The Center for Investigative Journalism of Serbia (CINS) published an article yesterday about SNS’s call center, in which suspicions were raised that their databases contain data such as people’s Unique Master Citizen Number, addresses, and polling stations. As proof, we also published a photo of the database and the data it contains. According to CINS’s source, who is familiar with the work of the call center, we are all in that database, regardless of who we vote for.
After we asked the Commissioner for Information of Public Importance and Personal Data Protection if they would react to this, we received a response from their office stating that this is not possible.
“Based on your article, we don’t know whether the lists containing citizens’ data came from a database of members and sympathizers that each political party has, or from some other database, and there is no legal basis for the Commissioner to react in this specific case.”
However, former Commissioner Rodoljub Šabić believes the opposite.
“Of course we don’t know, but that’s why it should be looked into. There are definitely indications that it could be a database that was not created, as parties usually explain, during door-to-door campaigns or by collecting data at stands and party meetings or conferences.”
Šabić recalls a case from five years ago when pensioners in Serbia received a letter signed by Aleksandar Vučić, with the Serbian Progressive Party (SNS) mark on the envelope. At that time, as the Commissioner, he filed a criminal complaint against an unknown person from The Pension and Disability Insurance Fund on suspicion that they had provided this party with personal data of pensioners.
He explains that this is still possible – the Commissioner can look into whether the personal data of citizens that ended up at SNS’s call center came from institutions.
“In the event that the suspicion is well-founded, there is not only a basis for the Commissioner to react [in relation to the call center] and the prohibition of further processing of that data, but also a basis for the prosecution to get involved”, Šabić explains, adding that if these doubts are confirmed, the prosecutor can react.
“It is then a criminal offense from Article 146 of the Criminal Code (unauthorized collection of personal data) and there is a basis for the prosecution to get involved.”
He believes that the Commissioner’s interpretation is “narrow and rigid sympathizers and that at the very least, it is certainly possible to look into those doubts.
As a reminder, Ana Toskić Cvetinović from the Partners Serbia organization, which, among other things, deals with the protection of privacy and personal data, told CINS that people who work with databases should have training for working with sensitive data.
“If they are employed, it should be written in their employment contract, or there should be some internal procedures obliging people to keep the data confidential.”
The source with whom CINS spoke says that they did not have this kind of training.
Toskić added that the bigger problem here is that this database exists, especially if it is a copy of the voter list.
“The purpose of that database [voter list] is to conduct elections, not political propaganda. No party should ever have that. (…) It can create a database of its own confirmed voters, under some of its own criteria, and it should have the consent of the people whose data it processes.”
According to CINS’s source, the work is divided into those who make calls to so-called key voters and a smaller number of those who enter data into the database and check it.