808/22

“New approaches to personal data in Uzbekistan: security measures are being improved”

The human right to protect personal information is one of the fundamental rights in the modern information world. The methods of its processing with the use of technical means and their vulnerability make it possible to access to confidential information of third parties, which can cause damage to the individual and her interests.

Personal data is spreading faster and faster due to advent and development of technology. In a contemporary modern digital reality, such information can be used against a person. Therefore, states around the world are trying to ensure the protection of the personal data of their citizens.

Europe

The European Union adopted the General Data Protection Regulation (GDPR) to protect personal data. This document was adopted in April 2016, it entered into force in May 2018. It applies not only to EU member states, but also to any legal entity, even a foreign one, that processes personal data of EU citizens.

USA

In the United States, federal law defines only the duties of government agencies in the field of personal data protection. Regulations that relate to legal entities processing personal data are adopted at the state level. For example, in the state of California in 2020, a law was adopted regulating the rules for data collection and work with them. In accordance with this law, an individual who uses the services of Internet companies has the right to know: what information is collected about him by Internet companies, for what purpose the companies collect this information, how the data will be used.

Malaysia

In 2010, the Personal Data Protection Act of Malaysia introduced a ban on the transfer of personal data outside the country. Cross-border transfer of personal data is possible only under certain conditions and in a number of exceptional cases. The consent of the subject of personal data must be obtained if there is a need to fulfill the contract between the subject and the operator, the need to fulfill the contract between the operator and a third party, which was concluded at the request or in the interests of the subject of personal data.

India

In accordance with India's National Data Sharing and Accessibility Policy, all data collected using government resources must be stored in India. In February 2014, the National Security Council of India proposed to ensure the localization of all personal data of Indian citizens within territory of India.

 

Uzbekistan

All the reforms carried out in Uzbekistan are based on universal principles enshrined in the Constitution, and according to these principles, the highest value is a person, his life, freedom, honor, dignity and other inalienable rights.

Today, large-scale measures are being implemented in our country to ensure reliable protection of rights and freedoms, respect for the honor and dignity of the individual. Their results can be seen in high milestones achieved in recent years, in improvement of the welfare of the people, in the growth of the country's authority on the world stage.

The Constitution guarantees legal protection to its citizens both on its territory and abroad. At the same time, according to the Law "On Principles and Guarantees of Freedom of Information", legal entities and individuals who receive, own and use information about citizens are liable under the law for violating the procedure for using this information.

Currently, large-scale measures are being taken in Uzbekistan aimed at ensuring its independence, transformation into an independent state institution for the reliable protection of human rights and freedoms. The new requirements of the Law "On Personal Data" will improve the standards for storing personal data of citizens of the republic, strengthen the security of personal data of citizens.

As part of the reforms carried out by the President of Uzbekistan, the country pays special attention to improving the culture of using information and communication means by citizens, preventing violations of privacy related to the disclosure of personal and confidential information on the Internet, as well as creating a system of combating against cybercrime.

An accelerated development of information and communication technologies is one of the main priorities of the state policy of Uzbekistan. The digital economy is turning into a "driver" sector in the strategy of further development of the republic, the range of IT-services is constantly expanding and exports are increasing, the goal of transforming Uzbekistan into a regional IT-center is being systematically achieved, and in the era of expanding the information space and the development of digitalization, constant work is being carried out with competent authorities and departments to protect against cyber threats.

Regulation of relations in the field of personal data in the Republic of Uzbekistan is carried out by the Law of the Republic of Uzbekistan "On Personal Data" of July 2, 2019 No. ZRU-547 (adopted by the Legislative Chamber of the Republic of Uzbekistan on April 16, 2019, approved by the Senate of the Republic of Uzbekistan on June 21, 2019).

According to Article 8 of this Law, the authorized state body in the field of personal data is the State Personalization Center under the Cabinet of Ministers of the Republic of Uzbekistan.

In turn, the State Personalization Center exercises, within its powers, state control over compliance with the requirements of the legislation on personal data, and makes mandatory prescriptions for legal entities and individuals to eliminate violations of the legislation on personal data.

At the beginning of this year, the President of the Republic of Uzbekistan signed the Law "On Amendments and additions to certain legislative Acts of the Republic of Uzbekistan" No. ZRU-666 of January 14, 2021.

This regulatory legal act introduced a new Article 271 (Special conditions for processing personal data of citizens of the Republic of Uzbekistan) into the Law of the Republic of Uzbekistan "On Personal Data" No. ZRU-547 of July 2, 2019, according to which, "the owner or operator when processing personal data of citizens of the Republic of Uzbekistan using information technologies, including in the world information network Internet, is obliged to ensure their collection, systematization and storage in personal data databases on technical means physically located on the territory of the Republic of Uzbekistan and registered in accordance with the established procedure in the State Register of Personal Data databases.".

It should be noted that in accordance with the Law of the Republic of Uzbekistan "On Personal Data", as well as in order to effectively organize state control over compliance with legal requirements when processing personal data of citizens of the Republic of Uzbekistan, the Cabinet of Ministers of the Republic of Uzbekistan approved Resolution No. 255 of April 29, 2021 "Regulation on the procedure for state control over compliance with certain conditions storage of personal data of citizens of the Republic of Uzbekistan".

According to this Provision, the State Personalization Center under the Cabinet of Ministers of the Republic of Uzbekistan, on the basis of the information received, within its competence, submits to the State Inspection for Control in the Field of Informatization and Telecommunications of the Republic of Uzbekistan a conclusion on violations of special conditions for processing personal data of citizens of the Republic of Uzbekistan for taking measures against owners and (or) operators in accordance with the procedure established by law.

It should be noted that many services, particularly, payment services, are provided exclusively in electronic form in the information space. Therefore, the volume of personal data in these processes has increased significantly, i.e., many of our citizens have to enter their personal data into these information systems for objective reasons.

In such circumstances, each country has the right to protect the personal data of its citizens by making appropriate requirements.

The above is especially relevant taking into account the trends of increasing cases of data leakage in social networks and other Internet resources in the world. As a result, the personal data of millions of people, as well as citizens of Uzbekistan, become stolen. At the same time, there is an increasing risk that illegally obtained personal data of citizens may be used by certain structures and others to realize their socio-political and economic goals.

In many countries, for example, in Canada, Australia, Argentina, companies that have access to personal data of citizens are required to store them on the territory of the country.

In this context, it can be confidently stated that the requirements of the Law of the Republic of Uzbekistan "On Personal Data" allow to unify the norms for storing personal data of citizens in the Republic of Uzbekistan, which not only ensures the security of personal data of citizens, but also stimulates the further development of the IT-industry.

At the beginning of last year, all owners and operators of personal data, both domestic and foreign, were informed of the need to ensure compliance with the requirements of Article 271 of the Law of the Republic of Uzbekistan "On Personal Data" when processing personal data of citizens.

According to the results of monitoring conducted by the authorized body in the middle of last year, it was revealed that in foreign social networks and messengers, personal data of citizens are processed in violation of the requirements of national legislation. In this regard, the prescriptions have been issued to some companies that own social networks.

Most of the companies that received letters and prescriptions, correctly and adequately perceived the essence of the requirements of the legislation of the Republic of Uzbekistan, and at the moment, the authorized bodies, together with many global IT-companies, are working purposefully to assist and assist in resolving issues of placing their technical means of processing personal data of citizens on the territory of the republic.

As a result, currently the database of personal data of some foreign companies is already localized on the territory of the republic.

In accordance with the current procedure for processing personal data of citizens of the republic, a systematic work is underway to improve the relevant laws and regulatory documents in this direction, taking into account public opinion and foreign experience.

In particular, the relevant ministries and departments in Uzbekistan are currently working to create conditions for free access to foreign social networks and messengers on the territory of the republic. This is an important step towards liberalizing the rules defining the use of personal data, and, first of all - access to them.