Kazakhstan Enacts Central Asia's Second Data Privacy Law
Privacy Laws & Business International Report, Issue 124, pp. 23-24, August 2013
3 Pages Posted: 3 Sep 2013 Last revised: 1 Apr 2014
Date Written: July 14, 2013
Kazakhstan’s Law on Personal Data and their Protection, signed into law on May 21, 2013 by President Nursultan Nazarbayev (in office since 1990) will come into effect on November 26, 2013. Kazakhstan thus becomes the second country in Central Asia with a data privacy law, joining the Kyrgyz Republic (Law on Personal Data, 2008), and the 100th jurisdiction globally to enact a data protection law.
This article summarizes the main components of the law, concluding that it does contain the essential components of a data privacy law. The law covers both public and private sectors. It includes a set of data protection principles largely consistent with basic international standards. The law does not create a data protection authority (DPA) but does make provision for civil and criminal penalties for breaches.
The article also considers briefly the position of a data privacy law in an authoritarian state with single-party rule, and no history of respect for civil liberties. Despite its limitations and questionable likelihood of enforcement, the law raises issues to which any companies doing business in or with Kazakhstan must give serious consideration, particularly due to the potential for inconsistent approaches by different government agencies.
Keywords: data protection, privacy, Central Asia, Kazakhstan
Suggested Citation: Suggested Citation