Cyber Law at Croatia
Cyber law in Croatia is well-established, with the country having adopted various legal frameworks to address the growing challenges of cybercrime, data protection, and online activities. As a European Union (EU) member state, Croatia aligns its laws with EU regulations, including data protection and cybersecurity. Here's an overview of cyber law in Croatia:
🔐 1. Key Legal Frameworks in Croatia Related to Cyber Law
a) The Cybersecurity Act (2013)
Croatia’s Cybersecurity Act (2013) outlines the country's approach to cybersecurity. It was designed to ensure the protection of critical infrastructure, networks, and services from cyber threats.
The act is aligned with the EU Directive 2016/1148 (NIS Directive), which sets common cybersecurity standards across the EU.
Critical infrastructure operators must implement cybersecurity measures, and the government is tasked with coordinating national efforts to enhance cybersecurity.
The law also outlines responsibilities for public authorities and mandates the creation of a National CERT (Computer Emergency Response Team) to monitor and respond to incidents.
b) Personal Data Protection Act (2018)
Croatia's Personal Data Protection Act (PDPA), which came into force in 2018, is aligned with the General Data Protection Regulation (GDPR) of the EU.
The Act regulates how personal data should be handled, including the collection, processing, and storage of data. It grants individuals the right to:
Access their personal data.
Correct inaccurate information.
Erasure (right to be forgotten).
Object to data processing.
Croatia's Personal Data Protection Agency (AZOP) is responsible for ensuring compliance with the data protection laws.
c) Criminal Code (1997, amended in 2021)
Croatia's Criminal Code includes provisions dealing with cybercrimes such as:
Hacking (unauthorized access to systems).
Data breaches and dissemination of malware.
Identity theft and fraud.
Recent amendments in 2021 introduced additional provisions to better tackle cybercrimes in line with the EU’s evolving stance on cybersecurity and digital privacy.
d) Electronic Communications Act (2003, amended in 2019)
This law regulates telecommunications and internet services in Croatia.
It includes provisions for network security, privacy protection, and interception of communications in compliance with EU directives.
The law also governs internet service providers (ISPs) and the rules for handling personal data in telecommunications.
e) e-Commerce Law (2003, amended in 2013)
The e-Commerce Law regulates online business activities in Croatia, including online contracts, consumer protection, and electronic signatures.
It is aligned with the EU e-Commerce Directive and facilitates the development of digital commerce and e-businesses by ensuring clear rules for operating online services.
🏛️ Key Institutions Involved in Cyber Law
Croatian Regulatory Authority for Network and Information Security (RUNAIS): This authority is responsible for overseeing cybersecurity in Croatia, in line with national and EU directives. It works with both public and private sectors to strengthen the national cybersecurity framework.
Personal Data Protection Agency (AZOP): AZOP supervises compliance with data protection laws, ensuring that organizations respect individuals’ privacy rights and data security.
CERT.hr (Croatian Computer Emergency Response Team): CERT.hr is the national CERT, which responds to cybersecurity incidents, helps secure critical infrastructure, and promotes awareness of cyber threats.
Ministry of the Interior: This ministry is involved in investigating cybercrime and ensuring law enforcement agencies are equipped to handle digital crimes.
🛡️ Cybercrime in Croatia
Cybercrime in Croatia is addressed under the Criminal Code, and authorities focus on combating digital fraud, data breaches, hacking, and other internet-related crimes.
The Criminal Code includes provisions for illegal access to systems and unauthorized interception of communications, as well as penalties for cybercrimes that cause significant damage.
Croatia also participates in international cooperation to combat cybercrime, such as through INTERPOL and EUROPOL, and it follows EU guidelines for prosecuting cybercriminals.
There has been a rise in cases of ransomware, phishing, and identity theft, with both governmental and private sectors working to mitigate these risks.
🌍 International Cooperation and EU Alignment
EU Membership: As a member of the European Union, Croatia is bound by EU directives related to cybersecurity, data protection, and electronic commerce. It adheres to the EU Cybersecurity Act and participates in EU-wide initiatives on cybercrime and data protection.
Croatia is also a signatory of the Budapest Convention on Cybercrime, which promotes international cooperation in combating cybercrime across borders.
The country is actively involved in EU Cybersecurity Policy and follows EU regulations to ensure strong data protection and network security.
⚖️ Challenges and Developments
Cybersecurity Threats: As in many other EU nations, Croatia faces growing cybersecurity threats, including ransomware attacks, phishing, and data breaches. The government has invested in improving cybersecurity infrastructure and incident response mechanisms, but the threat landscape continues to evolve.
GDPR Compliance: Since Croatia adopted the GDPR in 2018, businesses and public authorities have faced challenges in ensuring full compliance with data protection rules. The Personal Data Protection Agency (AZOP) enforces these regulations, issuing penalties for violations.
Digital Infrastructure: Croatia is also focusing on improving the security of its critical national infrastructure and expanding its cyber resilience. There is increasing attention to securing sectors like banking, telecommunications, and public administration.
Public Awareness: As cyber threats continue to rise, public awareness campaigns and educational programs are becoming more important in helping individuals and organizations recognize and mitigate online risks.
🌐 Recent Developments
Ransomware Attacks: Croatia has been affected by ransomware attacks targeting public institutions and businesses, pushing the government to strengthen its cybersecurity defense and response strategies.
Cybersecurity National Strategy: Croatia continues to update its national cybersecurity strategy to improve its digital infrastructure’s protection, promote cybersecurity awareness, and enhance cooperation between public and private sectors.
Data Protection: There is ongoing work to ensure that businesses and organizations continue to meet the requirements of the GDPR, and Croatia's Personal Data Protection Agency (AZOP) remains active in overseeing compliance.
Conclusion
Croatia’s cyber law framework aligns closely with EU standards, especially concerning cybersecurity and data protection. While Croatia has made significant progress in establishing laws and institutions to address cybercrime and protect personal data, challenges such as cyberattacks and evolving digital threats continue to shape the legal landscape. The country’s membership in the EU helps ensure its cyber policies are in sync with broader European and international efforts.
RELATED Blog
0 comments