The Future and Challenges in the Field of Personal Data Protection
18/03/2020
Created date: 2016-01-27 09:24:16
On the occasion of 28 January - International Day of Privacy
The Future and Challenges in the Field of Protection of Personal Data
Ruzhdi Jashari
In marking the international day of protection of privacy, namely the protection of personal data (28 January 2016), in general, the Agency is on the way towards new successes. Discoveries in the field of digital technology continue without stopping to offer new services. Functionalization of new equipment of information technology in our world has become an integral part of all areas of work and life of humans. Therefore, the challenge for data protection is ever growing, so it requires our attention and commitment to set priority objectives in this field at national and international levels.
To understand how much and how we are threatened by illegal intrusions and possible abuses, the following is a brief overview of concerns over privacy and protection of personal data in various fields of life and work in the different states:
Not long ago in the USA, the White House had issued over 46 recommendations for changing USA interception practices. The concern and the commitment of the USA and President Obama, in this regard, were set in motion together with the competent institutions that the information collection in the interest of the national security of the United States, to be done in such a way as not to unnecessarily infringe citizen freedoms and personal privacy.
Working all on their right and legal processing, we will narrow the possibility of their misuse, by groups of individuals who access illegally personal information for terrorist purposes so-called "Terrorist Cyber Crimes" ("Cyber terrorism"). In this regard, for the first time we have seen the case, that with computer equipment are supported terrorist organizations. In October 2015 happened the first arresting of Ardit Ferizi in Malaysia, a young man originally from Kosovo, for cyber abuse and theft of the personal data of American service members, then those data were transferred to a hacker of 'Islamic State', where according to the Washington Post, this is the first time that USA prosecutors have charged a suspect for cyber terrorism in the field of the illegal intrusion.
Cyber-attacks and various intrusions in the official websites of banking systems have become almost an everyday phenomenon. Cyber-attacks on the banking system are causing losses of hundreds of millions of Euros. Improvement of bank digital services and their advancement has marked progress. Now services of hundreds - millions of clients are performed through mobile phones so-called "online services". Therefore, this service at this time is being attacked enormously and it remains the target of cyber-attacks by hackers and abusers of information technology. At the end of December 2015, the cyber-attacks had caused serious problems in digital banking services in Turkey, where 85% of them take place through mobile phones.
According to the daily information and reports of the institutions of the rule of law, we have interference and violations of the privacy of the banking system in many different states of the globe.
The use of search engines in the "data mining" is an electronic global market, where the world has been globalized in this regard and there are no differences, on age, sex, social groups, educational and scientific, racial and linguistic or religious, regardless of geographic distance.
Above were tackled superficially only two sectors, with concrete examples, but access to personal data is possible today, and it is done in different systems that are also very important, as health system, education, trade, manufacturing, media, public administration, political electoral systems, tourism, internet of things, marketing... etc., up to the use and obtaining of personal data through the maritime, ground and water traffic (the use of drones can be mentioned as a new phenomenon, for different purposes of observation, study, research etc.).
From the way, processing method and type of personal data depends on the level of the possibility of jeopardizing and unlawful access in our data. Even to this day, a serious risk remains personal data processing in social networks. In reference to the article: "Russian Hackers steal the data of half of Internet users in the world" published in the 'Deutche Welle' official website, it fully emerges the dimension of this problem, stating that 'A group of hackers from Russia has stolen more than 1.2 billion data of various online profiles'. According to these accounts, it is said that half of Internet users in the world were affected.
As can be seen, even the man's life is put at risk, where the computer virus can cause death of the patient, in cases when the human health is monitored by internet controlled machines (pace maker ). "Or through a computer virus, hackers can cause a car accident; this is proven by researchers", according to the Deutsche Well’s official web site.
In processing of personal data, their collection, transfer, categorization and storing, we know that we already have in continuous use automated technology, mobile technology (smart mobile devices), and server/hardware device; combined with video surveillance devices, laser remote control and search engines (Internet). We understand that the challenge for the protection of personal data, without a doubt, becomes one of the most serious concerns in each country, starting from our country, all over the Balkans, European Continent and international level. However, the protection of personal data in the area of justice, freedom of information and security, in terms of the realization of citizens' rights, is an interconnection of a composition of the multiple rights. When they interact together, provide citizens with security, and governance systems provide with advanced values of democracy. When personal data subject (citizen) considers that his personal rights are violated or misused by controllers (institutions, associations and different bodies) of public or private sector, he (the citizen) already, in all EU countries, in the justice system has the legal framework that guarantees legal protection and supervision of his rights to personal data.
Now there is evidence that in almost every country, there are administrative measures against the institutions that violate the law. Even the justice system in Kosovo, at the lawful processing of personal data, in 2015, has imposed the first administrative measures against KEDS (Power distribution system in Kosovo). Similar measures were applied to other controller too, to the mobile phone operators, found as violators of personal data during unauthorized marketing, with the distribution of sms during the election campaign of political parties held in 2014.
The large development of cyber and information technology, added the need to develop other rights such as: establishment of the legal regulations during the use of Internet, the right to be forgotten, the establishment of legal rules during the use of different portals, legal rules for the web, various sites etc. Otherwise, the rule of law through the justice system for citizens implies building of the confidence in state institutions, on one hand, while on the other the exercise of the competences and duties taken from the institutions and human society, at the behalf of the welfare of citizens, including, personal dignity and the ones privacy.
The efforts of all the nations for unique platform on the protection of privacy, the right of information, cyber security, the security of citizens in general, prove for unifying aspirations that freely give us the right to conclude that we are dealing with the development of general welfare of citizens and are unique values of modern society in the Internet age.
Justice, security and human rights in Kosovo have a special meaning to the fact that within the Progress Report for Kosovo on visa liberalization 2012-2015, compiled by the European Commission, the protection of personal data has been located in the block of "Justice, Freedom and Security" of the required standards, to be met, and that institution for the protection of personal data - NAPDP has always shown responsibility and reflected positively on the fulfilment of all recommendations in this field.
28th of January 1981 is the date of approval of the Convention 108, CoE- Council of Europe. This day of the approval of this convention, initially was celebrated as the European Day of privacy, but now has already received the title of the International Day of privacy, which celebrates marking of the first convention globally, approved for the protection of personal data in automated data processing.
This day is already marked by the institutions of international significance that are not specifically related to professional competence, but undoubtedly affect the actual signal of this global challenge for humanity.
In Kosovo, there is the institution mandated for 4 years already, which entered this challenge, by scoring encouraging successes, compared with the work of the counterpart in the region, which began operating decades ahead of us. This year marked increase in the number of complaints about double more than in 2014, and same, on-site inspections are doubled as well. Awareness, training and professional skills of officials have made progress too. Many achievements are the success of cooperation with the project from EU, OSCE, but also the commitment of the institution itself. The agency, working for four years, has already a state facility, equipment and logistical preparations for field work and other information technology equipment for work in the administration. In rounding the full capacity for work, certainly there are expected approvals by the Assembly of Kosovo to our requests for additional jobs. The Agency has already processed the draft State Strategy 2017-2021 in the field of protection of personal data.
The greater support of the supervisory institutions for the Agency is a promise for overcoming of its serious challenges to guarantee the right to the privacy of citizens in general.
(The author is Chief National Supervisor in the National Agency for Protection of Personal Data)
Created date: 2016-01-27 09:24:16
On the occasion of 28 January - International Day of Privacy
The Future and Challenges in the Field of Protection of Personal Data
Ruzhdi Jashari
In marking the international day of protection of privacy, namely the protection of personal data (28 January 2016), in general, the Agency is on the way towards new successes. Discoveries in the field of digital technology continue without stopping to offer new services. Functionalization of new equipment of information technology in our world has become an integral part of all areas of work and life of humans. Therefore, the challenge for data protection is ever growing, so it requires our attention and commitment to set priority objectives in this field at national and international levels.
To understand how much and how we are threatened by illegal intrusions and possible abuses, the following is a brief overview of concerns over privacy and protection of personal data in various fields of life and work in the different states:
Not long ago in the USA, the White House had issued over 46 recommendations for changing USA interception practices. The concern and the commitment of the USA and President Obama, in this regard, were set in motion together with the competent institutions that the information collection in the interest of the national security of the United States, to be done in such a way as not to unnecessarily infringe citizen freedoms and personal privacy.
Working all on their right and legal processing, we will narrow the possibility of their misuse, by groups of individuals who access illegally personal information for terrorist purposes so-called "Terrorist Cyber Crimes" ("Cyber terrorism"). In this regard, for the first time we have seen the case, that with computer equipment are supported terrorist organizations. In October 2015 happened the first arresting of Ardit Ferizi in Malaysia, a young man originally from Kosovo, for cyber abuse and theft of the personal data of American service members, then those data were transferred to a hacker of 'Islamic State', where according to the Washington Post, this is the first time that USA prosecutors have charged a suspect for cyber terrorism in the field of the illegal intrusion.
Cyber-attacks and various intrusions in the official websites of banking systems have become almost an everyday phenomenon. Cyber-attacks on the banking system are causing losses of hundreds of millions of Euros. Improvement of bank digital services and their advancement has marked progress. Now services of hundreds - millions of clients are performed through mobile phones so-called "online services". Therefore, this service at this time is being attacked enormously and it remains the target of cyber-attacks by hackers and abusers of information technology. At the end of December 2015, the cyber-attacks had caused serious problems in digital banking services in Turkey, where 85% of them take place through mobile phones.
According to the daily information and reports of the institutions of the rule of law, we have interference and violations of the privacy of the banking system in many different states of the globe.
The use of search engines in the "data mining" is an electronic global market, where the world has been globalized in this regard and there are no differences, on age, sex, social groups, educational and scientific, racial and linguistic or religious, regardless of geographic distance.
Above were tackled superficially only two sectors, with concrete examples, but access to personal data is possible today, and it is done in different systems that are also very important, as health system, education, trade, manufacturing, media, public administration, political electoral systems, tourism, internet of things, marketing... etc., up to the use and obtaining of personal data through the maritime, ground and water traffic (the use of drones can be mentioned as a new phenomenon, for different purposes of observation, study, research etc.).
From the way, processing method and type of personal data depends on the level of the possibility of jeopardizing and unlawful access in our data. Even to this day, a serious risk remains personal data processing in social networks. In reference to the article: "Russian Hackers steal the data of half of Internet users in the world" published in the 'Deutche Welle' official website, it fully emerges the dimension of this problem, stating that 'A group of hackers from Russia has stolen more than 1.2 billion data of various online profiles'. According to these accounts, it is said that half of Internet users in the world were affected.
As can be seen, even the man's life is put at risk, where the computer virus can cause death of the patient, in cases when the human health is monitored by internet controlled machines (pace maker ). "Or through a computer virus, hackers can cause a car accident; this is proven by researchers", according to the Deutsche Well’s official web site.
In processing of personal data, their collection, transfer, categorization and storing, we know that we already have in continuous use automated technology, mobile technology (smart mobile devices), and server/hardware device; combined with video surveillance devices, laser remote control and search engines (Internet). We understand that the challenge for the protection of personal data, without a doubt, becomes one of the most serious concerns in each country, starting from our country, all over the Balkans, European Continent and international level. However, the protection of personal data in the area of justice, freedom of information and security, in terms of the realization of citizens' rights, is an interconnection of a composition of the multiple rights. When they interact together, provide citizens with security, and governance systems provide with advanced values of democracy. When personal data subject (citizen) considers that his personal rights are violated or misused by controllers (institutions, associations and different bodies) of public or private sector, he (the citizen) already, in all EU countries, in the justice system has the legal framework that guarantees legal protection and supervision of his rights to personal data.
Now there is evidence that in almost every country, there are administrative measures against the institutions that violate the law. Even the justice system in Kosovo, at the lawful processing of personal data, in 2015, has imposed the first administrative measures against KEDS (Power distribution system in Kosovo). Similar measures were applied to other controller too, to the mobile phone operators, found as violators of personal data during unauthorized marketing, with the distribution of sms during the election campaign of political parties held in 2014.
The large development of cyber and information technology, added the need to develop other rights such as: establishment of the legal regulations during the use of Internet, the right to be forgotten, the establishment of legal rules during the use of different portals, legal rules for the web, various sites etc. Otherwise, the rule of law through the justice system for citizens implies building of the confidence in state institutions, on one hand, while on the other the exercise of the competences and duties taken from the institutions and human society, at the behalf of the welfare of citizens, including, personal dignity and the ones privacy.
The efforts of all the nations for unique platform on the protection of privacy, the right of information, cyber security, the security of citizens in general, prove for unifying aspirations that freely give us the right to conclude that we are dealing with the development of general welfare of citizens and are unique values of modern society in the Internet age.
Justice, security and human rights in Kosovo have a special meaning to the fact that within the Progress Report for Kosovo on visa liberalization 2012-2015, compiled by the European Commission, the protection of personal data has been located in the block of "Justice, Freedom and Security" of the required standards, to be met, and that institution for the protection of personal data - NAPDP has always shown responsibility and reflected positively on the fulfilment of all recommendations in this field.
28th of January 1981 is the date of approval of the Convention 108, CoE- Council of Europe. This day of the approval of this convention, initially was celebrated as the European Day of privacy, but now has already received the title of the International Day of privacy, which celebrates marking of the first convention globally, approved for the protection of personal data in automated data processing.
This day is already marked by the institutions of international significance that are not specifically related to professional competence, but undoubtedly affect the actual signal of this global challenge for humanity.
In Kosovo, there is the institution mandated for 4 years already, which entered this challenge, by scoring encouraging successes, compared with the work of the counterpart in the region, which began operating decades ahead of us. This year marked increase in the number of complaints about double more than in 2014, and same, on-site inspections are doubled as well. Awareness, training and professional skills of officials have made progress too. Many achievements are the success of cooperation with the project from EU, OSCE, but also the commitment of the institution itself. The agency, working for four years, has already a state facility, equipment and logistical preparations for field work and other information technology equipment for work in the administration. In rounding the full capacity for work, certainly there are expected approvals by the Assembly of Kosovo to our requests for additional jobs. The Agency has already processed the draft State Strategy 2017-2021 in the field of protection of personal data.
The greater support of the supervisory institutions for the Agency is a promise for overcoming of its serious challenges to guarantee the right to the privacy of citizens in general.
(The author is Chief National Supervisor in the National Agency for Protection of Personal Data)