Indicator
Privacy and data protections
Implemented
Not Implemented
Not Applicable
Level 0
Level 5
| Level | ALB | BIH | KOS | MNE | MKD | SRB |
|---|---|---|---|---|---|---|
| A policy framework and relevant legislation for online privacy and data protection have been adopted. *Partly. | ||||||
| The policy and legislation is aligned with related digital policy areas (e.g. the digital security strategy or the framework for protecting consumers in e-commerce). | ||||||
| A data protection authority has been established and is operational. | ||||||
| The policy framework encourages and supports self-regulation, whether in the form of codes of conduct or otherwise. | ||||||
| The policy framework provides for reasonable means for individuals to exercise their rights and provides for adequate sanctions and remedies in case of failure to comply with laws protecting privacy. *Sanctions are pending and self-regulation is missing. | ||||||
| The framework considers the role of actors other than data controllers, in a manner appropriate to their individual role and ensures that there is no unfair discrimination against data subjects. | ||||||
| The data protection authority has adequate human, technical and financial resources to ensure its transparency and independence. | ||||||
| There is evidence of an active implementation of the data protection authority’s work programme, or other policies, aiming to raise awareness and develop skills among citizens, businesses and the public sector related to data protection. *Limited evidence of the implementation of awareness-raising activities . | ||||||
| The legal framework is fully aligned with EU privacy and data protection legislation, namely the General Data Protection Regulation and ePrivacy Directive. *Not fully. | ||||||
| The data protection authority actively engages in international co-operation and exchange of good practices, with a goal of reaching international standards and good practices for privacy and data protection. *The Agency’s capacity to engage in international co-operation is limited due to the absence of relevant resources. | ||||||
| Key indicators on privacy and data protection are regularly monitored and available to the wider public online. | ||||||
| The framework is being regularly monitored and evaluated, and reports on the activity of the data protection authority are accessible to the public. Results of monitoring and evaluation analysis are being used for the improvement of future policies. *Partially developed. |
Note that for Bosnia and Herzegovina, “State” stands for the state level, while “FBiH” stands for the Federation of Bosnia and Herzegovina and “RS” stands for Republika Srpska - the two entities of Bosnia and Herzegovina. Note that the presented scoring criteria system is not a full representation of the scoring methodology used to determine the score for an indicator. For more information, see the Methodology section.