27. August 2021
The Mongolian legislation on the protection of personal data is currently limited to two laws: the Law on Personal Secrets and the Law on Organisational Secrets, both enacted in 1995. The provisions are considered vague, ambiguous and insufficient, which makes them rarely used in practice. This leads to the lack of interpretation and application. Therefore, the not well developed data protection legislation requires systematic and consistent reforms in order to meet the various societal challenges and to comply with international standards.
Within the framework of the “Action Plan of the Government of Mongolia for 2020-2021” a draft law on the protection of personal data is in the process of being approved. In this regard, the parliament of Mongolia, the State Great Khural, has recently announced discussions on several draft laws. They include the Law on Public Information, the Law on Protection of Personal Data, the Law on Cyber Security, and the Law on Electronic Signatures.
The discussions were jointly held by the Standing Committee on Innovation and e-Policy and the Standing Committee on Legal Affairs on August 10th, 2021. Now, the Mongolian government is responsible for preparing the revised drafts.
The draft Law on Protection of Personal Data aims to regulate relations with regard to the collection, processing, and use of personal data as well as to ensure their security. It outlines rights and obligations of data processors and controllers, contains data subject rights and includes provisions for international data transfers.
The bill is an important step towards alignment with international data protection standards. If passed, the law will come into force on November 1st, 2021.
27. May 2021
Last month, on April 2nd, the Belarusian House of Representatives adopted in the second reading the draft law “On the Protection of Personal Data”. The law was passed on May 7th. It is the first Belarusian legal act specifically intended to lay down issues of data protection.
The law is aimed at the legal regulation of social relations arising from the processing of personal data of individuals as well as ensuring the protection of such data and the rights and freedoms of individuals in the processing of their personal data. It implies that
Processing of personal data must be commensurate with the stated purposes of its processing and ensure at all stages a fair balance between the interests of all persons concerned.
The provisions concern in detail, inter alia:
- definition of the categories of personal data as well as principles and conditions of their processing, with and without the use of automated means
- determination of the process for cross-border transfer of personal data; in particular, it is prohibited if a foreign country does not provide an adequate level of protection of personal data subjects rights
- determination of the data subject rights and obligations of public authorities, legal entities and natural persons within the processing of personal data, with regard to particularly the appointment of a Data Protection Officer and data breach notifications
- establishment of additional safeguards against arbitrary and uncontrolled collection, storage, use, dissemination, provision and other processing of personal data
- procedure for the establishment of an authority empowered with the protection of data subject rights and its competence; the foundation of the mentioned authority shall be assigned to the Council of Ministers of the Republic of Belarus together with the Operations and Analysis Center under the President of the Republic of Belarus within three months after the official publication of the corresponding law
- liability for violation of the provisions.
The purpose of adopting this law is to ensure an adequate level of protection of personal data and to support the development of business, trade and economic relations of the Republic of Belarus with other countries.
The main provisions of the law shall enter into force six months after its official publication.