The Office of Information and Data Protection Commissioner joined the Sweep Privacy GPEN operation. This year, the sweep was focused on websites and applications of various companies such as banking and financial sector, retails, social media, education and health, travel agencies, etc. The Information Commissioner’s Office of Great Britain was in the lead of this operation, organized simultaneously on May and attended by 24 Data Protection Authorities from all over the world.
The Commissioner’s Office swept websites of 3 Albanian travel agencies (controllers). A questionnaire containing 28 questions divided into 6 indicators, considered privacy policies in the process of collection, notification, processing and safeguarding of citizens’ personal data. Based on the obtained results, controllers had serious deficiencies regarding to:

  • Providing Information on automated decision-making;
  • Providing Information on safeguards (encryption);
  • Providing Information on the location of personal data retention;
  • Providing Information on how to delete data;
  • Providing Information on the access to personal data.

In total, 455 websites and various applications were swept and the final Report highlights that:

  • In general, communications on privacy issues are vague;
  • The majority of controllers failed to inform citizens what happens to their data after receiving the service;
  • The procedure of data transfers with third parties is ambiguous;
  • Concerns exist on data security issues.

Resting on outdated acts or regulations is considered challenging on an international scale. Hence, the start of the application of General Data Protection Regulation on May 2018 shall unify practices in this field. The participation of the Commissioner’s Office in such initiatives aims to improve supervision with Albanian controllers in accordance with advanced standards.
Report on GPEN Privacy Sweep 2017 (Albanian) (English)