Greater Internet Freedom Serbia

In October 2022, we embarked on a 10-month journey to advance
digital freedoms in Serbia. Our GIF Serbia project aimed to
prevent technology-enabled human rights abuses and strengthen
the protection of digital rights within technology and data laws
and regulations.

We produced a number of reports and capacity-building
materials, held events and trainings for activists, CSOs, and
public administration, supported advocacy interventions, and
reached an astonishing number of citizens, all aimed at
strengthening the infrastructure that upholds human rights in
the digital space.

How did we do it?

Our partnerships

Results we achieved

Our numbers

Our success story

Serbian government initiatives sparked concerns about the impact on digital freedoms and human rights. Issues like misinformation, privacy invasion, and the surge in biometric surveillance demanded urgent action. Moreover,the lack of oversight and public discussion on these technologies hindered proper responses to the misuse of personal data by state authorities.

The GIF Serbia was primarily focused on preventing technology-enabled human rights abuses. To achieve this, we aimed to increase coordination,collaboration, and communication among various stakeholders. By bringing together diverse groups and experts, we worked toward a common understanding and action against the misuse of technology in infringing upon human rights.

A key aspect of our initiative was to reinforce technology and data laws and regulations, ensuring that they robustly protect human rights. We recognized the need for legal frameworks that are not only up-to-date with the latest technological advancements but also provide solid safeguards against their potential abuse.

The overall goal of the GIF Serbia project was to foster a greater respect for,and enjoyment of, citizens’ rights to privacy, association, and freedom of expression, among others. We strived to create an environment where digital rights are understood as an extension of human rights, essential to the full participation of citizens in a modern, democratic society. Through our concerted efforts, we aimed to enhance the protection and appreciation of these fundamental rights.

Our partnerships

A 11 Initiative

A 11 Initiative for Economic and Social Rights was involved in monitoring human rights violations related to the implementation of the Law on Social Cards in Serbia. It initiated a series of advocacy efforts in the areas of algorithm transparency and decision-making automation, personal data protection, discrimination, and social protection.

(ANTI)SOCIAL CARDS story

Successful appeals against decisions to terminate social assistance, based on the data provided by the Social Card Register.

In March 2022, the implementation of the Law on the Social Card started, introducing a new state register: the Social Card information system. Touted as a solution to the chronic problems in the social protection system, it aimed to ensure fairer distribution of social assistance and enhance the efficiency of Centers for Social Work. The system automated decision-making processes in these Centers, utilizing an algorithm to compile personal data of social assistance beneficiaries and design their social cards.

Consequently, decisions regarding social assistance eligibility were left to computers. However, the algorithm could not discern complex social nuances, like understanding if a family of seven could subsist on 14,000 dinars of social assistance or recognizing that earning extra income through collecting cardboard or bottles was a sign of social distress, not a stable source of income.

“People lose their social assistance based on a notification stating they have an income exceeding 10,385 dinars, that they had a car registered at some unknown time, or that they earned some unspecified income. Based on this notification, an employee at the Center for Social Work makes a decision to terminate the right, later informs the recipient, and checks the income or other reasons for the termination. Even if a social worker wishes to find a solution that goes beyond what the notification states, they are unable to do so. It is not the beginning of a dystopian sci-fi story; it is the reality in digital Serbia where the Social Card system has become operational.”

Ana Toskic Cvetinovic, Partners Serbia, Executive Director

This system flaw impacted individuals like Petar, Marija, and Senka, social assistance recipients from Vojvodina. In late summer, they engaged in seasonal fruit-picking work, earning about 2,000 dinars daily for roughly 10 days. By December, they received notices from the Center for Social Work slashing their financial support by 80 percent, without explanation. With assistance from the A 11 Initiative and after inquiring at three state authorities, they learned that their reduced social assistance was due to their seasonal earnings. A 11 addressed a letter to the Ministry of Labour, Employment, Veterans, and Social Affairs, highlighting this decision’s inconsistency with the Law on Seasonal Workers.

Consequently, the Minister amended the Rulebook on Forms in the Procedure for Exercising the Right to Financial Social Assistance, exempting this type of income from affecting the right to financial support.

Since the law’s implementation, over 10 percent of beneficiaries were removed from Serbia’s social protection system. Notably, this reduction didn’t correspond with a similar decrease in poverty levels. The Social Cards system thus represents a blatant example of technology-enabled human rights abuse.

BCSP

The Belgrade Centre for Security Policy conducted research on Serbia’s digital surveillance infrastructure, engaging in raising awareness, public advocacy, and educating activists, human rights defenders, and whistleblowers to better protect them from digital surveillance.

IMPROVING PRIVACY story

BCSP designed and implemented a training program on digital hygiene, emphasizing digital surveillance tools used by state actors, and shared tips and tricks for protection in both digital and physical spaces during public gatherings.

Thirty-eight activists, journalists, and researchers learned about these tools, their potential to endanger human rights, and strategies for self-protection in digital and physical environments.

Discussions also covered the broad-scale threats of digital surveillance to individual rights and privacy, and the specific targeting or impact on certain groups. The training highlighted the legal and institutional mechanisms available to Serbian citizens for defending their rights.

“Public pressure raised the bar for introduction of advanced technology, but that did not stop the police from acquiring the Swedish Griffeye face recognition software, and restarting public consultations to fine-tune the new Internal Affairs Act. Cybersecurity experts highlight that the alarming number of intrusive software and big data tools require transparent regulations of such systems to ensure the
protection of fundamental human rights.”

Balkan Insight, Maja Bjelos,
Senior Researcher of the Belgrade Centre for Security Policy.

Activists shared experiences where police were informed about meetings planned within a tight circle of trusted colleagues, a situation that could undermine trust among activists. One participant noted, “The training introduced me to protection tools in the digital space and their usage.

These tools’ usefulness extends beyond the digital realm, empowering activists to plan activities, such as gatherings or initiatives, with greater confidence.”

The trainings, facilitated by experts on digital surveillance and human rights from SHARE and Partners Serbia, demonstrated the strong relationship and collaboration between the partners in the GIF Serbia project.

BIRN

The Balkan Investigative Reporting Network produced and published a series of media content on Balkan Insight, based on an analysis of the data landscape, personal data protection laws, and the conformity of Serbia’s regulations with the European legal and regulatory framework.

FOR THE RIGHT PRICE story

In culmination of months of extensive research, journalist Igor Ispanovic published an investigative story titled ‘For the Right Price’: Email credentials from Serbian state bodies sold online. Serbian state bodies and public enterprises appeared to be turning a blind eye to a growing threat. Cybersecurity experts pointed to a disturbing trend: the email credentials of employees were reportedly up for sale on the dark net.

Multiple sources reported this alarming issue, indicating that sensitive information from public enterprises like Elektroprivreda Srbije [Serbia’s power utility] and Srbijagas [main gas distributor] was potentially compromised.

The investigation revealed that email credentials from multiple institutions had been exposed for over a year, offered for a mere $100 or less. Compromised accounts rendered a wealth of confidential information, including contracts, financial statements, public procurement plans, and other sensitive information, vulnerable.

“This means that someone, for the right price, was able to read through the official communication of the public enterprise Elektroprivreda Srbije or Srbijagas, or send a message pretending to be from the National Employment Service.”

Ivan Markovic, a cybersecurity expert and co-founder of the online forum ‘Bezbedan Balkan’ [Secure Balkans]

A ray of hope emerged from the Commissioner for Information of Public Importance and Personal Data Protection, who initiated a review of Elektroprivreda’s information security protocols.

Yet, despite these efforts, a cloud of denial hung over the entire narrative, which is a perfect example of how institutions mismanage the personal data of not only their employees but also of citizens.

This story revealed not only the urgency to strengthen cybersecurity measures but also the need for a shift in mindset—from denial to a proactive approach.

IDEAS

The Center for Research and Social Development engaged with the issue of how modern technologies are used in controlling entry and exit points to and from the Republic of Serbia, and to what extent this modern technology has contributed to harmful practices, implying human rights violations at the border.

TECHNOLOGY IS A DOUBLE-HEDGE SWORD story

The adequate and lawful use of technology in border control can save lives and uphold human rights, while its misuse can easily intensify harmful practices based on severe human rights violations. Technology acts as a double-edged sword.

In discussions about borders, terms like “control” and “defense” are often used more frequently than references to human rights. The conclusion is clear: it is necessary to establish a balance between human rights and the desire to “defend” borders. Surprisingly, security is most effectively maintained by respecting human rights. Almost everyone today has heard of biometric data, but how many can truly define what it means or, more importantly, for what purposes it is used?

IDEAS gathered more than 30 participants from relevant entities, most notably from UNHCR, IOM, Klikaktiv and the Ombudsman leading to the first ever discussion on the topic of modern technologies and human rights at borders.

The IDEAS team conducted comprehensive research on the use of modern technology in border control and its consequences on the human rights of refugees, asylum seekers, and migrants at Western-Balkan and External EU Borders.

The findings, presented in the publication “(Miss)Use of Modern Technology and its Consequences on Human Rights of Refugees, Asylum Seekers, and Migrants at Western-Balkan and External EU Borders,” mark it as the first of its kind to indicate that increased use of technology has led to an increase in human rights violations.

The authors of this analysis aim to illustrate how, for instance, drones or thermal-vision cameras may simultaneously save the lives of people irregularly crossing European borders and facilitate harmful border practices.

Partners Serbia

Partners for Democratic Change Serbia, analyzed relevant regulations to assess their suitability for addressing existing and future threats to digital rights. They drafted legislative proposals aimed at enhancing privacy protection in Serbia and implemented a series of advocacy activities to increase scrutiny over the implementation of the digital privacy-related legal framework.

PRIVACY WEEK story

Since 2021, Partners for Democratic Change Serbia has organized a Privacy Week together with the Commissioner for Access to Information of Public Importance and Personal Data Protection to mark Data Protection Day.

The timing of this year’s Privacy Week coincided with Serbia’s ongoing efforts to develop and implement several initiatives that may significantly affect citizens’ right to privacy, such as the legalization of biometric surveillance, the usage of a social card system, and further digitization of public services.

Privacy Week served as a valuable platform for all relevant stakeholders to discuss and exchange ideas on how to ensure the protection of personal data in the face of rapidly evolving technologies and societal needs, and to increase public understanding of the variety of issues citizens face regarding privacy, defending the right to privacy, and related threats.

Seventy-five participants were present at the event; 2,225 YouTube views were registered for the entire event representing institutions, businesses, non-profits, privacy professionals and media. All recordings from the Privacy Week sessions are permanently available on Partners Serbia YouTube Channel.

The GIF Serbia organized a workshop titled ‘Simulation of Responding to Information Security Incidents Involving Compromise of Personal Data,’ where participants learned about the necessary steps to respond to information security incidents through active participation in a hypothetical incident inspired by real-life cases.

Partners Serbia submitted a set of proposals for the first draft of the National Strategy on Personal Data Protection to a respective government-led working group and developed the methodology on legislative impact assessment, which was presented at this year’s Privacy Week.

Over the years, Privacy Week has become a valuable platform for all relevant stakeholders to discuss and exchange ideas on how to ensure the protection of personal data amidst rapidly evolving technologies and societal needs.

SHARE Foundation

The SHARE Foundation monitored digital rights violations through periodic monitoring reports, issued a position paper on the legislative process regarding biometric surveillance in public spaces, and further focused on enhancing the digital capacity of civil society activists as well as on building the resilience of vulnerable online media and CSOs.

CERT story

New technologies transform the world and offer benefits for society and citizens, yet alongside technological advancement arise new, increasingly dangerous, and demanding security challenges.

Online and civil society media, as well as other entities targeted by attacks and various types of incidents in the ICT system, often are unsure whether to report these to the competent authorities.

There exists a certain mistrust in the functioning of the digital security system, as well as fear that publicly releasing this information could negatively impact their reputation and business.

The first Special Computer Emergency Response Team, SHARE CERT, for online media and civil society in Serbia, was established in April 2017.

SHARE CERT monitors and analyzes security threats in the online and citizen media infrastructure in Serbia, provides assistance in identifying and preventing threats, empowers actors to adequately respond to attacks, offers legal assistance in processing cyber incidents, maintains communication with relevant institutions, and more.

The SHARE Cyber Intimacy Toolkit offers victims tools to protect themselves and report sensitive personal content. It is an educational and support online tool that provides practical instructions on how to take action if one decides not to remain silent after being cyberbullied or a victim of revenge pornography.

With the support of GIF Serbia, SHARE engaged with previously mapped online media and civil society organizations, focusing on increasing their digital capacities and resilience building.

Two journalists’ associations, a regional human rights organization, two women’s rights organizations, and an organization focused on economic and social rights learned how to respond to cyber incidents, better manage their digital assets, and align internal security processes with general organizational workflows.

SHARE also provided pro bono aid in nine cases related to personal data breaches, server breaches, and organizations’ inability to control their accounts due to hackers’ attacks.

Each incident report is important because it allows for the monitoring of trends in digital security, helps prevent new forms of security threats, and fosters an efficient reaction when threats occur.

YUCOM

The Lawyers’ Committee for Human Rights conducted an analysis of the legal framework and the practice of freedom of peaceful assembly in Serbia, with an emphasis on online assemblies. They delivered their recommendations for incorporating human rights protection measures related to personal data and privacy into Serbian legislation.

UNITING IN TRAGEDY story

In response to a series of devastating mass shootings in early May, which claimed 18 lives, Belgrade has become the backdrop for a determined protest movement known as “Serbia against violence.”

Emerging from shared sorrow and a call for change, the movement has grown into a forceful presence, bringing together diverse individuals to demand justice and an end to violence. Amid this tragedy, a collective resolve took root – the determination to transform grief into action.

The “Serbia against violence” movement, comprising individuals from various walks of life, gained momentum. Originating from a shared sense of loss and a unified aspiration to break the cycle of violence, the movement manifested in a series of impassioned protests that have captured the city’s attention and reverberated throughout the nation. Despite the movement’s growth, it has faced its share of challenges, including legal hurdles and charges against its organizers and participants.

“Deepfakes and AI challenge our ability to distinguish reality from manipulation. Using deepfake technology, it is possible to discredit protest organizers or participants by creating false evidence of violence, hate speech, or other illegal activities. This technology can portray peaceful protesters as violent, thereby justifying a harsh police response or the imposition of restrictive measures.”

Weekly NIN “When the truth is in question” by Milan Filipović, YUCOM Director of Research

Timely support arrived in the form of a “Guide for Public Assembly,” a practical tool developed through the GIF Serbia project. Amid legal complexities and resistance, the guide offered practical insights and procedural guidance for both protesters and organizers.

This resource, meticulously crafted through research and dedication, has empowered the movement with essential knowledge to navigate the intricate landscape of peaceful, digitally mediated assembly.

“Serbia against violence” is not merely a series of protests; it embodies a community’s unwavering demand for change. As the protests persist, Belgrade stands as a living testament to the enduring human spirit – one that refuses to be silenced by tragedy and refuses to bow down in the face of adversity. It is a testament to the strength of a community united in the demand for change.

CSO activists educated on digital rights topics and digital safety techniques, including the staff of the Office of the Commissioner for the Protection of Equality.

events and trainings organized by the partners on Internet freedom issues, such as privacy and personal data protection, biometrics, artificial intelligence, digital justice, and use of modern technologies’ impact on human rights.

reports published by partners on digital surveillance infrastructure, current digital rights violations, and the consequences of using modern technologies on the human rights of refugees, migrants, and asylum seekers, the right to peaceful assembly, and the application of biometric surveillance.

capacity-building materials created and disseminated materials on digital rights, digital surveillance, algorithm transparency, and personal data protection, along with analyses of the impact of modern technologies on human rights in border control.

431036

people reached through online campaigns, op-eds, articles, videos, podcasts, and newsletters.

advocacy interventions undertaken focusing on changing intrusive legislation.

Our fight for privacy

The GIF Serbia partners dedicated significant efforts to monitoring internet freedom in Serbia. A new Draft Law on Internal Affairs, presented in December 2022, envisaged the possibility of mass biometric surveillance of citizens on the streets and a system for gathering and storing collected data.

The most controversial provisions related to strong political influence in the police’s work, the authorization for police officials to enter citizens’ apartments without a court order, massive use of biometric surveillance, and other solutions that could be dangerous for the human rights and privacy of citizens.

Shared concerns about a potentially permanent threat to the right to privacy, considering the history of violations and misuse of personal data in Serbia, particularly in the realms of freedom of assembly and expression, united GIF Serbia partners in prompt joint advocacy.

“Such a solution should not be found in the final version of the draft because of the consequences it could have on human rights and freedoms. Serbia as a society is not ready for such a system because of all the failures we had in the past in terms of data protection.”

Daily Danas, Ana Toskic Cvetinovic, Partners Serbia, Executive Director

The response was loud, swift, and effective: within 16 days, 6 partner organizations had more than 92 media appearances, covering various formats (news agencies, TV, radio, podcasts, portals). These reached a wide range of audiences at national, regional, and EU levels, organizing press conferences and meetings with members of Parliament and Government, and above all, presenting a united stance for the protection of privacy and human rights.

On December 26, 2022, the Government published a statement saying that the Prime Minister of Serbia, in consultation and agreement with the Minister of Internal Affairs, decided to withdraw the Draft Law on Internal Affairs from the adoption procedure. Had it not been for the efficient and coordinated efforts of the GIF Serbia partners, a law that severely limits human rights in Serbia would have been adopted.