Mongolia's Unique Data Privacy Law Completes Coverage of Central Asia
(2022) 178 Privacy Laws & Business International Report, 25-28.
8 Pages Posted: 10 Oct 2022 Last revised: 11 Oct 2022
Date Written: August 6, 2022
Abstract
The Law of Mongolia on the Protection of Personal Information, enacted in November 2021, and coming into force on 1 May 2022, marks the last country in Central Asia to enact a data privacy law. Mongolia’s law provides stronger data protection that any of the other five Central Asian countries. At least on paper, it is a stronger law than is found in almost any of the 26 countries in Asia from Japan to Afghanistan, provided we assume that the enforcement aspects will be effective and dissuasive of breaches.
The Law includes most of the GDPR obligations on controllers and processors, and most of the rights of data subjects. The laws of China, Russia or the other five Central Asian countries, have had no obvious influence on Mongolia’s law in such areas as registration obligations for controllers, or data localisation requirements. These countries have no equivalent to Mongolia’s independent Human Rights Commission involved in their laws.
Mongolia’s data privacy law should prove to be relatively friendly to both Mongolian data subjects and to foreign businesses in Mongolia. In the context of Central Asia and its neighbours, Mongolia’s law is at least unusual, perhaps unique, in some aspects of its structure and its terminology, and in its approach to enforcement, but in its substance it is quite a conventional data privacy law, and one which is more up-to-date than most other laws outside Europe.
Keywords: Asia, Central Asia, data privacy, privacy
Suggested Citation: Suggested Citation