A conference held in Prishtina last week looked at the issue of data privacy and emerging threats to human rights and freedoms in the digital age.
Titled “Towards a Common Agenda on Digital Rights,” the conference was co-organized by local NGOs Lens and the Kosovo Center for International Cooperation and was part of a larger EU-funded project that Lens is conducting in cooperation with civil society organizations that prioritize the protection of human rights in the digital age in their day-to-day work.
Last week’s lineup included a host of representatives from well-established international organizations working in the field of digital privacy throughout Europe and the world, including Privacy International, Demos, Big Brother Watch, and Digital Rights Ireland. Alongside them were experts from local institutions such as the Kosovar Center for Security Studies, the Kosovo Foundation for Open Society, and the Kosovar Civil Society Foundation, as well as researchers from the University of Lund in Sweden and the University of Prishtina.
Bardha Ahmeti from Lens told K2.0 that the lineup had been carefully selected to ensure a wide range of global expertise. “We want to learn from them, network with them, and understand the perspectives they bring based on their own experiences,” she said.
Kosovo’s internet boom
One of the key issues raised over the course of the two-day conference was the institutional capacity to deal with Kosovo’s spike in internet penetration in the last 15 years; 76 percent of Kosovar households are now reported to have internet access, a figure comparable to countries with more developed economies.
The information landscape in Kosovo is also changing with increased use of social media. There are 850,000 Kosovars on Facebook alone — a penetration rate of almost 50 percent.
But this growth in telecommunication and computing technology has emerged alongside a widespread lack of information surrounding data privacy, immature institutions prone to misusing the data these new technologies bring, as well as a lack of data protection laws necessary for securing citizens’ control over their information.
Some of the conference’s guests included Vjollca Cavolli from the Kosovo ICT Association, Edin Omanovic from Privacy International and Miranda Kajtazi from the University of Lund. Photo Lorina Hoxha / K2.0.
Vjollca Cavolli, executive director of the Kosovo ICT Association, argued in one of the panel discussions that Kosovar institutions haven’t been ready for the recent upward trends in internet penetration, and that in an age where information is the most powerful thing in the world, individuals and organizations don’t know how to protect it.
Edin Omanovic, a researcher at Privacy International studying the exportation of surveillance technologies, told K2.0 that Kosovo’s high level of connection today means that new forms of data are being collected. “There’s a massive amount of data being collected, but little understanding of how it’s being collected and how it is being used,” he said.
This lack of understanding becomes a problem as telecommunications systems become more advanced and widespread, generating data about us that we are often not even aware of. Such data ranges from our locations, credit card transactions, internet searches to our friends and relationships — data that then paints a detailed picture of who we are: where we go, what we spend our money on, what we believe in, how healthy we are, what communities we’re a part of and what we’re interested in.
A number of experts throughout the conference pointed out that strengthening data protection laws can help to protect citizens. A short video by Privacy International described the ways in which strong data protection laws can dictate who is authorized to access, collect, and use our data, when and for what purposes they can do so, and for how long it can be kept. It also outlined how legislation can establish the subject’s right to withhold data, their entitlement to know what is being done with it, and ability to challenge its use.
It became clear that without strong data protection laws, personal data becomes prone to misuse and abuse not only by private companies seeking to make profit off of customer data, but also by governments and police forces.
A European future
When it comes to developing its data protection laws, Kosovo is keeping an eye on the EU. In her presentation on the protection of privacy, Miranda Kajtazi discussed the EU’s General Data Protection Regulation (GDPR), set to be implemented from May 2018, which aims to give citizens greater control over the use of their personal data, as well as standardize data protection regulations across EU members.
Ahmeti told K2.0 that the EU has been providing support to institutions in Kosovo in handling the protection of personal data, as well as with harmonization and institutional legal framework enhancement.
Kosovo implemented its own Law on the Protection of Personal Data, on April 29, 2010, but, according to Ahmeti, in an effort to harmonize its own national policies with the regulations being implemented in the EU, this law is currently being amended to better suit EU frameworks.
There have been some difficulties with adhering to EU frameworks in the past. In 2015, the government of Kosovo proposed the Draft Law on Interception of Electronic Communication to the Parliamentary Committee on European Integration. According to the European Digital Rights association, the law was sent back on account of numerous problematic provisions, including one that sought to establish an independent interception interface within the Kosovo Intelligence Agency, which would allow the agency to make use of data provided by Service Providers and Network Operators with minimal supervision.
Privacy International’s Edin Omanovic believes that it is crucial that the public is well informed about the dangers of data exploitation. Photo Lorina Hoxha / K2.0.
The European Commission reports that as of 2016, there has been progress made in Kosovo with regards to data protection. Public awareness has increased, leading to more complaints being sent to the National Agency for the Protection of Personal Data, and a larger number of inspections
After his presentation at the conference, Omanovic told K2.0 that the ultimate goal is to create a public that is well informed about the dangers of data exploitation, so that the government will then be pressured to implement the appropriate protections. The approach is therefore both top-down and bottom-up, given that competent institutions are necessary for implementing regulations, but an informed citizenry is also necessary for creating the demand for these regulations in the first place, as they are unlikely to be enacted without public pressure.
And as Miranda Kajtazi, an Assistant Professor at the University of Lund, noted in one of the panel discussions, while the limited ability of Kosovar institutions to handle the new forms of data being accumulated is concerning, it also provides an opening: Since they don’t yet know how to use it, we still have a chance to shape the norms and expectations surrounding data protection in our young society, an opportunity that was largely lost in the West.K
Feature image: Lorina Hoxha / K2.0.