Data protection regulations in Uzbekistan
Data Protection Law
Legislation of Uzbekistan does not contain a separate law or by-law that stipulate detailed regulation of data protection matters, except the Law on Trade Secret. However, there are several Uzbek laws in various fields that briefly describe data protection. Main legal act on this issue is Constitution (article 27), which guarantees protection from invasion of privacy, including privacy of private correspondence and telephone conversations.
Law on Access to Information restricts state bodies, any state and private organizations and officials from providing to thirds parties the information about state secrets or other secrets, which are protected by laws.
Furthermore, Freedom of Information Law determines personal information about citizens as confidential. It is prohibited to collect, keep, process, disseminate and use information about private life, as well as information that violates secrecy of private life, secrecy of correspondence, telephone conversations, mail, telegraph and other information of the citizen without obtaining his consent.
Above mentioned information might be provided only in exceptional cases to the entities, who are entitled to use such data as per Uzbek laws, such as law enforcement bodies, courts, tax and statistical bodies.
If information is considered as confidential and its disclosure may cause damage to the rights and interests of individual, society and state, provision of such information to third parties can be rejected. The owner or holder of confidential information should inform the entity that requests confidential information about existed limitation to such information.
Data is protected with the purpose of:
a) preventing security threat to individuals, society and state in information field;
b) keeping confidentiality of information, preventing its leak, theft and loss;
c) preventing misinterpretation or falsification of information.
Please note that legal entities and citizens, which receive, possess and use information about citizens might be held liable for infringing the order of using such information. This also relates to private medical information about citizens.
Data protection under Civil Code, Law on Entrepreneurship and Law on Contracts
Under Civil Code and Law on Entrepreneurship the official and commercial secrets, which are legally not available to the public (non-disclosed information), should be kept confidential by the legal holder(s) of such information. At the same time:
a) such information should contain actual or potential commercial value due to the fact of its not being known to the third parties;
b) such information should not contain free lawful access to it; and
c) its owner should take security measures to maintain confidentiality of such information.
In particular, this also relates to data exchanged under concluded business agreements or other deals or actions, when the parties determine in writing the appropriate information as confidential.
It is the parties of transactions who determine which information is considered as confidential and should be kept in secrecy. Holder of confidential information should obtain appropriate consent from the related party to disclose such information to third parties. Otherwise, the party suffered damage and/or loss is empowered to take legal actions against the violator.
Moreover, as per article 133 of Civil Code, the commercial representative of business companies should keep in secret the information about trade deals even after accomplishment of his duties.
Data protection under Telecommunications Law
Under Telecommunications Law nobody is allowed to break secrecy of telephone conversations, telegraph and other correspondence, transmitted through telecommunication networks. All operators and providers shall ensure secrecy of such conversations and communications.
Please note that tapping of telephone conversations, familiarization with communications, obtaining data about them, as well as other limitation of secrecy of conversations and communications is allowed only in cases and order, stipulated by law. For example, law enforcement bodies of Uzbekistan may obtain access to such conversations and communications during investigation of a crime.
Data protection under Bank Secrecy Law
The following information is regarded as bank secrecy under Bank Secrecy Law and not allowed to disclosure to the third parties:
a) about bank operations, accounts and deposits of customer (correspondent) of the bank;
b) about customer (correspondent) of the bank, obtained by bank in connection with rendering banking services to its customer;
c) about existence, type and cost of customer’s property (correspondent), kept in safes and premises of the bank;
d) interbank operations and deals, made by customer’s (correspondent’s) order or in his favor;
e) about customer (correspondent) of other bank that became known as a result of exchanging data (related to bank secrecy) between banks;
f) about participants of savings pension system, amount and flow of pension deposit sums, pension savings on individual savings pension accounts of citizens.
Third parties are all other entities, except the bank, its customer (correspondent) and Central Bank of Uzbekistan.
Information regarded as bank secrecy might be provided to law enforecement bodies, courts, tax and customs bodies, and legal successor in cases stupulated in law.
Information related to company employees
An Uzbek company, acting as the employer, mainly obtains personal data about its employees during their employment period. Any data belonging to employees, and not connected with corporate matters at job, should be treated as private.
As mentioned above, all personal data of citizens are treated confidential. It is highly recommended that the Uzbek company (the employer) obtains each employee’s written consent to disclose his/her private information for their further transfer to third parties. The same recommendation is applicable to representatives of Participants and board members of the Uzbek company.
Information related to contractors/subcontractors
Any agreement (contract) between the Uzbek company and its contractors/subcontractors for providing services, implementing works and supplying goods, or any other deals with them, may contain confidentiality term, which oblige the related parties to ensure keeping certain information in secret. It is strongly recommended to verify agreements for confidentiality term and, if required, to obtain written consent of related contractor/subcontractor before disclosing confidential data to third parties. The same recommendation is applicable to business partners of the Uzbek company.
If the Uzbek company possesses consent of its Participants (Shareholders) to disclose to third parties all or part of information related to Uzbek company’s business activity in Uzbekistan, the first is allowed to transfer whole or partly such corporate information to third parties. However, such corporate information should not contain above mentioned data, for which appropriate consent is required (e.g. personal data of citizens).
Jamol Ryskiyev, Partner
Ryskiyeva and Partners Law Firm