The Helsinki Committee for Human Rights organized an open discussion forum on greater internet freedoms and digital rights with two participants representing the Metamorphosis Foundation, Vesna Radinovska and Marijana Jancheska. The event took place on December 20, 2022, at the socio-cultural center Komitet.
The representatives of the Metamorphosis Foundation took part in the panel discussion on the state of digital rights protection and internet freedoms. Marijana Jancheska spoke about the platform www.digitalfirstaid.mk.
Digital First Aid is a product of the collaboration between RaReNet (https://www.rarenet.org/) and CiviCERT. The Macedonian and Albanian versions of this product were created with the support of the Information Safety & Capacity (ISC) Project.
The Rapid Response Network is an international rapid response network and a digital security champion including the EFF, Global Voices, Hivos & the Digital Defenders Partnership, Front Line Defenders, Internews, Freedom House, Access Now, Virtual Road, CIRCL, Open Technology Fund, Greenhost, as well as individual security experts working in the field of digital security and rapid response.
Digital First Aid is a free resource that will assist people providing aid in emergency situations, digital security trainers, and activists with technical expertise to protect themselves better and the communities they support against the most common types of digital problems. It can also be used by activists, human rights defenders, bloggers, journalists, or media activists who want to learn how to protect themselves and how to help others.
Vesna Radinovska spoke about the project ” Privacy by Design – building an inclusive digital ecosystem” supported by the European Union in the framework of which an analysis of the available digital public services was conducted, as well as an assessment of whether and how much their delivery aligns with the Law on Personal Data Protection. Although this research was focused on the public sector and public services, most of the recommendations that resulted from it are applicable to businesses and even to civil society organizations that provide digital services. These recommendations can also be used as a guideline for the users of the services, i.e., the citizens, to assess whether and to what extent the service they use contains information about the protection of their personal data.
The providers of electronic services should:
- Provide clear information about the registration process, the categories of the personal data that are required to create a user profile at the minimum, so that the subjects/users are informed about the processing of their personal data before they start creating their user profile. Additionally, consent for processing personal data required to register a user profile should be added as a mandatory field during the registration, as well as information on how the user can withdraw the consent they had previously given.
- Conduct an analysis of the cases in which they hired a processor (for example, a company that maintains the software, a company that provides delivery, and so on). The information on whether the personal data of citizens are processed by another legal entity or shared with other users during the provision of the digital service must be disclosed.
- Appoint a data protection officer. All state administration bodies and a large part of the private companies are obliged to appoint a data protection officer, while the information about the officer should be published on the webpages. The institutions must publish the contact details, i.e., the address and phone number of the data protection officer so that direct communication with the citizens on all matters related to personal data protection can be provided. They should strengthen the role of the data protection officer and create conditions enabling the officer to perform their role smoothly. The opinion of the data protection officer is crucial in all working processes where personal data processing is carried out, especially in those introducing brand new services or processes.
- To include information on their webpages and in their privacy policies about how they adhere to the principles of confidentiality, integrity, and availability of personal data, as well as the measures they take to ensure the security of personal data which is necessary for the provision of digital services.
- To establish procedures for exercising the rights of personal data subjects when using digital services, to define and publish forms for submitting requests for the exercise of rights, and to include all applicable rights for each digital service separately.
- To implement mandatory security protocols on their webpages, as well as on the individual pages where the digital services or tools for citizens are available.
- To analyze the acts they have adopted in accordance with the old Law on Personal Data Protection, to conduct a risk analysis, and to adopt the internal acts that are necessary to align their operations with the provisions of the new Law on Personal Data Protection.
The event provided an excellent opportunity for the public to find out more about the importance of digital rights and freedoms and the activities that can be carried out to protect them.