Legal analysis of the law
- Title of the law and Official Gazette number (last change or modification)?
Banking Law („Official Gazette of the Republic of Macedonia“ no. 67/2007, 90/2009, 67/2010, 26/2013 and 15/2015.
- Does the Law envisage processing of personal data and in what type of Collection (Evidence, Register, Database)?
- What is the purpose of collecting personal data? Is that purpose clear?
Performing banking services.
Uncertainties that citizens are facing are mostly related to the definition of Related Persons, who under this Act shall be two or more persons who represent a single risk because one of them directly or indirectly controls the other or to the other persons not related by control, but they represent a single risk, because they are interconnected in such a way that the financial problems in one of them can cause problems in the repayment of the other and / or others. Two individuals are considered to be related if one person is a spouse or a person living in wedlock, child or adopted child, parent or person under guardianship of the other person.
With the recent amendments to the Banking Law, if the data is provided to the Ministry of Labour and Social Policy, the Employment Agency of the Republic of Macedonia and the Health Insurance Fund, for the purpose of their operation on their responsibilities and in accordance with the regulations for protection of personal data, only if the bank signs a memorandum of cooperation with these institutions, which will regulate the availability of the data.
Foremost, the access activity is controversial, and then the grounds that allow it.
The envisaged signing of the Memorandum of cooperation with institutions in order to obtain data is controversial because the Memorandum does not have the legal power to allow this to happen, it is not a document based on which those most affected – the citizens can exercise their rights or file complaints. This puts into question the seriousness of the banks, particularly because of the fact that banking secrecy is no longer a secret, but with an exception, the secret is revealed to the institutions.
- What categories of personal data are collected? Is the scope in compliance with the purpose?
There are no clear categories of personal data.
- Who collects the personal data at first instance? (company, institution)
- Is the Consent of the data subject for personal data protection envisaged by this law?
- Is the keeping period of personal data clearly defined?
- Does the law contain separate provision for personal data protection that clearly states the implementation of technical and organizational measures?
There is an article that defines banking secrecy, and according to which the documents, data and information acquired through banking and other financial activities of individual persons and transactions with individual entities as well as the deposits of individual persons are a banking secret that the bank is required to protect and keep.
- Is the processing of personal data prescribed by this law connected to implementation of another law?
Law on Prevention of Money Laundering and Terrorist Financing
- Are there any exceptions for processing of sensitive data? (PIN, biometrics, video surveillance)
PIN, bank account data.