Doctor of Law, Chief Researcher Parliamentary Research Institute under the Legislative Chamber of Oliy Majlis of the Republic of Uzbekistan.
The rapid development of digital technologies and artificial intelligence in the world has a direct impact on the privacy of personal life, and the protection of personal information has become an impartial reality.
Personal data is understood to be information recorded in electronic or paper form directly related to a person. For example, information about a person’s surname, first name, patronymic, year and place of birth, profession, citizenship, education, family status, workplace, residential address, family members, health, social status, partisanship, military service information is included among them.
Information about a person from birth leaves a “trace” somewhere throughout his life. In particular, when using public services, in hospitals, registry (FHDY) offices, kindergartens, schools, banks and other organizations, on the pages of social networks that you use daily or in databases, there is information about a person in a photo, video, audio, written or electronic form.
Personal data is collected, systematized, stored, changed, completed, used, distributed and transmitted through various organizations, state bodies, social networks and everyday “gadgets”.
In addition, the incidence of identity theft, misappropriation or manipulation is high, with 79% of global internet users having lost control of their personal information, according to the “Chilling Privacy Statistic”.
According to data, the number of Internet users in the Republic of Uzbekistan is 32.0 million, of which the number of mobile Internet users is 31.5 million.
While digital technology has many benefits, such as connecting with friends and family, shopping online, and accessing government services, it also raises concerns about the security of personal information.
The need to protect personal data is growing. Because every day we see issues related to cases of malicious use of personal information belonging to others through various information distribution platforms.
In particular, the distribution of personal information of a person who has suffered sexual violence on social networks, the publication of personal information of a citizen suffering from COVID-19 or another infectious disease in the mass media, the sale of personal information for commercial purposes, the taking of their personal images from a person’s residence, the influence of social networks There are many cases of information (sensitive data) distribution, collection of consumer information by commercial organizations, financial fraud and collection of personal data.
As can be seen from the above, the protection of personal data has become an impartial reality today. Therefore, human information has always been valuable, but at the same time it is becoming a unique “commodity” and raises the following legitimate questions: Do we have rights to control our data? How is the privacy of our personal information protected?
There are relevant norms in international documents that prohibit the use of information about a person’s personal life, which constitutes a personal or family secret, without his consent.
In particular, in accordance with Article 12 of the Universal Declaration of Human Rights: “No one may be arbitrarily interfered with in his personal and family life, his home, his correspondence secrets, or his honor and dignity.”
Article 31 of the new version of the Constitution of the Republic of Uzbekistan states: “Everyone shall have the right to inviolability of private life, personal and family secrets, protection of honor and dignity”.
Everyone has the right to keep their correspondence, telephone conversations, mail, electronic and other messages confidential. Limitation of this right is allowed only in accordance with the law and based on the decision of the court.
Everyone has the right to the protection of personal data, as well as the right to the correction of inaccurate data, collected about him unlawfully or without legal grounds. has the right to demand the destruction of the remaining data.
In the text of this article, it is precisely the right to “inviolability of one’s personal life, to have personal and family secrets, to protect one’s honor and dignity”, “the secret of correspondence and telephone conversations cannot be disclosed” “anyone protection of personal data, correction of incorrect data, disposal of data collected illegally or without legal basis “has the right to demand that it be done” reflects the constitutional requirements for the protection of personal data. This, in turn, imposes certain obligations. In particular, the state guarantees the protection of personal data. In particular, protection of personal data, correction of incorrect data, destruction of illegally collected personal data, integrity and preservation of personal data, confidentiality should provide.
Digital technology makes the job easier for the individual. For example, receiving a certain type of service is a necessary condition for the processing of personal data. It should be noted that the distribution of personal information without the consent of a person can contribute to the formation of his positive image, as well as cause financial damage or damage to his reputation, moral or material damage. In particular, personal databases have the potential to alter information that poses threats to personal interests. Therefore, it is necessary to determine the boundaries of legal regulation of personal data protection.
In New Uzbekistan, where human dignity is honored, a truly new era of personal data protection has begun. In particular, according to the Law “On Personal Data” adopted in 2019, this is a clear confirmation of this. According to it, persons who can use personal data must not disclose and distribute personal data to third parties without the consent of the owner of this data.
To eliminate various errors in the personal data from the state body, natural or legal person, which performs personal data processing, as well as to destroy the data that was collected illegally without his consent and has no legal basis. has the right to demand. If the organization does not meet this requirement, the person has the right to apply to the court in order to restore his violated rights.
For example, a person whose photo appears in an article not related to him can request the physical or legal entity that distributed this article, as well as the state body, to exclude (remove) his photo from the content of the article.
In foreign countries (Singapore, Japan), this right, known as the “right to be forgotten” (right to be forgotten), refers to information about a person that is collected illegally or does not have a legal basis. means the right to demand the destruction of information resources, including the Internet.
Big data, which is a large collection of structured and unstructured digital data that is growing at a very fast pace, makes the processing of personal data a reality.
Big Data selects and organizes data for analysis, using artificial intelligence to perform advanced analytical tasks from big data. For example, data is processed through various methods of data analysis collected through social networks (Facebook, VKontakte, LinkedIn, Instagram, etc.). Therefore, in this case, the privacy of personal data requires protection by law.
On January 14, 2021, the President of Uzbekistan signed the law on amendments to the law “On Personal Information”. On this basis, the current law was supplemented with Article 271 entitled “Special conditions for processing personal data of citizens of the Republic of Uzbekistan”.
According to the law, “the owner and (or) the operator shall process the personal data of the citizens of the Republic of Uzbekistan using information technologies, including the processing in the global information network of the Internet, on the technical means physically located in the territory of the Republic of Uzbekistan and in the prescribed manner It is necessary to ensure that personal data bases are collected, systematized and stored in personal data bases registered in the state register.
So, it can be seen that the person is required to eliminate various errors in the information about the person from the responsible state body, natural or legal person, as well as information that was collected illegally without his consent and has no legal basis. allows you to request that it be deleted.
In 2018, the UN High Commissioner for Human Rights presented a report on the Right to Privacy in the Digital Age to the UN Human Rights Council at its 39th session in August 2018.
The 2018 report of the UN High Commissioner contains the most detailed recommendations on the regulation of personal data in the context of protecting the right to privacy. The recommendations apply to both member states and commercial companies. If we analyze the following:
a) to create effective, robust and comprehensive legislation in line with international human rights standards for effective protection of personal data;
b) ensure that the state only implements data-intensive systems, including databases related to the collection and storage of biometric data, if it can demonstrate that they are necessary and proportionate to achieve a legitimate objective;
c) establishment of independent bodies authorized to monitor the illegal processing of personal data, the practice of ensuring the confidentiality of data, investigate violations, receive complaints from individuals and impose fines and other effective sanctions;
d) Ensure that any restrictions on the right to privacy, including communications surveillance and data sharing, comply with international human rights standards, including the principles of legality, necessity and proportionality, regardless of nationality or location, through appropriate legislation and other means. In this case, there must be grounds for suspicion that the person who is being monitored by digital technologies has committed or is committing criminal acts, as well as that the person is carrying out actions related to a specific threat to state security;
The analysis of the international standards named above shows that it is appropriate to define the following prospective directions for improving the system of ensuring effective protection of personal data in the Republic of Uzbekistan:
firstly, the control of personal data by the operator and the relevant person, increasing the transparency of the process of processing personal data, introducing modern information and communication technologies in the optimization of information exchange;
secondly, to create a structural unit responsible for ensuring the electronic security of personal information in state and private organizations or to introduce a system of assigning such security tasks to one of the structural units;
thirdly, responsibility for the storage and processing of personal data, selection of operators, and improvement of knowledge and skills of relevant officials;
fourthly, to develop a clear mechanism for the use of personal data from the point of view of public interest by forming a register of data on privacy;
fifthly, development of qualification requirements for persons, experts and specialists working with data related to personal privacy;
sixthly, to introduce a mechanism for the use of artificial intelligence such as “internet privacy officer” in order to prevent the illegal dissemination of personal information through Internet networks;
seventhly, to introduce a mechanism to control the legality of personal data processing by the owners of personal databases using personal databases through a platform such as “BigID”.