Law No. 06/L-082 on the Protection of Personal Data regulates the protection and processing of personal data in the Republic of Kosovo, guaranteeing data privacy and security. It sets out obligations for data controllers and processors, including the principles of processing, the rights of data subjects and data protection measures.

For more complete information about the law, visit: Law on the Protection of Personal Data

Also, based on Law No. 06/L-082 on the Protection of Personal Data in Kosovo, the processing of personal data can only be done with the clear and informed consent of the data subject . The controller must ensure that the subject is informed of the purpose of the processing, the nature of the data collected and his rights.

The data subject has the right to withdraw consent at any time and to request access, correction or deletion of their data. Processing must be lawful, fair and transparent, respecting the principles of confidentiality and security.

Controllers and processors are obliged to take technical and organizational measures to protect data from unauthorized access, loss or destruction. In the event of security breaches, the controller must notify the responsible authority and data subjects without undue delay.

When the data subject has given his consent to the processing of personal data, the controller is obliged to respect several key principles:

  1. Clarity and Transparency: Consent must be clear, specific and informed, defining the purpose for which the data will be processed.
  2. Right to Withdrawal: The subject may withdraw consent at any time, without any negative impact on the services received.
  3. Documentation of Consent: The controller must maintain records to prove that consent was obtained lawfully.
  4. Limited Use: Data may only be used for the purpose specified at the time of consent.

If the purpose of the processing changes, it is necessary to obtain new consent from the data subject. The controller must ensure that any processing operation respects the rights of the subject and meets legal requirements.

When we use an application and are asked to click “I accept…” or “I accept the terms,” ​​we are actually giving our consent to the application’s processing of personal data. This means that the app can collect, store, and process data such as name, location, contacts, activity in the app, and other similar data.

The application often uses this data to:

  1. Personalization of content and services.
  2. Targeted advertising and marketing.
  3. Improving functionalities and analyzing usage.
  4. Interaction with other platforms (e.g., social networks).