On Personal Data Protection in the Republic of Armenia
Personal data is information on facts, events, circumstances that concerns an individual were presented in a form that allows or may allow to directly or indirectly identify the individual in question. Personal data processing is any act or sequence of acts that concern personal data collection, input, organization, modification, dissemination (including transmission), storage, rectification, access blockage, anonymization, destruction and use, performed by automated means or without thereof.
The Law “On protection of personal data” entered into force on July 1st, 2015 and replaced the previous Law “On personal data” dated 2002. Acceptance of this act is conditioned by the discrepancy of previous normative regulation to modern demands and standards. And this Law is invoked to facilitate more particular regulation in the field of personal data and reliable protection of personal data owners.
In the Republic of Armenia, personal data means data relating to a living individual who is, or can be identified either from the data, or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller. Data processing is any action, or group of actions concerned with collecting, fixing, systematizing, organizing, entering, storing, using, changing, restoring, transferring, changing, restricting access, or destroying of personal data.
This law regulates the order and conditions of processing of personal data and control over personal data by the state, or municipal authorities, state, or municipal establishments and organizations, legal entities or individuals. Important to note that the data which appears state secrecy, service secrecy, banking secrecy, notarial secrecy, insurance secrecy, client-attorney privilege as well as, data concerning with state security, money laundering and personal data used in the operational-investigative activity, or court proceeding is not regulated by this law. Personal data cannot be used without the consent of the subject of personal data.
The consent to use of the data of the subject of personal data may be withdrawn in the Republic of Armenia. Data handlers when carrying out their activities must reach their aims using information as little as possible. If their aims may be reached without data processing, data processing is prohibited. At the same time, data must be authentic, full, concise, clear and as fresh as possible.
The consent is given by transmitting the documents containing personal data to the handler, receiving data by the handler by the virtue of a concluded agreement between them (in the aims of agreement), and also by orally transferring information.
In the Republic of Armenia, the use of personal data is possible when you obtain it from open sources. In the sense of this Law, open source information is the name, last name, date of birth, place of birth, place of death, date of death and other information that became open because of deliberate actions of the owner of data. The owners of personal data in the Republic of Armenia have the right to acquire, change, restrict access and destroy information. If data handler refuses to commit one of the listed demands he provides motivated decision on refusal which may be appealed by the owner of data in court.
The Government of the RA has created authorized body on personal data protection. This body will supervise the activity of data handlers, protect the rights of data owners, keep the register of data handlers, receive notifications on data processing activity as well as inform law enforcement bodies about criminal and administrative violations and so on.
A person which intends to carry out data processing (handler) has the right to notify authorized body of personal data protection. But if the handler is going to carry out processing of special category of data or biometric data processing, he will be obliged to notify the authorized body about his intention. Data handler is entered into the register of data handlers after the notification.
In the Republic of Armenia, the special category of data is information about race, national or ethnic origin, political views, religious and philosophical beliefs, participation in various unions, health state and sexual life of the owner of the information. Biometric data is the information describing physical, physiological or biological peculiarities of a human. This category of data is subject to processing only after the receiving of consent from the owner of data. In case of illegal spread, transmitting, storing, changing, destroying or restricting of the information, data handler may be brought to legal responsibility.