As a result of EBA Information Technology Committee’s lobbying efforts on 24 October 2012 the President of Ukraine Victor Yanukovych vetoed the Law “On Amending the Law of Ukraine on Personal Data Protection” which contains, among other, the provisions on technical requirements to data bases as well as their conformity assessment procedures, which are not in line with the EU legislation.
Background: The Draft Law “On Amending of the Law of Ukraine on Personal Data Protection” (regarding improvement of legal regulation in the sphere) No 10472-1 (Hereinafter – the Draft Law) dated 28 May 2012 was initially elaborated to improve the existing Ukrainian legislation on personal data protection and bring it in line with the European norms and standards.
On 2 October 2012 the Verkhovna Rada of Ukraine adopted the Draft Law in the second hearing, granting the functions of technical standards, regulations and requirements for IT & telecommunication systems development to the State Service of Ukraine on Personal Data Protection. Moreover, this state regulatory body was empowered to provide conformity assessment of the systems used for personal data processing.
In the opinion of EBA IT Committee members, in case the Law is signed by the President, the transfer of such functions to the supervisory authority in the sphere of personal data protection not only contradicts to the requirements of the European standards and Ukrainian legislative norms, but also creates significant obstacles to doing business in general.
First, the Law was passed with numerous procedural violations, as the amendments made have not been examined in line with Verkhovna Rada’s procedures in the course of the first reading, and the changes brought actually contradicted to the main aim of the Law. Second, empowering the State Service of Ukraine on Personal Data Protection would lead to the duplication of government functions, because they are already assigned to the functions of the State Service for Special Communication and Information Protection. EU experience also shows that such body should be completely independent in carrying out its activities, which also runs counter to the situation stated by the Draft Law. Third, the adoption of these amendments is at odds with the state strategy on deregulation of entrepreneurship proclaimed by the Programme of Economic Reforms for 2010-1014 “Prosperous society, competitive economy, effective government.” Overall, despite the fact that the specific requirements for the protection of personal data are declared in various documents of the European Union, only a small part contains clear references to technical standards, and none of them ensures proper alignment of the rights to privacy, and to the technical standards created for that purpose.
For this reason the EBA drew attention of the policymakers to the unacceptability of technical regulations introduction and increased pressure from the supervisory authority, explaining that the processes associated with personal data processing and transfer are related to legal rather than technical realms. The EBA appealed to the Presidential Administration of Ukraine and the Coordination Centre of the Economic Reforms with a request to return the Law to the Parliament for further revision.
We are pleased to inform you that as a result of EBA’s lobbying efforts the President vetoed the Law. Given all these circumstances, and in order to prevent the conflict between the Ukrainian and European approaches to the protection of personal data, the Law was returned to the Parliament with President’s proposals to exclude the amendments proposed to the Article 23 of the Law in the second reading and revise the document as a whole.