New Standards for Data Privacy In Armenia

New Standards for Data Privacy In Armenia

Law of the Republic of Armenia of 13 June 2015 No. 49-ZR on the Protection of Personal Data, also known as the Personal Data Law is a data protection law that was passed in Armenia in 2015. As the principles of personal data protection have grown in importance in the country of Armenia in recent years, the Personal Data Law represents the country’s first step in guaranteeing the data privacy rights of their respective citizens. Moreover, as Armenia is one of a number of European countries that is not a part of the European and as such, is not subject to the provisions of the General Data Protection Regulation or GDPR, the country needed legal protection that would be on par with their European counterparts. As such, the Personal Data Law establishes the legal grounds on which personal data may be processed in Armenia.

How are data controllers and processors defined under the Personal Data Law?

Under Armenia’s Personal Data Law, no specific definition is provided for the term “data controller”. However, the law defines the term “data processor” broadly to mean “a state administration or local self-government body, state or community institution or organization, and/or legal or natural person, which organizes and/or carries out processing of personal data”. Furthermore, personal data is defined as “any information relating to a natural person, which allows or may allow for direct or indirect identification of a person’s identity”. Additionally, while the law does not provide a specific definition for “sensitive data”, regulatory decisions that have been made according to the provisions of the law show “that sensitive includes biometric data and special categories of personal data which includes data relating to race, national identity or ethnic origin, political views, religious, or philosophical beliefs, a trade-union membership, and health and sex life of a person”.

What are the requirements of data processors under Armenia’s Personal Data Law?

Under Armenia’s Personal Data Law, data processors within the country are responsible for adhering to the following principles as it relates to data processing:

What are the rights of Armenian citizens under the Personal Data Law?

Under the Personal Data Law, data subjects have the following rights as it pertains to the protection of their personal data and privacy:

More specifically, the Personal Data Law states that “the data subject will have the right to information about his or her personal data, the processing of his or her data, grounds and purposes for the processing, the processor of the data, and the registered office thereof, as well as the scope of persons to whom the personal data may be transferred, as well as to get familiarised with his or her personal data, and require from the processor the right to rectify, block, or destruct his or her personal data where the personal data is not complete or accurate or is outdated or has been obtained unlawfully or is not necessary for achieving the purposes of the processing”. In terms of penalties that can be imposed as a result of violating the rights of Armenian citizens, the Personal Data Law is enforced through the Code on Administrative Violations.

To this point, the Code on Administrative Violations contains various sanctions and penalties that data processors operating with Arenmia are subject to should they violate any provisions set forth by the Personal Data Law. Some of these penalties and sanctions include:

As many non-EU countries throughout Europe have taken legislative measures to protect the personal data rights of their citizens, such as Serbia’s Law on Protection of Personal Data and North Macedonia’s Law on Personal Data Protection, Armenia has taken similar steps through the passing of  Law of the Republic of Armenia of 13 June 2015 No. 49-ZR on the Protection of Personal Data. Through the passing of Personal Data Law, the Armenian government can ensure that the citizens of their country are afforded rights and liberties that are similar to those offered to citizens of EU member states under the General Data Protection Regulation, as Europe continues to lead the charge for data protection and privacy around the world.

Related Reads