Privacy Law at Armenia
In Armenia, privacy laws are primarily governed by the Constitution, civil laws, and specific legislative acts related to data protection and privacy. Armenia’s legal framework for privacy has evolved in recent years, especially in alignment with international standards like the European Union’s General Data Protection Regulation (GDPR), as the country seeks closer ties with European nations and strives to improve its legal systems.
Here’s an overview of the key privacy laws and regulations in Armenia:
1. Constitutional Protections
Constitution of Armenia (1995): Article 27 of the Armenian Constitution guarantees the right to privacy. It states that individuals have the right to the inviolability of their home, correspondence, and personal data. This constitutional provision serves as the basis for privacy protection in the country.
Right to Privacy: The Constitution also ensures protection from arbitrary surveillance and intrusion into an individual’s personal life, emphasizing the protection of dignity, honor, and reputation.
2. Personal Data Protection Law
Law on Personal Data Protection (2015): Armenia’s main legislative instrument for protecting personal data is the Law on Personal Data Protection, which was adopted in 2015. This law regulates how personal data is collected, stored, processed, and shared. It aims to align Armenia’s data protection rules with European standards, particularly with respect to the principles of transparency, consent, and accountability in data processing.
Scope of the Law: The law applies to the collection and processing of personal data both within Armenia and abroad, as long as the data is related to individuals in Armenia. It sets out specific guidelines regarding the rights of data subjects, the obligations of data controllers, and penalties for non-compliance.
3. Key Provisions of the Personal Data Protection Law
Data Subject Rights: Under the Law on Personal Data Protection, individuals (data subjects) have several rights concerning their personal data:
Right to Access: Individuals can request access to the personal data that is being held about them.
Right to Rectification: Individuals can request correction of inaccurate personal data.
Right to Erasure: In certain circumstances, individuals can request the deletion of their personal data.
Right to Object: Individuals have the right to object to the processing of their personal data in specific situations.
Consent: Personal data must generally be collected with the explicit consent of the data subject, particularly when the data is sensitive, such as health information, racial or ethnic origin, political opinions, etc.
Data Protection Officers (DPOs): Certain organizations are required to appoint a data protection officer (DPO) to oversee compliance with the law and ensure data protection practices are followed.
Data Processing Principles: The law establishes the principles for the processing of personal data, including:
Lawfulness, fairness, and transparency.
Purpose limitation (data must be collected for specified, legitimate purposes).
Data minimization (only necessary data should be collected).
Accuracy (data should be kept accurate and up-to-date).
Storage limitation (data should not be kept longer than necessary).
Integrity and confidentiality (appropriate security measures must be in place).
4. Data Protection Authority
Personal Data Protection Agency: Armenia established the Personal Data Protection Agency to enforce the Personal Data Protection Law. This agency is responsible for overseeing compliance with data protection rules, handling complaints from data subjects, and issuing penalties for violations.
Supervisory Role: The agency also provides guidance on data protection matters, issues public reports, and conducts audits to ensure that organizations are adhering to the law.
5. Electronic Communications and Privacy
Law on Electronic Communications (2011): This law governs privacy in the context of electronic communications, including phone calls, email, and internet use. It regulates how telecommunication companies handle customer data, including the protection of call logs, internet browsing data, and other personally identifiable information.
Consent for Communications: The law requires telecommunication companies to obtain consent before collecting and processing personal information related to electronic communications. It also sets conditions for lawful interception of communications in accordance with the Armenian criminal law.
6. Security of Personal Data
Data Security Requirements: Organizations that process personal data are required to implement appropriate technical and organizational measures to ensure the security of personal data, protecting it from unauthorized access, disclosure, alteration, or destruction. These measures include encryption, secure storage, and access controls.
Cross-Border Data Transfers: The law provides for restrictions on the transfer of personal data to countries that do not offer an adequate level of data protection. Cross-border transfers must comply with specific conditions to ensure that the data remains protected.
7. Criminal Law and Privacy
Criminal Code of Armenia: Armenia’s Criminal Code contains provisions that criminalize violations of privacy, including illegal surveillance, unauthorized access to personal data, and the disclosure of private information without consent. The code also provides penalties for individuals or organizations found guilty of infringing on privacy rights, including imprisonment or fines.
Data Breaches and Penalties: Failure to comply with the Personal Data Protection Law, including mishandling personal data or failing to protect data against breaches, can result in administrative penalties or criminal liability, depending on the severity of the violation.
8. Surveillance and Government Access
State Surveillance: While there are privacy protections in place, the government does have the ability to access personal data for law enforcement and national security purposes. There are provisions for wiretapping and data interception, but these actions must generally be authorized by the courts.
National Security and Public Order: In exceptional cases, the government can override privacy rights in the interest of national security, public order, or criminal investigations. However, such actions are typically subject to judicial oversight and require a legal basis for enforcement.
9. Electronic Signature and Privacy
Law on Electronic Signatures and Electronic Documents (2005): This law regulates the use of electronic signatures and documents, ensuring that electronic communications and transactions are secure and legally recognized. It is important for ensuring privacy in electronic commerce and digital communications.
Data Protection in Digital Transactions: When electronic signatures are used, the personal data associated with these transactions is protected under the Personal Data Protection Law. This includes data collected during online transactions, e-commerce activities, and other digital interactions.
10. International Compliance
Alignment with International Standards: Armenia’s data protection framework aligns with European Union standards, especially since the country is part of the Eastern Partnership with the EU. Armenia's commitment to modernizing its legal system for privacy and data protection is evident through its adoption of laws similar to the EU's General Data Protection Regulation (GDPR).
Cooperation with International Bodies: Armenia cooperates with international data protection bodies, including the Council of Europe and the OECD, to enhance its data protection laws and practices.
11. Challenges and Future Developments
Implementation and Awareness: One of the challenges in Armenia is the full implementation of privacy and data protection laws. There is an ongoing need for public education and training for organizations to ensure that they understand their obligations under the law.
Enforcement of Rights: While the law provides protections, enforcement mechanisms need to be strengthened to ensure that data subjects can easily exercise their rights. There is also a need for stronger penalties for non-compliance and greater transparency in how personal data is handled.
Adapting to Technological Changes: As technology continues to evolve, Armenia will need to adapt its privacy laws to address emerging issues related to big data, artificial intelligence, and online privacy threats.
Conclusion
Armenia’s privacy and data protection laws provide a strong framework for safeguarding personal data and ensuring privacy rights for individuals. With the Law on Personal Data Protection and various other legislative instruments, the country has aligned itself with international standards, particularly in the area of data protection. However, challenges remain, particularly in terms of enforcement, awareness, and adapting to new technological developments. The government, along with local organizations, is working toward improving data protection practices and ensuring that privacy rights are effectively protected in the digital age.
RELATED Blog
0 comments