Recruitment for Chemonics International

Kosovo e-Governance Activity (KeG)

Position Title: Privacy Policy and Data Protection Expert (Short-Term CCN)

Position Type: Cooperating Country National-CCN (Kosovo citizen or lawfully admitted permanent resident)

Period of Assignment:  (July - August 21, 2024) (up to 10 days of LOE)

Reports to: Objective Three Specialists

Location: Pristina, Kosovo

BACKGROUND

Continuous technological advancements drive changes in institutional service delivery, necessitating ongoing development and causing many actors to be challenged with dilemmas regarding the processing of personal data. As a result, institutions must strive to harmonize and adapt their internal rules and local legislation to meet the best standards.

With the increasing reliance of digital public services, the Agency for Information Society (AIS) in Kosovo faces a pressing need to regulate personal data protection through the provision of e-services. According to the findings of the last survey conducted on the user satisfaction of the e-Kosova portal, there are prevalent concerns regarding personal data privacy, suggesting the need for clear privacy policies and regulated procedures.

Regulations on personal data protection are indispensable for the Information Privacy Agency (IPA), as it provides a robust framework for the safeguarding of personal data among the local institutions. According to Law No. 06/L-082 on Protection of Personal Data, all institutions responsible for monitoring the legitimacy of personal data processing shall ensure that the data is protected and processed in the manner specified in this law (Article 40). Given that the e-Kosova portal, administered by AIS, collects the personal data of registered users, AIS is highly encouraged to issue its internal act in which it describes the procedure to ensure the protection of personal data including the integrity of data, privacy and confidentiality.

In personal data protection, for users of e-Kosova portal, it is also important to further modify and develop the existing privacy policies and the consent statement enabled through the portal. Adjusting these two items in the portal ensures e-Kosova users that AIS protects their personal data, thereby it increases trust in electronic interactions provided by the state portal.

All these efforts will enable AIS to improve its digital environment in terms of personal data protection in alignment with Law No. 06/L-082 and the General Data Protection Regulation (GDPR). Providing data privacy policies, consent forms, and working towards an internal act for personal data protection ensures privacy rights, transparency, fairness, and accountability in personal data handling practices.

The USAID/Kosovo e-Governance Activity (KeG) aims to improve the Government of Kosovo’s digital service delivery and management of digital government systems by clarifying institutional roles and processes, strengthening institutional capacity to deliver services, and engaging civil society and the private sector. The activity will accelerate the transformation into an agile digital government, which ensures that Kosovans receive high-quality, efficient, and accessible government services. The Activity focuses on the following three program objectives:

1. Institutional roles and governance processes are clear, actionable, and implemented.
2. Key institutions have the technical expertise and program management skills to develop, manage, and deliver digital government platforms and services.
3. External feedback and oversight mechanisms on digital priorities and service delivery are established and used.

OBJECTIVE

USAID KeG is seeking a qualified candidate to undertake a set of tasks contributing to the development and regulation of personal data processing within the e-Kosova platform. The expert will be responsible for three key initiatives. Initially, the expert will adjust and draft the existing data privacy policies for e-Kosova and develop a consent request form in alignment with the General Data Protection Regulation (GDPR) principles. Additionally, the expert will develop a guideline for the creation of the internal act regarding e-Kosova personal data protection, according to Article 40, Law 06/L-082, on Personal Data Protection.

This initiative aims to enhance AIS’s capabilities in managing data privacy and ensuring compliance with the Law on Personal Data Protection. The expert is expected to establish working relationships with IPA and AIS, as necessary to ensure adherence to legal and regulatory requirements.

SPECIFIC TASKS AND RESPONSIBILITIES

The Short-Term Technical Advisor (STTA) will undertake the following tasks:

Task 1: Revision and development of privacy policies for e-Kosova

• Review of IPA Privacy Policy Template: Conduct a detailed examination of the privacy policy template provided by IPA.
• Identification of Relevance to e-Kosova: Evaluate each section of the IPA privacy policy template to determine its relevance and applicability to e-Kosova’s operations and objectives. Identify any sections that are not directly relevant or require modification.
• Adjustment of Privacy Policies: Modify and develop the existing privacy policy template based on the findings of the review to align with the nature of work conducted within e-Kosova.
• GDPR Principles: Ensure that the data privacy policies developed for e-Kosova are consistent with GDPR principles.
• Stakeholder check-ins: Conduct stakeholder meetings to review the proposed policies and incorporate feedback.

Task 2: Develop the consent statement in alignment with the GDPR (Interface in e-Kosova)

• Assessing of the existing procedures/system: Analyze the current e-Kosova system in terms of consent requests and identify gaps in GDPR compliance.
• Development of the Consent Procedure/Form: Prepare clear and transparent statement for obtaining user consent, which will be integrated into e-Kosova interface. This includes providing information to the platform users regarding the purpose of data collection, how personal data will be collected, used, and processed, and their rights regarding consent withdrawal. It must ensure transparency, fairness, and accountability in data processing activities, fostering trust and compliance with data protection regulations.
• Stakeholder check-ins: Conduct stakeholder meetings to review the proposed statement and incorporate feedback.

Task 3: Develop the guideline for the creation of the internal act on e-Kosova personal data protection, with respect to Article 40, Law 06/L-082, on Personal Data Protection.

• Review with IPA: Examine the obligation of governmental agencies to issue internal acts on personal data protection, as stipulated in Article 40.
• Define Steps with AIS: Collaborate with AIS to outline and describe the steps for creating the internal act for the e-Kosova portal and the personal data processed through it.
• Joint Working Session: Hold a joint working session with IPA and AIS to present the draft version and collect stakeholder feedback.
• Addressing Feedback: Incorporate any feedback derived from the joint working session, before delivering the guideline for the internal act's creation.

DELIVERABLES:

This assignment is scheduled to occur between July and 21 August 2024.

QUALIFICATIONS:

1. Education: Graduate degree in one of the following areas: Law, Data Security, Information Technology, or related fields.
2. Experience: Minimum of three years of experience in data protection, privacy regulations, compliance, or a related field, preferably in the public sector. Proven track record in developing internal acts / regulations, privacy policies, and consent procedures within government agencies or similar institutions. Experience in conducting legal reviews and ensuring compliance with GDPR principles and other relevant data protection laws.
3. Functional Skills: Expertise in data protection principles, including data collection, processing, storage, access monitoring, retention, and destruction protocols. Strong understanding of legal and regulatory frameworks related to data protection, including GDPR, and ability to align policies and procedures accordingly. Proficiency in drafting clear and concise legal documents, including internal acts, privacy policies and consent request statement, with attention to detail and accuracy.
4. Language Skills: Fluency in English and Albanian, with excellent writing and presentation skills. Proficiency in Serbian is an advantage.
5. Interpersonal Skills: Proven ability to work professionally and constructively with diverse stakeholders, including government officials, legal experts, and international donors. Excellent analytical, communication, and stakeholder engagement skills.
6. Self-Motivation and Guidance: Strong individual initiative and ability to manage daily activities and achieve expected results with or without direct oversight.

LEVEL OF EFFORT AND TIMING

This assignment is estimated to require altogether up to 10 days LOE within Kosovo. This work is planned to occur between July and August 2024, based on a time schedule mutually agreed with the KeG representatives at the start of the assignment, subject to further revisions.

PAYMENT ON DELIVERABLES

Payment for the STTA will be structured around the completion of deliverables. 30% of the total payment will be issued upon completion of the first deliverable, with an additional 20% upon completion of the second deliverable, and the remaining 50% upon completion of the third and fourth deliverable. This approach ensures that compensation is directly tied to the achievement of project milestones, incentivizing timely and successful deliverable completion.

APPLICATION INSTRUCTIONS:

Please send an email with ONLY a Cover Letter and CV attached. To KosovoEGovRecruit@chemonics.com , no later than July 30, 2024 at 1:00PM Pristina time. Please indicate the position for which you are applying in the subject line: Privacy Policy and Data Protection Expert.

Cover letter of no more than three (3) pages should include a methodology on how you will undertake the tasks (develop deliverables) and proposed timelines.

Applications will be reviewed on a rolling basis. No telephone inquiries, please. Finalists will be contacted.

Note: Failure to submit the application as requested with instructions described above may lead to disqualification of an application from consideration.

Chemonics is an employer that does not discriminate in its selection and employment practices on the basis of race, color, religion, sex, national origin, political affiliation, sexual orientation, gender identity, marital status, disability, genetic information, age, membership in an employee organization, or other non-merit factors.