Protection of Personal Data

The Public Foundation “Civil Initiative on Internet Policy” among other activities, creates conditions for implementation and application of the law on personal data protection, its improvement with reference to the best international practices, and establishment of an oversight mechanism to collect, process, store, as well as to protect personal data.

In 2014 the Government of the Kyrgyz Republic initiated a mandatory collection of biometric data (fingerprints) and other personal data for various (not accurately formulated) purposes, thereby they have created a threat to the observance of the constitutional rights to privacy.

The CIIP has focused on development of legislative changes and creation of effective mechanisms to implement the law on personal data protection on the one hand, and, on other hand, explanation of the issues related to the mandatory collection of biometric data as violence of constitutional rights of citizens. The CIIP initiated the treatment to the Constitutional Chamber of the Supreme Court of the Kyrgyz Republic on the compliance of the compulsory biometric registration with the Constitution of the Kyrgyz Republic. As a result, by the decision of the Constitutional Chamber the Parliament of the Kyrgyz Republic was entrusted to reconsider the edition of the law on biometric registration, to amend with regard to the purposes, in which biometrical data will be collected, excluding obviously disproportionate ones to the Constitution and international standards.

The CIIP has done a considerable work on introduction of amendments to the current law “On information of a personal nature” and development of bylaws to create mechanisms for implementation of the law at the governmental level. These changes are important in terms of upcoming electronic interaction in frameworks of the Eurasian Economic Union between not only public authorities, but also legal entities and individuals, as well as personal data exchange by its subjects, including issues of cross-border transfer of personal data.

In order to create an oversight mechanism of collecting, processing, storage and personal data protection, the CIIP has reached understanding with the government structures in the necessity of creation of an authorized body on personal data protection.

The Government of the Kyrgyz Republic has come to the decision to create such body in the structure of the State Committee of Information Technologies and Communications. With the support of the CIIP, the Provision on Authorized Governmental Body was developed, taking into account political changes in the country and specific of operation of the State Committee of Information Technologies and Communications of the Kyrgyz Republic.

In addition, the CIIP works on development of the norms, which establish the responsibility for offenses and crimes regard to the personal data, in order to introduce amendments to the Code on Administrative Liability and the Criminal Code of the Kyrgyz Republic.

In order to improve the capacity of representatives of law enforcement authority, oversight bodies, judges, public authorities, specialized in data protection sphere, the CIIP also conducts trainings in framework of the Digital Rights School.