Privacy concerns amid digitalization in the Western Balkans
The digitalization of public services has been among the priorities of Western Balkan countries. In the COVID-19 aftermath, it is even more evident that there is a need for digitalization in order to make the citizens, businesses, and societies as a whole more resilient and able to withstand external shocks and changes. Albania is the leading country in the region when it comes to the digitalization of public services. At the moment there are 1.225 e- services offered at the national platform e-Albania that are provided by 200 public administration institutions. In July 2022, there were 2.679.806 registered users, which is more than 90% of total population of Albania. Other countries of the region have a lot of work to reach these figures.
One of the challenges related to the development and use of e-services represents data privacy and data security. In the last year, the region experienced threats to the data privacy of citizens by different hacker attacks. In August 2022, hackers attacked the information network of the Government of Montenegro. The attacks in that country began on August 22nd, when access to the Government websites and emails, as well as other institutions such as the prosecutor’s office, courts, Cadaster, Customs Administration, and e-portals for citizens, was disabled. A series of cyberattacks happened to the Albanian institutions last summer, also. The first attack, which targeted the government server “Administrata”, took place in May. The second attack targeted the government portal e-Albania mentioned above, where citizens can log in using their ID or passport number and apply for official documents, schedule appointments, etc. The state institutions of Serbia have been the target of hacker attacks most recently on January 4th, 2023.
Parallel to these external threats, in previous years, the region experienced data leakages caused by institutions due to insufficient measures for the protection of personal data in process of digitalization services. For example, the username and password for accessing the Information System Covid-19 in Serbia were publicly available for eight days on the website of a health institution, which made it possible to access and download the personal data of citizens of Serbia.
Countries in our region, to the greatest extent, adopted the legal framework related to data privacy protection, but the implementation of laws is still not satisfactory. Problems are also related to other laws and bylaws that are not aligned with privacy data protection laws. Additionally, examples of data breaches show that public institutions do not follow procedures for the implementation of privacy protection standards when developing new digital services for citizens. The lack of necessary cybersecurity protection also causes a big concern.
A good example of moving forward with the implementation of privacy standards is the case of the North Macedonia’s Personal Data Protection Agency (PDPA) which adopted the Methodology for compliance of the line legislation with the Personal Data Protection Law. This document contains guidelines that regulate the actions of the ministries in the processes of harmonization of the line legislation covering the process of reviewing existing laws, as well as the process of performing impact assessment for the laws in terms of Personal data protection. The Methodology is prepared in accordance with the good practices and the legislation of the European Union and its member states and it also features information on the processes of prior consultation with the PDPA during the preparation of draft laws or respective bylaws related to the processing of personal data.
This document can be used by institutions in the region that are in charge of data protection to develop a similar methodology as a guide for public institutions in the processes of harmonization of laws, and preparation of new laws. In the absence of guidelines in this field from the Serbian institution for the protection of personal data, Partners Serbia created a similar document last year that can also be helpful- Guide for drafting and amending sectoral regulations governing the processing and protection of personal data.
A good example of how we can secure a better protection of personal data in e-services is a very helpful tool for the assessment of privacy standards of e-services, created by Metamorphosis Foundation for Internet and Society from North Macedonia. Namely, Metamorphosis developed a Methodology for assessing the compliance of the existing public e-services and the services that are being digitalized with the Personal Data Protection Law. In order to track the progress in the area, Metamorphosis assessed the compliance of 51 e-services provided by the central government institutions twice in 2022. The first assessment was completed in March 2022 and the second in August 2022. The second assessment showed that the institutions made limited progress in the process of aligning with the Personal Data Protection Law when delivering e-services. Having in mind that the application of the methodology started recently, the progress of the compliance of the public e-services delivery should not discourage other countries in the region from starting with similar activities.
We welcome the efforts of the countries in the region to digitize services and make them more accessible to citizens, but these activities should not jeopardize human rights. We request that our governments make e-government services safe and secure and that the privacy of the e-citizen become more protected.
More about how digitalization impacts data privacy and what can we learn from countries in the region will be presented at international conference “Privacy Week” by data protection authorities and representatives of the civic sector from the region. A detailed agenda and registration form are available on the following LINK.
This text was prepared with the financial support of the European Union. The contents of this text are the sole responsibility of the authors and can in no way be taken to reflect the views of the European Union.
The project “Increasing Civic Engagement in the Digital Agenda – ICEDA” is implemented by the Metamorphosis Foundation (North Macedonia), e-Government Academy (Estonia), Levizja Mjaft! (Albania), Partners for Democratic Change (Serbia), NGO 35mm (Montenegro) and ODK – Open Data Kosovo (Kosovo). The project is implemented with financial support from the European Union.
Other blog texts
Petrovska from the Office for management of registers: The digitization of the registers is expected to be completed by the end of 2023
Kristina Petrovska photo: Poralb.mk In an interview with Portalb.mk, Kristina Petrovska from the Office for management of registers (hereinafter the Office) speaks about the digitization of registers, certificates with incorrect data, as well as the electronic services provided by this institution. She says that by the end of 2023, all registry books are expected to […]
Merkoči from Levizija “Mjaft”(Movement “Enough is enough”): Digitization of public services in Albania has increased their quality
Aldo Merkoci, photo: Fisnik Xhelili/Portalb.mk The contemporary challenge faced by the countries of the Western Balkans is the digitization of public services. Compared to other countries in the region, Albania is the leader in this process. Albania’s digital revolution that started in 2013 included only 14 electronic services then, while today it includes 1,225. Translated […]
The offices of the MPs for communication with the citizens are closed during working hours
Photo: Portalb Citizens need to look everywhere for the employees of the Offices for Contact with Citizens, who only work for certain hours, to ensure communication between the MPs and the citizens. Portalb.mk visited 4 offices in different locations – Tetovo, Čair, Karpoš and Šuto Orizari, to see how they function up close. According to […]
(Un)accountable communication channels: state bodies without websites or social networks, and with spokespersons "on vacation"
photo: Glenn Carstens-Peters on Unsplash The level of transparency and accountability achieved by state institutions concerning communication with the public varies. Some of the Macedonian state authorities are listed high on the list of accountable institutions, they are even ranked the best in the region, and others are at the very bottom of the same […]
Privacy is a Human Right – Personal Data Protection in the Western Balkan
The purpose of protecting personal data is to ensure protection of privacy and other human rights and fundamental freedoms when collecting, processing and using personal data. This human right has been regulated by the legal framework in the Western Balkan countries, but it has recently gained a new perspective when the laws have started to […]
e-Commerce in the Western Balkans: How well is our data protected when shopping online?
Source: Pexels e-Commerce refers to the process of selling items or services online. Doing business online has become a preferred option for many, especially during the recent years as a result of the COVID-19 pandemic. The pandemic has enabled a rise in e-Commerce activities not only from the perspective of sellers (business owners/service providers), but […]