Privacy Law at Kosovo
Kosovo's data protection framework is governed by Law No. 06/L-082 on Protection of Personal Data, enacted in 2019. This law aligns with the European Union's General Data Protection Regulation (GDPR), establishing comprehensive guidelines for the collection, processing, and storage of personal data.
Key Provisions of Kosovo's Data Protection Law
1. Personal Data Processing Principles
The law stipulates that personal data must be:
Processed lawfully, fairly, and transparently Individuals should be informed about how their data is being use.
Collected for specified, legitimate purposes Data should not be processed in a manner incompatible with these purpose.
Adequate, relevant, and limited Only data necessary for the intended purpose should be collecte.
Accurate and kept up to date Inaccurate data should be rectified or erased without delay.
Kept in a form which permits identification Data should not be stored longer than necessary.
Processed in a manner that ensures security Appropriate technical and organizational measures should be in place to protect data.
2. Rights of Data Subjects
Individuals have the right to:
Access Obtain confirmation and details about the processing of their personal data.
Rectification Request corrections to inaccurate or incomplete data.
Erasure Request deletion of personal data under certain condition.
Restriction of processing Limit the processing of their data in specific situation.
Data portability Receive their data in a structured, commonly used format for transfer to another controlled.
Object Object to data processing based on legitimate interests or direct marketing.
Automated decision-making Not be subject to decisions based solely on automated processing, including profiling.
3. Supervisory Authority
The Information and Privacy Agency (IPA) is the independent authority responsible for overseeing the implementation of data protection laws in Kosov. The IPA has the authority to:
Monitor and enforce compliance with data protection law.
Handle complaints and conduct investigation.
Impose fines for violation.
Provide guidance and raise awareness about data protection.
4. Enforcement and Penalties
The IPA has taken several enforcement actions, including:
Fines In 2023, the IPA imposed fines totaling €32,000 for violations such as unauthorized publication of personal data and non-compliance with decision.
Complaints and Inspections In 2023, the IPA received 117 complaints related to personal data protection and conducted 118 inspections, issuing 178 decision.
📌 Summary
Kosovo's data protection legal framework, primarily governed by Law No. 06/L-082, establishes comprehensive guidelines for the collection, processing, and storage of personal data, aligning with international standards. The Information and Privacy Agency plays a crucial role in overseeing compliance, handling complaints, and enforcing penalties to protect individuals' privacy rights.
RELATED Blog
0 comments