Regulators Demand Data Protection from Global Tech Giants

Recent discussions among data protection regulators in the Western Balkans have highlighted significant concerns regarding the lack of legal frameworks governing personal data privacy. According to Željko Rutović, president of the Personal Data Protection Agency Council, without proper legal protections, citizens in Montenegro, Serbia, and Bosnia and Herzegovina risk becoming digital colonies of global tech giants like Meta and Google.

The digital era has revolutionized communication and trade in the region. However, it has also raised critical issues surrounding privacy and the handling of personal data. With the absence of robust regulatory measures, large corporations are free to collect and process citizens’ information without oversight, leading to potential exploitation for commercial and political purposes.

Despite the European Union’s implementation of the General Data Protection Regulation (GDPR), which sets the highest standards for privacy protection, Montenegro has yet to incorporate this regulation into its legal system. Rutović pointed out that this leaves the nation tethered to outdated mechanisms while citizens face daily challenges from extensive data collection practices by major companies.

“Personal data has become one of the most valuable commercial resources,” Rutović stated. “Corporations perform daily profiling of our identities, preferences, and desires to sell this information. This is a huge business for mega-corporations.”

The mass processing of data by companies like Meta and Google opens avenues for direct influence over consumer behavior and even political conduct. As the region grapples with these realities, Rutović emphasized the need for a collective approach among neighboring countries.

Collaboration Among Nations

Montenegro has not yet enacted new data protection laws nor adopted the GDPR, which Rutović argues necessitates a unified stance with Serbia and Bosnia and Herzegovina. He remarked that a joint effort to request Meta, Google, and X (formerly Twitter) to establish offices in the Western Balkans would strengthen their position.

“We felt the need to collectively address these companies, as our bargaining power would be much stronger than if we approached them individually,” Rutović explained. The regulators have already convened meetings in Sarajevo and Podgorica, with plans for a third meeting. “This serves as a temporary solution while we align our national laws with European standards,” he added.

The current legal framework limits domestic institutions in their ability to act effectively. Rutović described the situation as one where local agencies can only issue letters to companies highlighting issues without any legal authority to enforce compliance. This contrasts sharply with Serbia, which has already aligned its laws with GDPR.

Challenges with Global Tech Companies

One of the major criticisms from European regulators pertains to how Meta justifies its data processing practices. The company often cites “legitimate interest,” which implies that profit can take precedence over individuals’ privacy rights. Rutović noted that Meta utilizes publicly available data, messages, and metadata, combining them with information from partners, all under the guise of this justification.

“In the European context, this approach is unimaginable,” he asserted. Due to this prioritization of profit, Meta has faced multiple legal defeats in European courts. Under GDPR, users in the EU retain the right to be informed and to consent to the use of their data. Unfortunately, citizens outside the EU, including those in Montenegro, Serbia, and Bosnia and Herzegovina, lack these protective mechanisms due to their non-compliance with European legislation.

Resource Limitations

Rutović also highlighted the inadequate resources available to data protection agencies. “Our agencies lack even the basic resources for operation, let alone the capacity for development and staff training,” he noted. This situation is exacerbated by the rapid advancements in artificial intelligence and digital tools, which many EU nations struggle to keep pace with.

The limitations of these institutions lead to a widespread perception of data misuse, with citizens frequently facing issues such as data breaches and unauthorized processing. Despite this, awareness of the importance of data protection remains insufficient. Rutović urged that personal data should be recognized as a fundamental human right, emphasizing the potential consequences of its misuse, from privacy violations to manipulation of democratic processes.

A Collective Responsibility

Addressing these challenges cannot solely rest on the shoulders of regulators. Rutović stressed the need for a comprehensive response involving the government, educational and media institutions, and the public at large. He underscored that personal data protection transcends technicalities and is fundamentally a political and civilizational issue that concerns human rights and societal security.

“If we fail to respond adequately, we risk becoming digital colonies of large corporations, devoid of the ability to control our own data,” he warned.

The establishment of a Meta center in the Balkans could represent a significant step towards balancing the interests of global corporations with the protection of citizens. Nevertheless, without clear legal frameworks and alignment with European standards, such efforts will only serve as temporary measures.

Rutović concluded that the upcoming period will be crucial for Montenegro, Serbia, and Bosnia and Herzegovina, not only for aligning legislation with European integration processes but also for safeguarding citizens’ fundamental right to privacy. In the digital age, personal data is not merely information; it represents a resource, commodity, and power. The pressing question remains: who will control its value—the citizens and states, or the global corporations?

In April 2023, independent regulatory bodies from Montenegro, Serbia, and Bosnia and Herzegovina held a trilateral meeting in Podgorica to discuss changes in privacy policies of Meta and X. The representatives agreed on the pressing need for the appointment of an official representative for these companies in the Western Balkans, which they see as a rational response to the challenges posed by digital privacy issues.