Albanian Office for Personal Data Protection
1) Legal grounds for the protection of personal data in the national legislation:
The Protection of personal data is a fundamental right in the Albanian Legislation enshrined in Article 35 of the Constitution of the Republic of Albania.
1. No one may be obliged, except when the law requires it, to make public data connected with his person.
2. The collection, use and making public of data about a person is done with his consent, except for the cases provided by law.
3. Everyone has the right to become acquainted with data collected about him, except for the cases provided by law.
4. Everyone has the right to request the correction or expunging of untrue or incomplete data or data collected in violation of law.
On 14th of February 2005 Albania ratified the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. In 2008, the Assembly of Albania enacted the Law No. 9887, dated 10.03.2008 “On Personal Data Protection”, repealing the Law of 1999 and establishing the independent public authority “Commissioner for Personal Data Protection”. This Law was drafted in line with the Data Protection Directive 95/46/EC and Convention 108 and its Additional Protocol.
Since 2008 the Office of the Commissioner has adopted 38 Instructions and Regulatory decisions for the protection of personal data with regard to different domains such as:
- Health sector
- Banking-finance sector
- Hotels and Tourism
- Biometric Data
- Publication of court decisions
- - Direct marketing
2) The status and the legal position of national DPA:
The Information and Data Protection Commissioner (IDP) is the national supervisory authority of the Republic of Albania in charge of supervising and monitoring the protection of personal data both in public and private sector and for guaranteeing the right of access to public information.
The IDP Office has the power to conduct administrative investigations, to order for the blocking, erasure, destruction or suspension of the unlawful processing of personal data, and to impose administrative sanctions. The IDP Commissioner has different responsibilities such as giving opinions on legal acts, recommendations for the implementation of the law, authorizing international transfers, addressing complaints and it further performs tasks relating to international co-operation, awareness-raising activities, trainings, etc.
3) The legal rights and the limitations of the national DPA:
1. The Commissioner has the right to:
a) Conduct an administrative investigation, have access to personal data processing and collect all necessary information with the view of fulfilling his supervisory obligations;
b) Order for the blocking, erasure, destruction or suspension of the unlawful processing of personal data;
c) Issue instructions prior to the data processing and ensure their publication;
2. In cases of recurring or intentional serious infringement of law by a controller or processor, especially in cases of recurring failure to carry out the Commissioner’s recommendations, he acts in compliance with article 39 herein and may report the case publicly in accordance with his duties or report it to the Assembly and the Council of Ministers.
2.1 In case the violation consists in a crime, it makes the respective report.
This law is not applicable to processing of data: a) by a natural persons for purely personal or family purposes; b) only in case the information is provided about public officials or public (state) administration servants, reflecting their public, administrative activities or issues related to their duties.
4. Contact information:
The Office of Information and Data Protection Commissioner
Rr. "Abdi Toptani", Nd. 5, Kodi postar 1001, Tiranë