---

EXECUTIVE SUMMARY

In December 2023, Albania took a groundbreaking step towards leveraging artificial intelligence (AI), specifically ChatGPT, to expedite its European Union (EU) integration process. This initiative, spearheaded by Prime Minister Edi Rama, marks Albania’s ambition to become a regional leader in AI adoption, particularly in the realm of legal alignment. The use of ChatGPT aims to streamline the translation and integration of EU laws into Albanian legislation, a process traditionally fraught with challenges due to the sheer volume of legal measures and the need for precise translations. By employing AI, Albania hopes to eliminate the need for extensive translator and lawyer teams, significantly reducing costs and accelerating the integration timeline. However, the implementation of AI in this context raises critical concerns regarding the protection of democratic values, human rights, and the privacy and integrity of citizen data. Without a robust national framework governing AI usage, there is a risk of missteps in ensuring ethical and responsible application. The government has reassured stakeholders that it will adhere to international regulations and has undertaken measures to safeguard the ethical use of AI, positioning it as an aid rather than a replacement for human expertise. Furthermore, the project’s success hinges on navigating the legal landscape surrounding AI interaction with citizens and handling personal data. As Albania progresses with its AI initiatives, it faces the challenge of establishing legal frameworks that balance technological advancement with the preservation of human rights, justice, and peace. The involvement of religious leaders in discussions on AI and peace underscores the importance of responsible AI deployment, emphasizing the need for transparency, security, and trustworthiness in AI applications.

---

Existing problems in the Albanian legal system

The legal system in Albania faces several challenges, including corruption, inefficiencies, and a lack of transparency. Corruption within the judiciary is a significant issue, with instances of bribery and nepotism undermining the fairness and effectiveness of the system. Judges’ salaries are relatively low, yet some have been found to possess assets far exceeding their income, indicating potential corruption. Trials are often conducted behind closed doors, and there is a lack of disclosure regarding judges’ decisions and reasoning, contributing to a lack of trust and confidence in the judiciary. Moreover, the court system suffers from inefficiencies, such as nearly half of the hearings at the Tirana District Court being postponed due to a flawed notification system. This inefficiency extends to the overall court system, where delays and mismanagement compromise the timely delivery of justice.

Technology offers a promising solution to address these challenges. The installation of digital audio recording technology in courtrooms, supported by USAID since 2012, has made significant strides in improving transparency and accountability. This technology allows for the recording of proceedings, which can be accessed by the public, increasing the visibility of court activities and holding judges accountable. Additionally, the use of technology to improve the notification system, allowing for better communication between the court and defendants/witnesses, has reduced postponements and improved the efficiency of the court system. By leveraging technology, Albania can enhance the transparency and efficiency of its legal system, combat corruption, and build public trust in the judiciary. The successful implementation of digital audio recording and improved notification systems demonstrates the potential of technology to transform the legal sector, paving the way for further innovations that could further strengthen the rule of law and justice in Albania.

---

Key findings:

Limited Use of ICT in the Judiciary System: The study notes that the use of ICT in the Albanian judiciary has been hindered by several barriers, such as the absence of legislation governing the use of ICT in the judiciary, the lack of a unified automated case management system, insufficient training for judiciary staff on ICT usage, and inadequate investment in ICT equipment for courts.

Significance of Digitizing the Judiciary: The 2016 judicial reform, supported by the EU and USA, underscored the importance of digitizing the judiciary system in Albania. This reform aimed to increase transparency, accountability, and citizens’ access to information, which are crucial for preventing corruption and ensuring justice.

Potential Benefits of Digitization: The research concludes that digitizing the judiciary system can significantly contribute to increasing integrity and preventing corruption within the judicial system. By leveraging ICT, the judiciary can operate more efficiently, transparently, and accountably, thereby enhancing public trust and access to justice.

This research provides a solid foundation for policy recommendations aimed at accelerating the digitization of the Albanian judiciary system. It emphasizes the need for legislative support, the development of a unified automated case management system, adequate training for judiciary staff, and increased investment in ICT infrastructure. By addressing these gaps, Albania can harness the power of technology to transform its legal system, making it more efficient, transparent, and resistant to corruption.

---

Current and proposed policies:

Current Policies: Albania has made significant strides in addressing online privacy and data protection, particularly through its ratification of international conventions. On January 28, 2022, Albania signed the Protocol amending the Convention for the Protection of Individuals concerning Automatic Processing of Personal Data. This protocol was later ratified by Law No. 49/2022, dated May 12, 2022. This ratification signifies Albania’s commitment to enhancing the protection of individuals’ data in the digital age, aligning its national legislation with international standards set forth by the Council of Europe.

---

Proposed Policies

To further strengthen Albania’s position in protecting online privacy and ensuring the secure processing of personal data, the following policies are proposed:

• Legislative Amendments: Amend existing legislation to incorporate stricter penalties for violations of data protection laws, including fines and imprisonment for unauthorized access or misuse of personal data. This would serve as a deterrent and reinforce the seriousness of data protection breaches.
• Data Breach Notification Requirements: Introduce mandatory data breach notification requirements for organizations. This means that entities must report any security breaches involving personal data to the relevant authorities and affected individuals within a specified timeframe. Such a requirement would enhance transparency and allow for quicker remediation of incidents.
• Strengthening Regulatory Bodies: Enhance the capabilities and independence of the regulatory body tasked with overseeing data protection. This could involve granting it more powers to conduct audits, impose sanctions, and enforce compliance with data protection laws.
• Public Awareness Campaigns: Launch nationwide public awareness campaigns to educate citizens about their rights under data protection laws and how to protect their personal information online. This would empower individuals to take proactive steps in safeguarding their privacy.
• International Cooperation: Strengthen cooperation with international partners and organizations involved in data protection and cybersecurity. This could involve sharing best practices, participating in joint initiatives, and collaborating on cross-border investigations into data breaches.

---

Policy Recommendations

---

Strengthening Data Protection Legislation

• Update Existing Laws: Amend the Law nr. 9887 on Personal Data Protection to align more closely with the General Data Protection Regulation (GDPR). This includes updating definitions of personal data to encompass newer forms of digital identifiers and expanding the scope of data protection to cover all sectors, not just those explicitly mentioned in the current legislation.
• Increase Administrative Fines: Raise the maximum administrative fines for violations of personal data protection laws to levels comparable to those under the GDPR. This would act as a stronger deterrent against non-compliance and encourage organizations to invest in robust data protection measures.
• Establish a Data Protection Authority: Create an independent Data Protection Authority with enhanced powers to oversee the enforcement of data protection laws. This authority should have the ability to conduct thorough investigations, impose sanctions, and engage in public advocacy to raise awareness about data protection rights and responsibilities.

Enhancing Cybersecurity Measures

• Invest in Advanced Security Technologies: Allocate resources for the development and implementation of advanced cybersecurity technologies, such as encryption, intrusion detection systems, and secure data storage solutions. This investment should be prioritized to protect against emerging threats and vulnerabilities.
• Cybersecurity Training and Education: Implement comprehensive cybersecurity training programs for all employees, including those who handle personal data. This education should cover best practices for data protection, the risks associated with data breaches, and the importance of reporting suspicious activity.
• Incident Response Planning: Develop and regularly update incident response plans to ensure that organizations can respond swiftly and effectively to data breaches. These plans should outline procedures for identifying, containing, eradicating, and recovering from data breaches, as well as communicating with affected individuals and regulatory authorities.

Promoting Public Awareness and Engagement

• Awareness Campaigns: Launch nationwide campaigns to raise public awareness about personal data protection rights and responsibilities. These campaigns should use accessible language and engaging formats to reach a broad audience, including younger demographics.
• Community Outreach Programs: Organize community outreach events and workshops to educate citizens about the importance of data protection and how to protect their personal information online. These programs should also guide how to report data breaches and seek assistance from authorities.

Bibliography:

• https://cms.law/en/int/expert-guides/cms-expert-guide-to-data-protection-and-cyber-security-laws/albania
• https://www.dataguidance.com/notes/albania-data-protection-overview
• https://www.dataguidance.com/jurisdiction/albania
• https://cms.law/en/int/expert-guides/the-impact-of-gdpr-in-non-eu-countries/albania
• https://www.dcaf.ch/sites/default/files/imce/ECA/D.Pasha-YoungFaces2022.pdf
• https://ceur-ws.org/Vol-2872/short06.pdf

---