The Level of the Conditions of Protection of Personal Data Has Been Estimated in Lithuania for the First Time


2022 02 22

Quality Working Spaces-1.png

The right to protection of personal data and the right to privacy are the main human rights set forth in such legal acts of Lithuania and Europe as the Constitution of the Republic of Lithuania, the Treaty on the Functioning of the European Union, the Charter of the Fundamental Rights of the European Union, the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data ETS No 108, the General Data Protection Regulation. Each European country following the principles of democracy also has an independent supervisory authority helping the society and organisations to promote respect to such rights. In order to determine the situation of Lithuania in relation to protection of personal data, the personal data protection supervisory authority, i.e. the State Data Protection Inspectorate (SDPI) had estimated the LEVEL OF PERSONAL DATA PROTECTION CONDITIONS for the first time. In 2021, it was equal to 60 %.

The level of personal data protection level (LPDPL) is the first composite indicator for assessing the personal data protection system in Lithuania. The target value of the indicator is 100% and it is determined in accordance with 10 questions included in the representative population survey carried out on an annual basis. The afore-mentioned questions cover the following four areas: (1) level of knowledge of the population about the GDPR, the SDPI and their rights, (2) trust in companies and institutions processing personal data, (3) activity of the population in case of facing possible breaches and (4) trust in the supervision system.

The questions and indicators included for determination of the LPDPL were selected on the basis of expert opinion, experience of similar Lithuanian and foreign surveys and taking into account the availability of data. The source of data of the LPDPL in 2021 was the population survey carried out on 18–28 of November 2021. During the investigation, 1,013 respondents from the whole Lithuania were surveyed.

The assessment of the residents’ answers to 10 questions suggests that in Lithuania the level of personal data protection conditions is 60 % of 100 %. The analysis suggests that assessment of the LPDPL depends on some demographic characteristics of the respondents. The conditions of data protection are best assessed by the top and middle level managers and the worst assessment is given by unemployed persons and pensioners. Furthermore, the LPDPL is higher among the group of residents with higher income and higher education.

As for assessment of individual questions in relation to the LPDPL, it is evident that the area which requires major attention is knowledge of the population. Although the GDPR is a widely known document in the society (74 % respondents have heard of the document), the residents are not confident in their knowledge about their rights in the area of protection of personal data (43 % of the respondents have agreed with the statement that they know their rights). Furthermore, the minority (18 % of the respondents) could spontaneously specify the name of the institution (except for courts) which would help to protect their rights in the area of protection of personal data. Despite the lack of knowledge, the absolute majority of the respondents (89 %) maintain that they would consider the possibility to search for additional information and/or address the infringer and/or lodge a complaint to the SDPI if, in their opinion, they would face improper processing of personal data.

As for assessment of the questions in relation to the LPDPL concerning trust, it is evident that slightly over a half of the surveyed residents trust that enterprises and institutions ensure their right to protection of personal data (55 % agreed with the statement). An even larger part considers that their employers meet the personal data protection requirements (64 %). The respondents have the lowest trust that other people are notified of their rights in the area of protection of personal data (47 % accepted the statement).

After all, as for the questions covered by the LPDPL in relation to the supervision system, it is obvious that a half of the surveyed residents believe that enterprises and institutions which fail to ensure proper protection of personal data will be identified (50 %) and punished (49 %). Slightly over a half of the respondents trust in the public authorities which supervise if other enterprises and institutions properly ensure protection of personal data (54 %).