Greece

Open Rights Group – United Kingdom

Privacy International – United Kingdom

SHARE Foundation and organizations for the protection of digital rights warn about the misuse of GDPR in Romania

Journalists of RISE Project from Romania, an investigative media outlet, were threatened with fines in the amount of 20 million EUR if they do not allow the access to personal data, thus 18 organizations for the protection of digital rights and freedoms and SHARE Foundation among them, sent a letter to Andrea Jelinek, the Chair of the European Data Protection Board. The letter was also sent to the president of the National Supervisory Authority for Personal Data Processing of Romania, as well as to the European Commission.

Namely, on Facebook page of the RISE Project, journalists published documents containing personal data of a well-known Romanian politician and persons connected with him, and pointed at a high level of corruption in terms of misuse of the EU funds. Soon afterwards, the Project received a written request of the Romanian Supervisory Body asking for the information on the source of the data and threatening with a fine.

The organizations warned that such request of the Romanian body for personal data protection jeopardizes the secrecy of journalistic sources and reminded that the General Data Protection Regulation (GDPR) a legislative framework for the protection of rights established by the Charter of Fundamental Rights of the EU and the European Convention on Human Rights.

Recitals 4 and 153 and Article 85 of the GDPR make clear that the right to protection of personal data must be considered in relation to its function in society and be reconciled with other fundamental rights, such as the right to freedom of expression and information.

Signatories of the letter asked the Board to consider whether the request of the Supervisory Body of Romania is in line with the GDPR and whether the Romanian Law on Personal Data Protection 190/2018 and its application in this case reconcile the personal data protection and freedom of expression and information in line with Article 85.

The letter in English language is available here.

Digital rights organizations ask for transparency in content removal on Facebook

More than 70 organizations from all around the world, with SHARE Foundation among them, signed an open letter to the Chief Executive Officer of Facebook, Mark Zuckerberg  with a request of ensuring transparency and liability for the content removal process on this social network. The letter requests from Facebook to clearly and precisely reveal how much content it removes, with or without basis, as well as to enable its users to fairly and timely make complaints to removed content in order for the content to be back online as soon as possible in case of a mistake.

The letter asks for adoption of “Santa Clara principles” and points to the fact that many high-profile figures such as politicians, museums, or celebrities managed to bring their content back on Facebook thanks to all the media attention. For most ‘regular’ users, this is not the case, because Facebook allows complaints to content being removed only in certain circumstances. Beside the implementation of a more efficient mechanism for complaints, Facebook is also requested to publish reports on transparency and to include details such as the type of removed content, the initiation of moderation actions and the number of wrong moderation decisions regarding the content removal.

“We know that content moderation policies are being unevenly applied, and an enormous amount of content is being removed improperly each week. But we don’t have numbers or data that can tell us how big the problem is, what content is affected the most, and how appeals were dealt with. Mr. Zuckerberg should make transparency about these decisions, which affect millions of people around the world, a priority at Facebook,” said Nate Cardozo from  Electronic Frontier Foundation (EFF).

GDPR Today – Stats, news and tools to make data protection a reality

GDPR Today, launched on 25 October, is your online hub for staying tuned to the (real) life of EU data protection law. The project will monitor the implementation of the law across Europe by publishing statistics and sharing relevant news around key subjects.

GDPR Today, led by several EDRi member organisations, aims to complement our association’s past support for the data protection reform.

Katarzyna Szymielewicz, vice-president of EDRi and co-founder and president of Panoptykon Foundation

Behind GDPR Today there are several civil society organisations who work together under the umbrella of European Digital Rights – EDRi, an association which supported the EU data protection reform. The initiative will prioritise building knowledge around legal guidelines and decisions, data breaches, new codes of conduct, tools facilitating individuals’ exercise of rights, important business developments and governmental support for data protection authorities. The GDPR Today is an instrument aimed at data protection experts, activists, journalists, lawyers, and anyone interested in  the protection of personal data.

Our goal with GDPR Today is to present facts to the public on the implementation of the law, so that those interested can follow how the GDPR is both shaping the EU digital market and helping people regain control over their personal data.

Estelle Massé, Senior Policy Analyst and Global Data Protection Lead at Access Now

Read more at gdprtoday.org!

Return the constitutional provision to the Law on Personal Data Protection

Legal restriction enabling the police, information agencies or private companies to enter the privacy of citizens only when it is prescribed by law has been deleted from the Bill of the Law on Personal Data Protection. The Bill was adopted by the Government of Serbia at its session on 24 September and it is currently in the parliamentary procedure.

Following Article 23 of the new European General Data Protection Regulation – GDPR, Article 40 of the Draft which was an object of public debate since 1 December 2017, explicitly stipulated that the citizens’ rights related to insight, deletion, change and other measures of control over the processing of their data ‘may be restricted by law’ in cases such as: protection of national security, defense, public safety, rights and freedoms of others, etc.

However, the obligation of such restriction being prescribed by law was deleted from the Bill submitted to the Parliament for adoption. This would practically mean that state bodies or private companies processing personal data of citizens may restrict the rights of citizens arbitrarily and without any explicit legal authorization.

Wording which makes everyone processing personal data of citizens obligated to act in line with law is not a phrase which can be omitted because the obligations of processors are implied. On the contrary, a random restriction of rights can be prevented only by an explicit provision of the law which strictly defines when processor may restrict the rights of citizens.

This obligation is also a part of Article 42 of the Constitution of the Republic of Serbia, stating that collecting, keeping, processing and using personal data is regulated by law (paragraph 2), as well as that ‘everyone shall have the right to be informed about personal data collected about them, in accordance with the law, and the right to court protection in case of their abuse’ (paragraph 4).

We wish to remind that this is not the first time that our legal system includes a solution contrary to constitutional provisions. Namely, on 30 May 2012, at the proposal of the Commissioner for Information of Public Importance and Personal Data Protection, the Constitutional Court passed a decision determining that parts of Articles 12, 13, and 14 of the current Law on Protection of Personal Data are not compliant with the Constitution of the Republic of Serbia because they enable restricting the rights of citizens based on ‘another regulation’. Having in mind Article 42 of the Constitution, the Constitutional Court concluded that only ‘law can regulate collecting, keeping, processing and using of data’, therefore any option of regulating this field based on ‘another regulation’ is unconstitutional.

Such decision of the Constitutional Court suggests that the new definition of Article 40 of the Bill could face the same fate, too.

Since the restrictions from the Bill are in fact copied from the GDPR, it is important to understand the intention of the European legislator. Namely, the new regulatory framework primarily enabled the EU member states to, in their own regulations specify restrictions when it comes to the rights of citizens which certainly does not mean that such restrictions are necessary. For example, the overview of laws of the EU member states implementing the GDPR showed that some of them, such as Germany, Austria, Sweden or Croatia either do not have any specific articles referring to restrictions of citizens’ rights or these restrictions are narrowly defined.

The laws on personal data protection in Germany and Austria contain restrictions only in parts referring to data processing for police and defense purposes, purposes of criminal acts investigations, conducting criminal sanctions and similar, whereas the Law on Implementation of the General Data Protection Regulation in Croatia, does not contain articles referring to restrictions of the rights of citizens. Legislators in Sweden left a possibility of passing additional laws to prescribe restrictions of the rights of citizens in the context of Article 23 of the GDPR.

We have been waiting for the new Law on Protection of Personal Data, to be adopted for quite long, because it is supposed to ensure new rights to citizens, such as the right to correction, addition, deletion, restriction of processing and portability of data, just like in the General Data Protection Regulation – GDPR.

Key objections to the Draft during the public debate referred precisely to the structure and wording of the proposed text of the Law, which copied provisions from the European regulation without connection with domestic legal system. In spite of a great criticism coming from experts, civil society organizations and the Commissioner for Information of Public Importance and Personal Data Protection, most objections were not adopted.

Since the Bill has already been submitted for adoption, SHARE Foundation urges the members to use amendment of the Parliament to return to the initial wording of Article 40.

Find more on citizens’ rights guaranteed by a new legislative framework in our Guidebook My data – my rights.