In a democratic society with developed economy, it is essential disposing a state-of-the-art and consolidated legal framework, founded on the full realization of human rights and freedoms. The Ministry of Justice in co-operation with the Information and Data Protection Commissioner held a number of meetings in the context of public consultation of the draft-law “On the Protection of Personal Data”.

These events gathered representatives of controllers and processors operating in both public and private domains across all areas and sectors of social and economic life. The future national legislation on personal data protection complies with one of the obligations emanating from the EU integration process, consisting in its full alignment with the EU General Data Protection Regulation (GDPR), and the Data Protection Law Enforcement Directive (Police Directive).

In his opening remarks, the Minister of Justice, Mr. Ulsi Manja highlighted that “we’re hereby establishing new high standards in our national legislation for the protection of personal data. On the one hand, the range of data subjects’ rights will be expanded and strengthened, whereas on the other hand, new requirements shall be imposed on data controllers and processors. The document we’re introducing today results from the co-operation of a group of international experts and the Commissioner’s Office within an EU funded twinning project. I take this occasion to thank the Commissioner’s Office for the work accomplished and the steady co-operation throughout the process of preparation of this draft-law”.

In his intervention, the Commissioner, Mr. Besnik Dervishi held that the consultation process of the draft-act should help improve the latter on the one hand, and consolidate the culture of accountability, ethics and transparency vis-à-vis the rights of individuals on the other hand. “The GDPR has sanctioned a new supervision approach, which is reflected also in this draft-law, and aims at strengthening the institutional independence, increase administrative capacities, and ensure the provision of appropriate technical and financial resources to tackle challenges related to noncompliance with the rights of the citizens. The proper functioning of a reliable authority requires savvy and periodically updated staffs, appropriate knowledge and application of procedures, necessary technical resources and first and foremost determination to remain free from any kind of influence or interests. Upholding these rights through lawful processing of personal data requires the adoption of appropriate regulatory, technical and organizational security measures, certification, risk assessment, periodic staff training by each public or private controller and processor. The European legal framework provides the best model, which we should understand and embrace consciously rather than mechanically. By doing so, and refraining from “adapting” to models or routines, we ensure a “robust” legislation and a “strong” supervisor, which in turn achieves its purpose, the protection of individuals’ personal data, we’re protection nothing less than human dignity” – added Mr. Dervishi.

This act is fully in line with the European Commission’s recommendations for Albania across the last years, and enlisted among the priority legal initiatives of the 2022-2024 National Plan for European Integration. Participants in this roundtable expressed their views and suggestions regarding specific aspects which could improve the draft-law from the perspective of public controller, professional association, civil society organization, business interest groups, etc. A modernized legislation shall grant more power to the citizens over the processing of their personal data. It brings about introductions that closely follow technological developments, such as: new definition of consent, the right to be forgotten, the fairly new concepts of data portability, privacy by design and by default, as well as increased sanctions for violations of the law. The alignment of our national regulatory framework with the GDPR and the Law Enforcement Directive will also strengthen the powers of the Commissioner’s Office, to enable the latter to better respond to challenges and issues for privacy and personal data protection.