Right to personal data is one of the top priority tasks of Verkhovna Rada on the way to the European Integration

Given an incredibly fast development of technology, personal information got into a valuable product, and the personal data market turnover is evaluated in billions of dollars. After signing the Association Agreement with the EU, Ukraine agreed to ensure personal data protection in accordance with the highest European and international standards. That is why the approval of a new law “On personal data protection” is mandatory for the integration of Ukraine in the EU.

In the summer of 2021, Verkhovna Rada of Ukraine registered the draft no. 5628 of the Law of Ukraine “On personal data protection”. It has been evocated to increase the level of Ukrainians’ private life protection and align Ukrainian legislation with international standards. But, unfortunately, it has not been approved by the legislators during the voting session. Nowadays, the updated draft has been registered again, and the Parliament’s first reading of it can take place by the end of the year.

Given the European integration aspirations of Ukraine, the approval of this law has a crucial importance.  Because, in order to become a fully recognized member of the EU, our state needs to fulfill the European standards in different fields. One of these fields is the guarantee of the right to privacy or personal data protection, explained in other words.  

What is the personal data protection?

Personal data are the data regarding the information about us. On another side, it is the price we need to pay to have a comfortable life. We receive the recommendations regarding the products we googled, cause companies possess our personal data. In addition to the usual personal data, such as first name, given name, age, sex, and your likes on the social media, there are some sensitive ones. This kind of data includes information on ethnical background, religious and political opinions, medical, biometrical and some other data.  

In the context of incredibly fast technological development, when personal information got into a valuable product, the system of personal data protection is evocated in order to make the technologies still be friendly to human аnd to make everyone have, at least, a little bit of private space. Because when we grant access to our contact list, geographic localization or gallery to the apps, we actually share our private data.   The same works for the services: we communicate the address to delivery services; we indicate our geographical location for car services and share some other personal data. That is why it is so crucial to protect our personal data according to the highest standards.  

What are the highest standards?

According to the Article 15 of the Association Agreement between Ukraine and the EU, Ukraine assumed “to guarantee the adequate level of personal data protection according to the highest European and international standards, in particular, in accordance with the respective documents of the European Council”.

In this case, speaking on the highest European and international standards we may mean two documents.  The first one is the modernized Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, so-called Convention No. 108+.  The second one is the General Data Protection Regulation, also known as GDPR. These are exactly the documents applicable in Europe at the moment, and our legislation needs to be aligned with them.

Аnd what about Ukraine?

The current law of Ukraine on personal data protection was approved in 2010, and it has been based on the Convention 108, the European document approved in 1981. So, actually, the current law applicable in Ukraine contains the legal norms of 1981. Obviously, since then the world experienced a significant development of informational technologies, in particular, of online services, online banking systems, e-commerce, state online services, i.e. all the services foreseeing personal data protection.

In 2018 the Convention 108 had been modernized by the approval of an additional protocol, so it has been called “Convention 108+”. Ukraine did not ratify the additional protocol at the moment, cause in order to be able to ratify it, it is necessary to correspond its requirements.  

GDPR, General Data Protection Regulation in the EU was approved in 2016 and entered into force in  2018. It is a revolutionary legislative act that influenced the work of all the public institutions, non-governmental organizations, and companies of the EU. This document reinforced and detailed the requirements tо guarantee the right to privacy and increased human rights with regards to this area.  One of its tasks was to ensure that everyone has a possibility to control the distribution and use of the proper personal data by other individuals. It got into a basis, necessary to develop a new draft law on personal data in Ukraine, which will be revised by Verkhovna Rada in the nearest time.

Therefore, we have two European documents regarding the personal data protection, we need to fulfill in terms of personal data protection and processing in our country in order to get a chance to become a fully recognized member of the EU.

A new draft law on personal data protection

The new variant of the law of Ukraine on personal data protection was designed in order to ratify two aforementioned European documents and update Ukrainian legislation in accordance with the requirements of the actual life and to adapt it to the state-of-art technologies in the field of personal data protection.

In particular, the draft law foresees the clear formulation of the principles and the lawful basis of personal data protection, transparent requirements to personal data processing, in order to avoid abuse, to identify the duties of the actors recollecting and verifying the personal data, and also to define the sanctions in case of violation of the right to the personal data.

This new draft law has been developed in collaboration with the experts in the field of personal data protection of the EU4DigitalUA project. They granted their technical assistance during the legal analysis in order to check its conformity to the requirements of European legislative acts of the Convention 108+ and the  GDPR. EU4DigitalUA had an opportunity to involve the best Ukrainian and European experts in the field of personal data protection and use their experience in order to improve the legislation of Ukraine. Also, the project cooperates directly with the Spanish Data Protection Agency, the organization which is responsible for the compliance of European standards in Spain for many years and has a great experience in this field.  

We cannot get into a true part of the European community without the full compliance of its standards. That is why the approval of a new law of Ukraine on personal data protection, corresponding to all of European requirements is an irreversible and necessary step towards European integration. If the draft law is not approved by the Verkhovna Rada again, it will lock the development of the country on the way to European integration.  

Аndrew Nikolayev, Key Personal Data Protection Expert of the project EU4DigitalUA