We periodically inform our personal data, in other words, all information, which makes it possible to identity the person: name, last name, phone number, address, work place, bank card number, car plate numbers, marital status, etc. to a state local government or other agencies for a specific purpose. But what is the guarantee that these data will be used only for given purpose, after which they would not be saved and re-used without our consent?
On the one hand, we do not want our personal data made available to the public. For example, a few days ago, police released a report on assault on the apartment belonging to this person at this address. The websites reported further more, informing specifically who lives there. The personal data of this man was made available to the whole world by a group of police.
We witnessed just the contrary case last year in Germany, where perhaps the strictest law of personal data protection is operating. Our friend’s purse was stolen from the lobby of the hotel. However, the hotel administration and the arrived police at no cost agreed to watch the footages fixed by the camera in the lobby at the moment of arrival. They were constantly reiterating: data protection, data protection. It turned out that according to the law, first, the police must obtain a permit from the hotel chains, which in its turn should apply the camera installing company, only after that the specific police officer can watch specific footages, only the parts depicting the alleged thief. And the whole meaning of these fuzzy measures was to protect personal data of all other people in the lobby.
Read also
Naturally, the theft was not disclosed. On several occasions, during conversations with European experts on this subject, they admitted that the protection of personal data enters into some contradiction with the public interest and freedom and transparency of information. And yet, every country decides on its own whether the freedom of information is more important for them or the protection of people’s personal lives. Our country, so far, does not have a mechanism providing the illegal development and prevention of personal data, because the RA Law on “Personal Data” providing the legal regulation of the sector, which was passed 12 years ago, is already outdated, and does not respond to a number of key issues.
Lawyer Karen Mezhlumyan says, “The current law does not provide definition of popular data, which causes problems in practice. Along with “The Freedom of Information Center” NGO, we have participate in many court disputes with various government agencies, which reasoning the “personal data” had refused to provide the requested information, in the event when given information was to be posted on their websites by the law enforcement.” Now, it is introduced to the National Assembly, and it is scheduled that already as of 1 January 2015, the bill of the Ministry of Justice on “Personal Data Protection” shall enter into force, which is trying to close all the “gaps” available in the previous law, and to make the legal regulation of the sector in line with the trends of the world, the European standards.
The “right to be forgotten” is relatively new in the European standards, referring to which, a bill is introduced to the European Parliament, which is called to legally endorse the precedent decision passed by the European Court last year on May pertaining to having the right “to be forgotten” (“Aravot”, 20.05.2014). Our new bill has also taken this into account in Article 10, clauses 7 and 8. Unlike other countries, there is no authorized body in Armenia, which will follow the legality of the processing and use of the personal data, will issue a conclusion on legality of proceedings with personal data and will be able to prevent the illegalities in this sector.
So far, people who doubt that their personal data are exposed to illegal processing may apply to the police, which, as we saw in the above example, sometimes, on its own, improperly uses the available information regarding people’s personal data. The new bill includes a clause on establishment of a Personal Data Protection Authorized Body in the system of the Ministry of Justice. The identification and correction of the problems available in the personal data protection system will be attributed to this Authorized Body. Lawyer Karen Mezhlumyan gives much importance to the establishment of this institution. In his turn, the Center for Freedom of Information “considers the subordination of this Body from the Executive unacceptable”, and suggests defining an institute for Freedom of Information and Personal Data Protection Commissioner instead of the Authorized Body for the Personal Data Protection, which will be entitled as a mediator between the state and the society regarding the resolution of disputes on the matters of personal data protection and freedom of information.
Note that although merging of these sectors in one institution seems inappropriate because of the obvious conflict of interests, however, there are similar precedents in other countries, too. In response to our question of whether Deputy Minister of Justice, Arsen Mkrtchyan, considers the suggestion of FOI acceptable, replied, “The government of Armenia has not provided this function when giving the approval, hence, at this stage it would be difficult to give an exact answer to the question.” He noted that the industry is new for us, and the involvement of the authorized body in the structure of the Ministry of Justice is also due to this fact. “It is important for the authorized body to have elements of independence, now it is new, when it works, later we would see whether it is necessary to have a big separate structure or not.”
Melania BARSEGHYAN