“According to my personal opinion I think that Albania has made some progress during these last years in the field of data protection. It’s absolutely necessary to emphasize the fact that this is a multiple sphere, which involves the cooperation of many key actors as: public, private, international, etc. We are all aware that technology today has changed the way how we see the world and how we behave. Considering the fact that all these new technologies are used by anyone it’s absolutely necessary to regulate this sector by putting rules and obligations. In Albania I want to mention the establishment of the Commissioner for Personal Data Protection (CPDP), which plays an important role to protect personal data in the Republic of Albania.
An important role has performed by this institution to raise awareness at persons for the importance of data protection. I want to emphasize the fact that during working for this paper I have been considerable been referred to the 2012-2013 Strategy of Albanian Commissioner’s Office for Personal Data Protection, which address the main issues of data management and protection in Albania.
Vision of the 2012-2012 CPDP Strategy is to make Albania a safe place, where the law is applied and personal data protection is under control. 1. The controllers who collect and process personal data are responsible for performing this task in a safe and righteous way all data protection is under control. 2. The controllers provide to the subjects the right to access their personal data. 3. The subjects understand how their personal data are processed and are aware that they can take measures to protect their data from misprocessing.
Priorities: The strategic goals can be summarized as follows: 1. Improving personal data protection; 2. Reducing the threats to personal data processing; 3. Monitoring and inspecting the application of the law by public and non-public controllers; 4. Identifying the needs for intervention.
Policy and effects:
- Excessive and irrelevant.
- Stored for a longer time than the purpose for which they were collected.
- Disclosed to persons not entitled to have them.
- Used wrongfully and in violation of the law for other purposes.
- Not stored securely.
1. Direct communication:
a) Direct communication with the public (Personal data subjects);
b) Ongoing communication with the media;
c) Organizing a quarterly press conference at the premises of the Commissioner for Personal Data Protection;
d) Participating in different television programs;
e) Giving interviews for different media interested in specific issues on personal data protection;
f) Participating in meetings, workshops and other activities organized by different Albanian media forums and making public specific attitudes and opinions of the Commissioner’s Office for Personal Data Protection;
g) Training students of the Department of Journalism and other media employees in the field of personal data protection;
h) Ongoing monitoring of the press regarding potential violations of the Law “On personal data protection”.
2. Enhancing the notification and registration process:
a) Ongoing identification of the private and public controlling subjects;
b) Legal review and evaluation of data processing according to the statements in the Notification Form;
c) Registering the controllers’ notification in the Central Register;
d) Organization and further conduction of awareness raising activities for the controllers
Albanian Commissioner’s Office for Personal Data Protection aim to achieve in its Strategy 2012-2013 the following goals:
- The approval of legal amendments to the Law “On personal data protection”;
- Ongoing development of the domestic legal framework aiming the best international practices;
- Other collaboration agreements with the universities, Prosecution Office, counterpart institutions, etc;
- Close collaboration with IPA-2009 project;
- Training controllers on the new amendments to the law, after their approval;
- Trainings mainly for legal departments of state institutions;
- Launching draft acts in round tables before their approval by the Commissioner;
- Promoting any approved new act through leaflets or awareness raising guidelines;
- Close collaboration between the departments of the institution;
- Collaboration with foreign authorities to exchange mutual experiences.
Addressing complaints and monitoring:
a) Addressing complaints;
b) Administrative control and inspection;
c) Plan-based control;
d) Notification-based control
I. Whether the status of the processing for a specific controller is as reflected on the Register;
II. Whether the controller has updated the information and does not process data in violation of the processing status that has been registered;
III. Whether the Commissioner’s Office, upon notification, should verify with the controller the sensitive data processing, processing through CCTVs, biometric data processing and international transfers.
– Complaints-based inspection;
– Inspection on the applicability of the Recommendations, Orders and Decisions of the Commissioner
Basic legislation on data protection: Albania’s first law for the protection of personal data is that of 1999, Law No. 8517, dated 22.07.1999 “On protection of personal data”, which found no effect.
The basic legislation of this Institution is:
- Law “On Personal Data Protection” No.9887, dated 10 March 2008
- Decision No. 934, dated 2.9.2009 on Determination of States with adequate level of protection of personal data.
- Decision no. 1232, dated 11.12.2009 on Determination of cases for exemption from the obligation of notification of processed personal data.” – Mirsada Hallunaj – Tirana, Albania