27 July 2012
ARTICLE 19 analyses Data Protection Act and related legislation
(ARTICLE 19/IFEX) - 26 July 2012 - ARTICLE 19 has analysed the provisions of the Ukraine Data Protection Act, Law on Information, and Law on Access to Public Information, to assess their compatibility with international standards relating to the rights of freedom of expression and information. ARTICLE 19 finds the Data Protection Act and related legislation to be lacking significant provisions, which would ensure that the rights to privacy and freedom of expression and information are appropriately balanced.
1. The Data Protection Act and the Law on Information should be amended to ensure that there is clear exemption for freedom of expression in all cases relating to communicating information to the public - ideas, or opinions of general interest - or for literary or artistic expression.
2. Clarify the relationship between the three laws by creating and setting out a clear exemption for personal data in the Law on Access to Public Information, and by amending provisions in the other laws which contradict this.
3. Create a common list of exemptions for personal data which clearly exclude information collected about public officials or others acting in an official capacity relating to their duties or to matters which may affect their obligations, and to those influencing public policy, and to information relating to expenditures of public funds or use of public resources.
4. Ensure that the public interest test in the Law on Access to Public Information Act applies to personal information, to allow for its release where the release of the information is in the public interest.
5. Harmonise provisions on subject access in the Data Protection Act and the Law on Access to Public Information to ensure that external enforcement through an independent body is available for denials of access to individuals seeking to access or correct their own records.
6. Amend the Data Protection Act and other laws to ensure the independence of the data protection body from the state. This should be an independent regulatory body for the protection of personal data, which is administratively and financially independent of any public authority and is given adequate resources to conduct its activities.
7. Create or appoint an independent body for oversight and appeals for the Law on Access to Public Information. This can be the Ombudsman or another independent body. It must have adequate resources to effectively oversee and enforce the right to information.
Read the full analysis