What are the provisions of new policing draft laws

The analysis of the new Draft Law on Internal Affairs, the Draft Law on Data Processing and Records in Internal Affairs, as well as the new working draft of Data Protection Impact Assessment, shows that the fundamental issues of the intrusive technology application in Serbia have not been addressed.

Specifically, the Draft Law on Internal Affairs enables mass, indiscriminate processing of biometric data which is special category data, by means of recording in public spaces and storing the recorded data. As described in the Impact Assessment working draft, biometric data is collected by detecting faces in the course of recording, and by extracting biometric data from a captured photo. The Draft Law on Data Processing and Records provides that photos with biometric facial features are kept for 72 hours from the moment of creation. These processes take place within police powers, meaning that biometric data are indiscriminately collected and stored outside the prescribed procedures for special evidentiary actions, that is, without the court order.

The Draft Law on Internal Affairs defines cases in which an authorised officer can use the biometric data processing software for identification purposes. These are cases of finding the perpetrator of criminal or preparatory offences prosecuted ex officio, or finding a missing victim of a criminal offence prosecuted ex officio. However, the process of establishing an identity is subject to the conditions of the Criminal Procedure Code of Serbia, although it is not entirely clear which of the procedures would be applied for the special evidentiary actions, given that different conditions are prescribed for each of these evidentiary actions.

The draft laws describe two types of access, automated and semi-automated biometric data searches, but their difference is instead defined in the Impact Assessment working draft. The automated search of biometric data is limited either to locations or to persons determined by the security profiles and implies a real-time search. Semi-automated processing is a retroactive search of biometric data either for identification purposes, where biometric data from the system is used as an input for other databases held by the Ministry of Interior of Serbia, or for establishing the movements and whereabouts of an already identified person.

The SHARE Foundation has consistently advocated against the legalisation of mass, indiscriminate biometric surveillance for the past four years, particularly during the consultation process launched upon the withdrawal of the first Draft Law on Internal Affairs. A new draft with old fundamental issues is now before us. The public hearing is open until the end of December.

Please find the SHARE Foundation’s complete Position Paper at this link.