The office gradually developed supervision of compliance with the obligations set out by the then Act No. 101/2000 Coll., on personal data protection, maintained register of processing operations, handled instigations and complaints, offered consultations, acted in the field of legislation, looked over fulfilment of requirements ensuing from international agreements and set accents on lecturing and awareness raising.
The president of the office, Ms Ivana Janů, shared her views on modern data protection and on the future trends in Europe and in the world in this area. Moreover, she answered, together with her deputy, the question concerning the changes the institution had seen during the years.
Dr Ivana Janů, President of the Office
You were appointed by the president of the Czech Republic in 2015. How the institution has changed under your leadership?
Quite significantly, I think. There were changes, on the one hand, I was involved in from objective necessity and there were changes, on the other hand, I initiated and carried through myself. To the first category belongs the change of the fundamental legal provisions determining the office´s activity substantiated in the general data protection regulation (GDPR) and the establishment of a new branch of activity consisting in the implementation of the right to free access to information. My key priority at the beginning was to improve the quality of the appellate procedure and, judged by the cases closed before the court, my intention has come true. The second change is symbolized by the EU flag hanged out over the office entrance, just next to the Czech flag: we share the EU values through, among others, the active cooperation of the office´s representatives, beside their regular working portfolio, within the European Data Protection Board pursuant the community legal regulations. English is the working language, of course.
What important challenges will the office face in the coming years?
I would name, in the first place, the ability to continue acting as an independent, professional and competent supervisory body in the area of data protection as well as in the capacity of an administrative authority vested with the competence in the field of free access to information. And last but not least, there is an idea I haven´t quite realised so far: the office could be assisted by a certain pool of cooperating experts from different walks of life important to the office who would, on ad-hoc basis, take part in the decision-making activity. Accomplishment of this task is a matter of a couple of future years. I haven´t had any professional advisors apart of the legally obligatory advisory committee.
How do you perceive the current developments in Europe, but also in the world, in the area of data protection? What are the directions it heads toward?
I hope the COVID-19 pandemic showed even to people that were not interested otherwise that the “pan-digitalization” moves forward very quickly and our privacy has no means to protect itself, whereas it is spontaneously vanishing from day to day. It is not just only about the “fight with the pandemic” but namely about the immense de-personalization of contacts forcing us to leave even more undeletable digital traces related to distance working, cashless payments and online purchases of almost everything. This makes our digital activity map, from day to day, ever detailed!
Today, the European-style data protection practically softens and prevent some unintended consequences of the digitalization projects (extensive surveillance of people, for instance). It shall be able to provide this in the near future as well. It has, in my eyes, a huge advantage because it does not allow to reduce the protection of personal data to a mere technical and organizational security.
Mr Josef Prokeš, Deputy President of the Office
How the office has changed during your time here?
The office underwent a principal change in the past years. While formerly, the office was often perceived as a sole island of data protection in this country, and on many occasions, it overbridged in various areas of the Czech society as well as of the public administration the lack of data protection experts, the office succeeded to develop into an institution that strictly performed its main, in more detail regulated by the present laws, competence. Beside the oversight of the particular obligations relating to the processing of personal data, the office focuses newly on stronger supervision of the aspect of meticulous and professional preparation of the data processing operations by the public and private controllers and looks if they applied appropriate data protection tools. This office´s role is supported by the general data protection regulation which has modernized a number of data processing procedures within extensive and risky agendas.
Beside the government as the regulator, there is an ever-growing community of experts, the so-called data protection officers, working directly with the controllers and processors, that newly and principally contributes to the protection of personal data. In fact, the work of these data protection officers replaced the assistance from the part of the office, often required by data controllers, in dealing with many particular data protection issues or during preparation of legal regulations which, however, was often at variance with the tasks of a supervisory body. The above mentioned, along with the growing regulation of the Internet as a dominant space of massive data processing, has been putting in the last years more demands on the office not only in performing the investigation, but also in monitoring all the important changes, in providing consultancy and in communicating with the public.