Regulators Demand Data Protection for Western Balkans Citizens

Citizens of the Western Balkans face growing concerns regarding the protection of their personal data in the digital age. As global companies like Meta and Google gather and process information without legal oversight, regulators warn that the region risks becoming a digital colony. In an interview with Pobjeda, Željko Rutović, President of the Council of the Agency for Personal Data Protection, emphasized the urgent need for legislative action.

While the European Union has implemented the General Data Protection Regulation (GDPR), which sets the highest standards for privacy protection, Montenegro has yet to adopt this crucial regulation. This delay leaves citizens vulnerable to widespread data collection practices by major corporations and limits the ability of local institutions to protect personal information.

Rutović highlights that personal data has evolved into a highly valuable commodity. He stated, “Personal data today is one of the largest commercial resources in the world.” Companies create daily profiles based on users’ behaviors, preferences, and needs for profit, resulting in significant implications for consumer and political behavior.

Joint Action Needed for Data Protection

Montenegro has not yet enacted a new data protection law or aligned its regulations with the GDPR, which complicates the situation further. Rutović stressed that collaboration with neighboring countries could enhance their negotiating power with major corporations.

“We felt the need for Serbia, Montenegro, and Bosnia and Herzegovina to collectively request Google, Meta, and X to establish an office for the Western Balkans,” Rutović explained. This approach, supported at meetings in Sarajevo and Podgorica, aims to strengthen their position when addressing corporate data practices.

Regulatory bodies have limited options under the current legal framework. Rutović noted, “The only thing we can do is send a letter to a company and present the problem. But that letter lacks legal force.” In contrast, Serbia has already aligned its laws with the GDPR, leaving Montenegro at a disadvantage.

Challenges in Data Regulation

The European Union has raised significant concerns about how Meta justifies its data processing. The company often cites “legitimate interest,” prioritizing profit over citizens’ privacy rights. Rutović pointed out that this practice is unacceptable within European norms, leading to multiple legal losses for Meta in European courts.

Users in the EU benefit from rights to be informed and to consent to data usage. However, citizens outside the EU, including those in Montenegro, Serbia, and Bosnia and Herzegovina, lack these protective mechanisms due to unaligned legislation.

Rutović further addressed the limitations faced by data protection agencies in these countries. “Our agencies lack basic operational resources, let alone the capacity for development and training.” With the rapid advancement of artificial intelligence and new digital tools, even more robust EU nations struggle to keep pace, making it even more challenging for smaller countries like Montenegro to protect their citizens.

Despite the widespread abuse of personal data, public awareness remains limited. Rutović emphasized the need for a systemic response, stating, “The protection of personal data is not just a technical issue but a deeply political and civilizational question.”

He concluded with a stark warning: “If we do not respond in time, we risk becoming digital colonies of large corporations, without the right to control our own data.”

In April 2023, independent data protection authorities from Montenegro, Serbia, and Bosnia and Herzegovina held a trilateral meeting in Podgorica to address privacy policy changes by Meta and X. The regulators agreed on the necessity of appointing an official representative for these companies in the Western Balkans, which would represent a rational response to the challenges of protecting privacy in the digital age.

This initiative, which began in 2019 in Budva, underscores the urgent need for alignment with GDPR and modern standards. As the collaboration continues, the upcoming trilateral meeting in Belgrade will further address these pressing concerns.