Home | Databases | WorldLII | Search | Feedback University of New South Wales Faculty of Law Research Series

Greenleaf, Graham --- "Kazakhstan Enacts Central Asia's Second Data Privacy Law" [2013] UNSWLRS 59

Last Updated: 27 September 2013

Kazakhstan Enacts Central Asia's Second Data Privacy Law

Graham Greenleaf, University of New South Wales

This paper is available for download at Available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2319178

Citation

This paper was published in Privacy Laws & Business International Report, Issue 124, pp. 23-24, August 2013. This paper may also be referenced as [2013] UNSWLRS 59.

Abstract

Kazakhstan’s Law on Personal Data and their Protection, signed into law on May 21, 2013 by President Nursultan Nazarbayev (in office since 1990) will come into effect on November 26, 2013. Kazakhstan thus becomes the second country in Central Asia with a data privacy law, joining the Kyrgyz Republic (Law on Personal Data, 2008), and the 100th jurisdiction globally to enact a data protection law.

This article summarizes the main components of the law, concluding that it does contain the essential components of a data privacy law. The law covers both public and private sectors. It includes a set of data protection principles largely consistent with basic international standards. The law does not create a data protection authority (DPA) but does make provision for civil and criminal penalties for breaches.

The article also considers briefly the position of a data privacy law in an authoritarian state with single-party rule, and no history of respect for civil liberties. Despite its limitations and questionable likelihood of enforcement, the law raises issues to which any companies doing business in or with Kazakhstan must give serious consideration, particularly due to the potential for inconsistent approaches by different government agencies.