SERBIA Law and Practice Contributed by: Vladimir Djeric, Katarina Radovic and Lena Petrovic, Mikijelj, Janković & Bogdanović
• five cases of failure to appoint a Data Protec - tion Officer (DPO). These requests were filed against three respon - sible persons, six legal entities and one entre - preneur. Since 2010, 238 misdemeanour requests have been filed: • 216 under the old PDPA, with common viola - tions including failure to update records, unlawful processing and failure to comply with the Commissioner’s orders; and • 24 under the new PDPA, mainly related to unlawful processing and lack of adequate security measures. In 2023, five misdemeanour orders were issued for: • three cases of failure to maintain processing records; and • two cases of failing to publish or submit DPO contact information. Criminal Complaints and Prosecutor’s Actions Since 2010, the Commissioner has filed 49 criminal complaints, covering offences such as unauthorised wiretapping, unauthorised data collection and abuse of official position. Only two indictments were filed, leading to: • one conditional conviction (six months’ pro - bation); and • one acquittal. 23 complaints were dismissed due to: • 15 cases of prosecution being deferred;
• three cases where the offence was not con - sidered a criminal act; and • five cases of expired statutes of limitations. In 2023, misdemeanour courts issued five first- instance decisions: • three convictions with warnings; • one dismissal due to expired statutes of limi - tations; and • one rejection due to the statute of limitations. SHARE Foundation has reported 76 cases of violations of privacy and data protection, out of which 22 perpetrators are persons from the public sector, 16 natural persons and 16 persons from media outlets. In 42 cases, the violation affected a large number of people, 32 cases relate to individual data subjects and one relates to a political data subject. Serbia has an active but relatively mild enforce - ment of data protection laws. While there are administrative and legal actions against viola - tors, the lack of significant fines or major crimi - nal convictions suggests that data protection compliance may not yet be a top enforcement priority. The relatively low penalties (compared to GDPR) may contribute to the limited motivation for full compliance among organisations. 1.5 AI Regulation AI is still not regulated in Serbian legislation. In 2019, Serbia adopted “Strategy for the Develop - ment of Artificial Intelligence in the Republic of Serbia for the period 2020-2025.” The strategy established “goals and measures for the devel - opment of artificial intelligence, the implementa - tion of which should result in economic growth, improvement of public services, improvement of scientific staff and development of skills for the jobs of the future”. Also, “implementation of the measures of the Strategy should ensure that artificial intelligence in the Republic of Serbia is
375 CHAMBERS.COM
Powered by FlippingBook