Due to the misuse or illegal use of a unique identification number and for the protection of personal data of citizens, Bosnia and Herzegovina (BiH) will have to pass a law at the state level in order to join the EU that will introduce a unique identification number, such as the OIB in Croatia. A Personal Identification Number (OIB), a unique identifier for citizens and businesses, will be adopted for political and technical reasons, despite warnings that the Agency for the Protection of Personal Data has repeatedly in its reports.
Unlike the previous unique ID number (JMBG), which consists of 13 digits or the number of companies, which contains seven digits, the OIB would, like in Croatia, contain 11 digits, the 10 digits that come by random selection and one that serves as a control number. EU requirements, as well as international regulations, require the protection of citizen’s personal data and the introduction of a unified state-level identification that limits the number of digits in the identification number to 12.
The basic reasons for leaving the JMBG, as a legacy from the former Yugoslavia, lies in the fact that it also contains data that jeopardize the privacy of citizens, such as the date of birth, sex and nationality, and the law was once proclaimed a secret, so it cannot be used for the exchange of data. In 2011, the Agency for the Protection of Personal Data initiated amendments to the Law on JMBG, so that the processing of this data can only be prescribed by a special law and not a lower legal act.
“The law has been changed, the situation has improved, but there remains a problem that can’t be solved by amendments to the law. The main problem is its structure, on the one hand, and a growing legitimate need for processing one number on the basis of which the physical entity can be uniquely identified,” the Agency’s report states.
It is noted that the introduction of a unique identifier of a different structure would be a better solution than the current one that represents a unique registry number. The neutral structure of a unique identifier from the point of privacy is acceptable. The introduction of a new neutral identifier would disable the inherited practice of using a unique identification number without real need, thus avoiding the risk of its misuse.
They also mention the EP and Council guidelines on the protection of individuals in the automatic processing of personal data and the free flow of such data, which states that “member states shall determine the conditions under which a national identification number or any other general identification code may be processed”. Vecernjak has already written that telecommunications operators, banks, microcredit organizations, insurance companies, companies where workers receive salaries, tax administration offices and courts violate the Law on Personal Data Protection since they require citizens and their clients, when signing a service contract to provide JMBG and, in many cases, a copy of the identity card.
As noted in the annual report by the Agency for the Protection of Personal Data of BiH, the mentioned legal entities or telecommunications operators, according to the latest regulations, do not need to take from the citizens a unique registration number of the identity card of the ID because they are not important elements of the contract. According to them, it is enough to perform only the identification of the users of services by inspecting the identity card, and all other procedures fall into the category of violations of the Law on Personal Data Protection.