Czech Republic

Overview

Stage of legislative progress 
Eg. pre-consultation, in consultation

Draft of the new Data Protection Act(""DPA"") [https://bit.ly/2wLHROt] is in the legislative process, currently in the House of Commons (lower chamber of the Czech Parliament).

Approach to implementation 
Eg. amendments to existing law, total repeal of old laws

DPA No. 101/2000 Coll. to be repealed by the new DPA. Multiple existing laws (e.g. Civil Procedure Code, Criminal Procedure Code) to be amended by an Amending Act. The new DPA shall also partially transpose the Law Enforcement Directive.

 

Timescale for implementation 
Eg. pre-consultation, in consultation

DPA to be effective as of its publication in the Collection of Laws (after passing the legislative procedure).


Areas where Member States must have local laws:

Personal data and freedom of expression 

Section 16 of the DPA allows processing of personal data carried out by adequate means for journalistic purposes or for purposes of academic, artistic or literary expression. Sections 17 et seq. stipulate exceptions to information obligation (Section 17), protection of source and content of information (Section 18), exceptions to right to restriction of processing (Section 19), information about rectification and erasure (Section 20), and limitation of right to object (Section 21).

 

Penalties

Section 59 stipulates fines for administrative offence of unlawful publication of personal data where the prohibition of disclosure is stipulated by law (e.g. Criminal Procedure Code). Fine may amount to CZK 1 million. Maximum fines of CZK 5 million is stipulated if this administrative offence is carried out through print, film, radio, television, publicly accessible computer network or other similarly effective means.
Sections 60 and 61 stipulate various administrative offences in relation to data processing. A fine up to CZK 10 million may be imposed.
No new criminal penalties will be introduced (unauthorised use of personal data is already recognised by the current Criminal Code).

 


 

Areas where Member States may have local laws:

Professional secrecy 

Section 56 stipulates obligation of the Data Protection Authority to exclude from the file inspection information that constitute trade secret or bank secret or any similar types of secrets, copyrighted works, and information protected by secrecy obligations under special laws, if the file is inspected by a person who did not provide such protected information. The Data Protection Authority is only authorised to get acquainted with information protected by professional secrecy of attorneys with consent and upon presence of a representative of the Czech Bar Association. 

Employees of the Data Protection Authority are bound by secrecy obligation also after termination of their employment relationship with the DPA (Section 57).

Scientific, historical or statistical purposes 

n/a

Employment 

n/a

Personal data of deceased persons 

n/a

Children online (in relation to the offering of information society services)

 Section 7 sets the age of consent for children in relation to offering of information society services at 15 years of age.

Special rules for special categories of data
n/a

Genetic, biometric or health data

n/a

Designation of a Data Protection Officer

Section 14 stipulates that obligation to appoint a Data Protection Officer under Article 37(1)(a) GDPR also applies to bodies established by law that fulfil tasks imposed by law in public interest.

 

National identification numbers/any other identifier of general application

n/a

 


 

Other:

Any other areas under discussion

n/a