legislation on personal data protection in Armenia

Armenia is now on its way to digitization. During the last five years there is a substantial progress in this sphere in private, public and government sectors. More and more commercial and public services are provided online. According to United Nation Public Administration Network’s E-Government Surveys, E–Government Development Index (EGDI) of Armenia manifests a sound rise during 2005-2014 and currently it is included in the list of countries with high EGDI.

Such development implies a massive data collection and storage in a digital way. Undoubtedly it has a quite positive effect by facilitating the citizens and customers, money and time saving, transparency which in its turn gives life to productivity.

However, on the other side digitally stored personal data increases concern on personal data security. Who and how can access the personal data stored in the servers (databases).

Within the Armenian private sector, especially banks, such electronic systems have already been used for many years and have proved their effectiveness and security as besides legislative regulations they are vitally interested in their clients’ satisfaction and personal information leak may cause a significant customer turnover.  A constant monitoring reduces the risks of corruption and abuse.

Other situation is in the governmental sector which makes its first steps to the way of digital data protection and sharing. Moreover effective e-government requires that different governmental and public entities practice information systems interoperability which implies access to the data by more members and enhances security risk.

However, in order to solve this issue, during the last years Armenia has made several steps, including adoption of legislative acts aimed to regulate access to and protect personal data.

The first sound step in this direction the country made in 2012 was the joining the Council of Europe’s convention for the protection of individuals with regard to automatic processing of personal data. The convention was initially adopted in Strasburg in 1981 with the aim to protect individuals’ right to privacy and security of the personal data in spite of their nationality and residency.

On May 18, 2015 Armenia adopted the law on personal data, which regulates collection, usage and dissemination of citizens’ personal data by the government organizations, local self-governance bodies and all other legal entities.

The law formulates the main terms and concepts related to personal data and its usage, including the following:

  • Personal data
  • Processing of personal data
  • Transmission of personal data to the third parties
  • Use of personal data
  • Depersonalization of personal data- (meaning operations, making impossible to identify the data subject to whom they belong)
  • Blocking of personal data
  • Destruction of personal data -(the restoration of the content of personal data contained in an information system impossible)
  • Data on personal life
  • Biometric personal data
  • Special category personal data (information relating to race, national identity or ethnic origin, political views, religious or philosophical beliefs, a trade-union membership, health and sex life of a person)
  • Publicly available personal data

The law defines the principles of processing and collecting the personal data. The main principles state that the data must be collected solely in a legal way, be precisely correct and provide the minimal involvement of the person whose data is collected. The latter statement is one of the important components of the e-government, which allows citizens to avoid inconvenient and time consuming collection of various references from different state bodies.

According to the constitution of the Republic of Armenia the law includes the rights of citizens to know what data related to them is collected and stored, allows them to demand this data, and complain if the data is incorrect or other issues are detected.

It should be noted that this Law does not regulate relations connected with processing of personal data considered to be of state confidentiality.

The main conclusion of the author is that Armenia makes all efforts for the effective personal data protection, regulating the process by the constitution, legislation and joining the above noted European convention, however the country still has a challenging way to develop the necessary secure infrastructure, that will allow the country to resist various malicious and hacker activities and counter other cybercrime dangers. – Anna Banduryan, Armenia.

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: