Privacy concerns amid digitalization in the Western Balkans

The digitalization of public services has been among the priorities of Western Balkan countries. In the COVID-19 aftermath, it is even more evident that there is a need for digitalization in order to make the citizens, businesses, and societies as a whole more resilient and able to withstand external shocks and changes. Albania is the leading country in the region when it comes to the digitalization of public services. At the moment there are 1.225 e- services offered at the national platform e-Albania that are provided by 200 public administration institutions. In July 2022, there were 2.679.806 registered users, which is more than 90% of total population of Albania. Other countries of the region have a lot of work to reach these figures.

One of the challenges related to the development and use of e-services represents data privacy and data security. In the last year, the region experienced threats to the data privacy of citizens by different hacker attacks. In August 2022, hackers attacked the information network of the Government of Montenegro. The attacks in that country began on August 22nd, when access to the Government websites and emails, as well as other institutions such as the prosecutor’s office, courts, Cadaster, Customs Administration, and e-portals for citizens, was disabled. A series of cyberattacks happened to the Albanian institutions last summer, also. The first attack, which targeted the government server “Administrata”, took place in May. The second attack targeted the government portal e-Albania mentioned above, where citizens can log in using their ID or passport number and apply for official documents, schedule appointments, etc. The state institutions of Serbia have been the target of hacker attacks most recently on January 4th, 2023.

Parallel to these external threats, in previous years, the region experienced data leakages caused by institutions due to insufficient measures for the protection of personal data in process of digitalization services. For example, the username and password for accessing the Information System Covid-19 in Serbia were publicly available for eight days on the website of a health institution, which made it possible to access and download the personal data of citizens of Serbia.

Image by vishnu vijayan from Pixabay

Countries in our region, to the greatest extent, adopted the legal framework related to data privacy protection, but the implementation of laws is still not satisfactory. Problems are also related to other laws and bylaws that are not aligned with privacy data protection laws. Additionally, examples of data breaches show that public institutions do not follow procedures for the implementation of privacy protection standards when developing new digital services for citizens. The lack of necessary cybersecurity protection also causes a big concern.

A good example of moving forward with the implementation of privacy standards is the case of the North Macedonia’s Personal Data Protection Agency (PDPA) which adopted the Methodology for compliance of the line legislation with the Personal Data Protection Law. This document contains guidelines that regulate the actions of the ministries in the processes of harmonization of the line legislation covering the process of reviewing existing laws, as well as the process of performing impact assessment for the laws in terms of Personal data protection. The Methodology is prepared in accordance with the good practices and the legislation of the European Union and its member states and it also features information on the processes of prior consultation with the PDPA during the preparation of draft laws or respective bylaws related to the processing of personal data.

This document can be used by institutions in the region that are in charge of data protection to develop a similar methodology as a guide for public institutions in the processes of harmonization of laws, and preparation of new laws. In the absence of guidelines in this field from the Serbian institution for the protection of personal data, Partners Serbia created a similar document last year that can also be helpful- Guide for drafting and amending sectoral regulations governing the processing and protection of personal data.

A good example of how we can secure a better protection of personal data in e-services is a very helpful tool for the assessment of privacy standards of e-services, created by Metamorphosis Foundation for Internet and Society from North Macedonia. Namely, Metamorphosis developed a Methodology for assessing the compliance of the existing public e-services and the services that are being digitalized with the Personal Data Protection Law. In order to track the progress in the area, Metamorphosis assessed the compliance of 51 e-services provided by the central government institutions twice in 2022. The first assessment was completed in March 2022 and the second in August 2022. The second assessment showed that the institutions made limited progress in the process of aligning with the Personal Data Protection Law when delivering e-services. Having in mind that the application of the methodology started recently, the progress of the compliance of the public e-services delivery should not discourage other countries in the region from starting with similar activities.

We welcome the efforts of the countries in the region to digitize services and make them more accessible to citizens, but these activities should not jeopardize human rights. We request that our governments make e-government services safe and secure and that the privacy of the e-citizen become more protected.

More about how digitalization impacts data privacy and what can we learn from countries in the region will be presented at international conference “Privacy Week” by data protection authorities and representatives of the civic sector from the region. A detailed agenda and registration form are available on the following LINK.


This text was prepared with the financial support of the European Union. The contents of this text are the sole responsibility of the authors and can in no way be taken to reflect the views of the European Union.

The project “Increasing Civic Engagement in the Digital Agenda – ICEDA” is implemented by the Metamorphosis Foundation (North Macedonia), e-Government Academy (Estonia), Levizja Mjaft! (Albania), Partners for Democratic Change (Serbia), NGO 35mm (Montenegro) and ODK – Open Data Kosovo (Kosovo). The project is implemented with financial support from the European Union.


meta tim sliki-02.jpg









Other blog texts

Every minister boasted and took pictures about the project "One Point for Services" but it never succeeded


Collage of the visits of government officials to the offices of “One point for services” / Photo: State institutions   The offices “One Point for Services” that were opened in Skopje, Kumanovo, Ohrid, Bitola and Tetovo in order for the citizens to say “goodbye” to waiting at the counters, will be closed and in their […]

Protecting Your Digital Identity: The Importance of "Cyber Hygiene"


In today’s digital age, it’s more important than ever to take steps to protect yourself from cyber threats. From viruses and malware to phishing scams and identity theft, there are a host of risks that can compromise your personal information and wreak havoc on your devices. That’s why practicing good cyber hygiene is essential to […]

Communicating digital transformation to the citizens – an important contribution to bridging the gap


Digital transformation is changing our lives in ways we could not have imagined even a few decades ago. It has brought new opportunities and challenges, and it is transforming the way we live, work, and communicate with each other. However, communicating digital transformation to citizens can be a challenge, especially in the Western Balkans, where […]

Institutions as a cause of privacy breaches in the media


Even if competent state authorities disclose private data of a perpetrator or a victim, media must not transmit that information. An error on the part of state authorities does not imply a “permission” for the violation of ethical principles of the profession. This is what the Serbian Journalists’ Code of Ethics says, but media practice […]

"ADA", the digital assistant based on artificial intelligence that will provide the citizens with information about state aid - News Agency


The digital assistant “ADA”; Photo: Government of the Republic of North Macedonia Investors and citizens will be able to receive information about the state aid programs of the Government of the Republic of North Macedonia through the first digital assistant “ADA” which is based on artificial intelligence. This is the information provided by the Cabinet […]

The application of artificial intelligence in state institutions is useful, however it is dangerous if misused - News Agency


Photo: writes that the use of artificial intelligence in the public sector would help to increase the quality of services, to save citizens’ time and money, but also to prevent corruption. However, if AI is used non-transparently, the consequences outweigh the benefits. This is what experts say about the impact of artificial intelligence […]

Verified by MonsterInsights