Interview with: Jeton Arifi, Deputy Director General At The Information And Privacy Agency, Kosovo
OneTrust DataGuidance spoke with Jeton Arifi, Deputy Director General at the Information and Privacy Agency ('the Agency'), Kosovo in October 2019. Jeton discusses the new data protection law and how it compares to global privacy laws. Jeton also speaks about the structure of the Information and Privacy Agency and the challenges that the authority faces.
How is your authority structured and managed?
Our independent authority is rather small. It is composed of 19 people working for the Agency, which was in the past known as the National Agency for the Protection of Personal Data. Now that Law No. 06/L-082 on Personal Data Protection ('the Law') has been adopted, the Agency's name has become shorter. We were established in 2011 and during five years, the Agency was managed by a council of five people who were at the same time national supervisors conducted inspections on site. This structure, which is quite small comparing to other counterpart institutions, is a developing structure, which means that we intend to increase the number of employees, which will in the next two years probably reach a number of 41 employees.
How does the new data protection law compare to other global laws?
The Law came into effect in March 2019, and we have been working on its draft for more than one year with the Prime Minister's office, the National Assembly, the civil society, and other relevant institutions, and we were supported by the European Union's office in Prishtina as well. There was also foreign expertise supporting our working group to draft the Law and we were careful to transpose the majority of contents of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') within the Law. So, the Law is maybe considered today to be very contemporary and in line with all other countries and EU Member States' legislations which are covering data protection.
What have been the challenges that your authority has been focusing on?
If we refer to the last three years, there were many challenges for the civil servants working for the Agency because there was no head of the Agency. Since we were missing the counsel who used to manage the Agency, and we are still awaiting the Commissioner's position to take place, at the time of publication, a Commissioner has not taken office yet. We expect that a selected individual professional will take office sometime in the Spring of 2020. One of the challenges is that when we were drafting the Law, we had to harmonise it with the GDPR and we needed the expertise since our country, as a young country with young authorities, was lacking the expertise in data protection, except for those people who have been working for the Agency for the past eight years. Other challenges were related to conducting inspections because according to the previous law only national supervisors who were no longer with the Agency were entitled to conduct inspections and the citizens and the data controllers, respectively, couldn't feel the hand of the Agency in practice. So, in the past, we had to press charges with the basic court whenever there was a data breach or data controllers did not obey our law. Now according to the Law, the Agency will be able to impose fines to data controllers who violate citizens' rights.
What are your authority's priorities for 2020?
The Commissioner's position, which is up to the National Assembly to recruit it as soon as possible, is a challenge and a priority. At the same time, another priority is drafting sub-legal acts deriving from both data protection and the access to public documents law, which we implement as an institution. Now, with having the right to impose fines we are going to need specific legal acts drafted and ready. We have already started to draft them, but unless the Commissioner has taken office and signed all those legal acts, we cannot conduct inspections for instance, and any other activities that would be a product of such drafted sub-legal acts. So, having in place all the sub-legal acts as soon as possible will help us perform easier and faster.
To access the full video of Jeton's interview, click here.
Jeton was interviewed as part of the 'Regulator Spotlight' video series. To watch other video interviews filmed by OneTrust DataGuidance, click here.