The new Slovenian personal data protection act: Statutory limits to injunctive regulation of the internet

On 15 July 2004, the Slovenian Parliament passed a new Personal Data Protection Act (ZVOP-1).1 On 1 January 2005, ZVOP-1 replaced the old Personal Data Protection Act (ZVOP of 1999, as amended in 2001).2 The new Act introduces numerous novelties to the existing Slovenian data protection legislation and engages in further harmonisation with the EC Data Protection Directive.3 This article will focus on the new provisions of ZVOP-1 relating to online injunctive orders that may be issued by the national supervisory authority in charge of personal data protection. The provisions will be discussed in the context of EU laws dealing with data protection and information society services regulation. Furthermore, general arguments as to the need to restrict injunctive regulation of the Internet will be discussed. In addition, the relationship between 'general obligations to monitor' and 'specific' injunctive orders will be addressed.