National Report: Czech Republic

Polčák, Radim; Kasl, František; Míšek, Jakub

doi:10.1007/978-3-030-28049-9_5

Radim Polčák¹³,
František Kasl¹³ &
Jakub Míšek¹³

Part of the book series: Ius Comparatum - Global Studies in Comparative Law ((GSCL,volume 38))

939 Accesses

Abstract

Protection of personal data never represented an overly relevant topic in the Czech Republic. It was originally legislated in 2001 in order to transpose the EC Data Protection Directive and other secondary sources of EC law (recently EU law) but never received, unlike in some other EU member-states, great political, professional or public attention. This situation partly changed with the introduction of the GDPR, which brought a number of new types of obligations aiming at a higher regulatory efficiency.

This report provides a basic overview of the system, structure and most relevant substantive and procedural issues of Czech data protection law. It primarily focuses on the analysis and discussion of most relevant black-letter law and, where appropriate, also of case-law. In some areas such as telecommunications (namely in wiretapping or data retention), substantial Czech case-law developed, while in others, such as the mainstream protection of personal data, there have been so far only very few relevant cases. As the Czech Republic at the time of finalisation of this text (Fall of 2018) still lacks, due to the reluctance of responsible authorities, national legislative implementation of the GDPR, the text of this report had to be partly based on current legislative drafts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 139.00; Price excludes VAT (USA)

Softcover Book: USD 179.99; Price excludes VAT (USA)

Hardcover Book: USD 179.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
For more particular explanation of use of behavioural rules in the Czech law, see Polčák et al. (2018), p. 13.
2.
See in Czech: Maisner and Vlachová (2015), pp. 126–128.
3.
See in Czech: Maisner (2016), pp. 138–147.
4.
See in Czech: Maisner (2016), pp. 15–27.
5.
Unofficial translation of the Czech Office for the Protection of Personal Data. Available online: https://www.uoou.cz/en/vismo/zobraz_dok.asp?id_org=200156&id_ktg=1107&archiv=0&p1=1105.
6.
See in Czech: Chudomelová et al. (2016), pp. 295–298.
7.
Cookies: přechod z principu opt-out na opt-in [Cookies: transfer from the opt-out principle to opt-in], 2012, Available online (in Czech): http://www.uoou.cz/vismo/zobraz_dok.asp?id_org=200144&id_ktg=1853&n=cookies-prechod-z-principu-opt-out-na-opt-in&query=cookie&p1=1099.
8.
Doporučení k zpracování cookies a obdobných prostředků sledování od 25. května 2018 [Recommendation regarding processing of cookies and similar means of monitoring following 25th May 2018], 2018. Available online (in Czech): https://www.uoou.cz/vismo/dokumenty2.asp?id_org=200144&id=29966&n=cookies%2Da%2Dgdpr&p1=1099.
9.
See in Czech: Kahle et al. (2015), pp. 641–643.
10.
Unofficial translation of the Ministry of Labour and Social Affairs. Available online: http://www.mpsv.cz/files/clanky/3221/Labour_Code_2012.pdf.
11.
Without their employer’s consent, employees may not use the employer’s means of production and other means necessary for performance of work, including computers and telecommunication technology for their personal needs. The employer is authorized to check compliance with the prohibition laid down in the first sentence in an appropriate way.
12.
See in Czech: Chudomelová et al. (2016), pp. 290–298.
13.
See in Czech: Polčák et al. (2018), pp. 524–528.
14.
See in Czech: Maisner (2016), pp. 99–137.
15.
See in Czech: Chudomelová et al. (2016), pp. 290–293.
16.
See in Czech: Vlachová (2016), pp. 28–31.
17.
See in Czech: Chudomelová et al. (2016), pp. 240–243.
18.
See in Czech: Maisner (2016), pp. 5–9.
19.
See in Czech: Maisner (2016), pp. 11–12.
20.
See in Czech: Chudomelová et al. (2016), pp. 299–306.
21.
See in Czech: Chudomelová et al. (2016), pp. 290–293.
22.
Pursuant to Section 2 lit. b) of the Act on Cybersecurity, “critical information infrastructure” is to be perceived as an element or system of elements of the critical infrastructure in the communication and information systems sector in the field of cybernetic security (as classified pursuant to the Section 2 of the Act No. 240/2000 Sb., on Crisis Management and Amendment of Certain Acts in in the Governmental Regulation No. 432/2010 Sb., on Criteria for Classification of an Element of the Critical Infrastructure).
23.
Pursuant to Section 2 lit. h) of the Act on Cybersecurity, “important network” means an electronic communications network securing a direct connection of the public communication networks with abroad or securing direct connection to the critical information infrastructure.
24.
See in Czech: Maisner and Vlachová (2015), pp. 74–76.
25.
Pursuant to Section 7 Subsection 2 of the Act on Cybersecurity, “cybernetic security incident” is defined as a breach of the security of the information in the information systems or a breach of security of the services or of the security and integrity of the electronic communications networks due to cybernetic security event. “Cybernetic security event” means, pursuant to Section 7 Subsection 1 of the Act on Cybersecurity, an event, which may cause a breach of security of the information in the information systems or a breach of security of the services or of the security and integrity of the electronic communications networks.
26.
The national CERT is currently administered by the Czech domain name authority CZ.NIC.
27.
See in Czech: Chudomelová et al. (2016), pp. 287–290.
28.
English website of the Czech Telecommunications Office can be found under https://www.ctu.eu.
29.
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework.
30.
In Czech online: http://www.nsz.cz/images/stories/PDF/Stanoviska_Proces/2015/1_SL_760-2014.pdf.
31.
In a case of a house search, there must be issued a previous warrant by a judge. For more information see in Czech: Šámal (2013), pp. 1111–1120.
32.
See in Czech e.g. Polčák et al. (2015), pp. 100–115: Hlaváčová and Chorvát (2016), pp. 3–24.
33.
For more detailed explanation in Czech see Šámal (2013), pp. 2006–2007.
34.
See section 158d, subsection 3 of the Code of Criminal Procedure.
35.
See section 158d, subsection 6 of the Code of Criminal Procedure. Should the collected data be used as an evidence during the criminal proceedings, a proper protocol should be prepared, which contains an information how the access was granted as well as the written consent of the person. The Constitutional Court confirmed this approach in its decision No. III. ÚS 3844/13.
36.
See in Czech: Polčák et al. (2015), pp. 121–137.
37.
Both interception of electronic communication and data retention is discussed in more detail bellow.
38.
See e.g. decision of Czech Constitutional Court No. II. ÚS 502/2000, followed by Decision No. II. ÚS 615/06-1 in which the Court formulated and interpreted necessary conditions for allowing the interception. See also Interception of electronic communications in the Polčák et al. (2016) and Wagnerová (2012).
39.
Ibidem, para. 15.
40.
For example, see Šámal (2013).
41.
Section 2 letter h) of the Act no. 127/2005 Sb., on electronic communications.
42.
Opinion No. 1/2018 of the Supreme Public Prosecutors Office elaborated more on the necessary requirements of interception request. It focuses heavily on the required argumentation of the request, so it cannot be too general or blank. See in Czech online: http://www.nsz.cz/images/stories/PDF/Stanoviska_Proces/2018/1_SL_719-2017.pdf.
43.
Unit for Special Activities of Criminal Police and Investigation is a Police division divisions with a countrywide authority which assists other police divisions as well as other authorities like e.g. Customs service. It conducts all interception and surveillance operations.
44.
Section 88 subsection 1 of the Act no. 141/1961 Sb., the Code of Criminal Procedure. See commentary in Czech Šámal (2013), pp. 1192–1206.
45.
For example, in Czech see Vantuch, 2008, no. 10, p. 29.
46.
Para. 25 of the decision no. I. ÚS 1638/14. Provided excerpt translated by the authors. This approach was followed later by Opinion No. 1/2018 of the Supreme Public Prosecutors Office. See in Czech online: http://www.nsz.cz/images/stories/PDF/Stanoviska_Proces/2018/1_SL_719-2017.pdf.
47.
Section 88 subsection 8 of the Act no. 141/1961 Sb., the Code of Criminal Procedure.
48.
See in Czech: Opinion No. 1/2018 of the Supreme Public Prosecutors Office, online: http://www.nsz.cz/images/stories/PDF/Stanoviska_Proces/2018/1_SL_719-2017.pdf.
49.
See Section 88 subsection 9 of the Act no. 141/1961 Sb., the Code of Criminal Procedure.
50.
Section 88 subsection 8 of the Act no. 141/1961 Sb., the Code of Criminal Procedure.
51.
See Section 88 subsection 5 of the Act no. 141/1961 Sb., the Code of Criminal Procedure.
52.
Section 45 of the General Instruction of the Supreme Public Prosecutor no. 8/2009, on criminal proceedings.
53.
Decision of the Constitutional Court No. Pl. ÚS 24/10, 94/2011 Sb., N 52/60 SbNU 625. English translation available at http://www.usoud.cz/en/decisions/?tx_ttnews%5Btt_news%5D=40&cHash=c574142df486769e0b435954fead08c3.
54.
See Myška (2013), pp. 267–285.
55.
See in Czech: Šámal (2013), pp. 1222–1237.
56.
The problematic of data retention and use of traffic and location data is in detail elaborated in Interception of electronic communications in the Polčák et al. (2016), pp. 83–88.
57.
Section 8 subsection 1 letter b of both acts. This is considered as intelligence technology.
58.
Section 8 subsection 2 letter d of both acts. This is not considered as intelligence technology.
59.
The same wording has section 8a of act No. 154/1994 Sb. on the Security Information Service.
60.
For more information see Interception of electronic communications in the Polčák et al. (2016), pp. 19 and 95–101.
61.
Section 9 subsection 3 of the act No. 181/2014 Sb., on Cybersecurity. The relationship of data protection and cybersecurity was in analysed in e.g. Harašta and Míšek (2015), pp. 21–42 (in Czech). For more information on Czech legislative approach to cybersecurity see (in Czech) e.g. Polčák 2015, pp. 95–149.

References

Chudomelová Z, Beran M, Jadrný V, Němečková Š, Novák J (2016) Zákon o elektronických komunikacích: Komentář. Wolters Kluwer, Praha
Google Scholar
Harašta J, Míšek J (2015) IP adresy v kybernetické bezpečnosti. Revue pro právo a technologie 6(12):21–42
Google Scholar
Hlaváčová K, Chorvát O (2016) Přístup orgánů činných v trestním řízení k datům uloženým v cloudu. Revue pro právo a technologie 7(14):3–24
Google Scholar
Kahle B, Vysokajov M, Hůrka P, Randlová N, Doležílek J (2015) Zákoník práce: Komentář. 5. Aktualizovanévydání. Wolters Kluwer, Praha
Google Scholar
Maisner M (2016) Zákon o některých službách informační společnosti: Komentář. C.H. Beck, Praha
Google Scholar
Maisner M, Vlachová B (2015) Zákon o kybernetické bezpečnosti: Komentář. Wolters Kluwer, Praha
Google Scholar
Myška M (2013) Data retention in Czech Republic: past, present and future. Masaryk Univ J Law Technol 7(2):267–285
Google Scholar
Polčák R (2015) Kybernetická bezpečnost jako aktuální fenomén českého práva. Revue pro právo a technologie. 6(11):95–149
Google Scholar
Polčák R et al (2015) Elektronické důkazy v trestní mřízení [online]. Masarykova Univerzita, Brno
Google Scholar
Polčák R et al (2016) Interception of electronic communications in the Czech Republic and Slovakia. Masaryk University, Brno
Google Scholar
Polčák R et al (2018) Právo informačních technologií. Wolters Kluwer, Praha
Google Scholar
Šámal P (2013) Trestní řád: Komentář. C. H. Beck, Praha. 4720 p
Google Scholar
Vantuch P (2008) Nová úprava odposlechu v trestním řádu od 1. 7. 2008. Bulletin advokacie, no. 10, p. 29
Google Scholar
Vlachová B (2016) Zákon o elektronických komunikacích: Komentář. C.H. Beck, Praha
Google Scholar
Wagnerová E et al (2012) Listi na základních práv a svobod: Komentář. Wolters Kluwer, Praha. 931 p
Google Scholar

Download references

Author information

Authors and Affiliations

Masaryk University, Faculty of Law, Institute of Law and Technology, Brno, Czech Republic
Radim Polčák, František Kasl & Jakub Míšek

Authors

Radim Polčák
View author publications
You can also search for this author in PubMed Google Scholar
František Kasl
View author publications
You can also search for this author in PubMed Google Scholar
Jakub Míšek
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Radim Polčák .

Editor information

Editors and Affiliations

Law School, University of Lisbon, Lisbon, Portugal
Dário Moura Vicente & Sofia de Vasconcelos Casimiro &

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Polčák, R., Kasl, F., Míšek, J. (2020). National Report: Czech Republic. In: Moura Vicente, D., de Vasconcelos Casimiro, S. (eds) Data Protection in the Internet. Ius Comparatum - Global Studies in Comparative Law, vol 38. Springer, Cham. https://doi.org/10.1007/978-3-030-28049-9_5

Download citation

DOI: https://doi.org/10.1007/978-3-030-28049-9_5
Published: 02 December 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-28048-2
Online ISBN: 978-3-030-28049-9
eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics