ANALYSIS OF PROBLEMS AND CHALLENGES IN THE LEGISLATION OF THE REPUBLIC OF KAZAKHSTAN ON PERSONAL DATA PROTECTION

АНАЛИЗ ПРОБЛЕМ И ВЫЗОВОВ В ЗАКОНОДАТЕЛЬСТВЕ РК О ЗАЩИТЕ ПЕРСОНАЛЬНЫХ ДАННЫХ

Танирберген Даурен Болатулы

студент 1 курса группы КТ-9-23, Высший колледж «Болашақ»

РК, г. Шымкент

Сейдахметова Ғалия Изетуллаевна

научный руководитель, преподаватель Высший колледж «Болашақ»,

РК, г. Шымкент

ABSTRACT

The article analyzes the international legal and national legal regulation in order to study, determine the level of regulatory security of identification and authentication of individuals and legal entities for the purposes of their legally significant actions in various spheres of public relations in the Republic of Kazakhstan.

АННОТАЦИЯ

В статье проводится анализ международно-правового и национально-правового регулирования с целью изучения, определения уровня нормативной защищенности идентификации и аутентификации физических и юридических лиц для целей совершения ими юридически значимых действий в различных сферах общественных отношений в Республике Казахстан.

Keywords: biometric data, personal data, biometric identification, digital identification.

Ключевые слова: биометрические данные, персональные данные, биометрическая идентификация, цифровая идентификация.

The rapid development of artificial intelligence, with biometric technologies represented by “face recognition”, “fingerprint verification”, “voice unlocking” and “iris recognition” have flourished and are widely used in criminal investigation, public safety, finance, healthcare, transportation, schools, payments, communities, businesses, and other scenarios.

For example, Facebook (Facebook, согласно судебному решению, в России признана экстремистской организацией - прим. Редакции), which has recently been widely discussed, has triggered a class action awsuit for compensation of $5,550 million due to facial recognition technology. A citizen sued the company for the forced collection of information about individuals, 170,000 data about individuals were publicly sold.2 Thus, in the face of challenges related to biometric technologies, the question of how to protect personal biometric information has become a key issue of global concern.

The collection of personal Rights in the Civil Code focuses on the protection of “private life” and contains detailed provisions on the principles of processing personal information, the rights of personal data subjects, as well as obligations to ensure the security and confidentiality of information processors. At the same time, the “Law on the Protection of Consumer Rights and Interests” establishes rules for the collection and use by operators of personal information of consumers and the obligations of operators to protect. In the criminal sphere, personal biometric information is indirectly protected by establishing criminal liability for violation of personal data of citizens. More typical is the provision of the Criminal Law on a crime related to the violation of personal data of citizens. The third is to establish rules for various aspects of the collection, processing and use of personal biometric information. Relatively focused on the field of information management. For example, the “Law on Network Security” establishes rules for network operators on the collection and use of personal information. Network operators, network controllers and other organizations and individuals should not illegally obtain, sell, or provide personal information to others. Among them, “personal information” includes “personal biometric information”. At the same time, Kazakh legislation has also realized that “personal biometric information” is different from general personal information and has introduced special provisions on personal biometric information. For example, the “Guide to the Protection of Personal Information on the Internet” contains special provisions on the “collection” and “public disclosure” of personal biometric information in the “Management Mechanism, technical security measures and business processes to ensure the security and protection of personal information”. It should be noted that the “Personal Information Security Specification for Information Security Technology”, revised on March 6, 2020, contains special provisions on the collection and storage of personal biometric information and clearly stipulates that «the collection of information about a person must be notified separately, and the original image should not be stored. In addition, they are also provided for by the rules of self-regulation of some industry associations.

Kazakhstan, a comprehensive legislative model has been adopted. Traditionally, legislation, such as the Decree of the Government of the Republic of Kazakhstan “On the approval of the Cybersecurity Concept (“Cybersecurity of Kazakhstan”)”15 dated June 30, 2017, No. 407, regulated the inclusion of personal biometric information in the category of personal information. Some other regulatory documents, such as the Law of the Republic of Kazakhstan “On Personal Data and their Protection”16 dated May 21, 2013, No. 94-V and the Law of the Republic of Kazakhstan “On Informatization”17 dated November 24, 2015, No. 418-V ZRK, also clarify the general rules for the protection of personal information and establish special rules for the protection of personal biometric information. In terms of legislative trends, the current drafts of the “Cybersecurity Concept” and the “Law on Personal Data and their Protection” have both entered the stage of public request for comments, and both have demonstrated a comprehensive legislative model. For example, the “Law on Personal Data and their Protection” jointly regulates important data and general data. At the same time, in comparison with a specialized legislative model, a comprehensive legislative model is more useful for solving the problems of decentralized legislation in Kazakhstan.

Based on the results of the conducted research of the models of legal regulation of biometric identification of individuals and legal entities existing in modern international law, in foreign jurisdictions, for the purposes of their legally significant actions in the field of public and private legal relations carried out through electronic services, as well as taking into account the analysis of the current legislation of the Republic of Kazakhstan in this area, the following are proposed offers:The active use of systems using biometric data in the Republic of Kazakhstan should be accompanied by the provision of the necessary legal, procedural, and technical guarantees to protect against unauthorized access by third parties to databases, fraudulent transactions to personal data.At the legislative level, the State needs to regularly review the provisions and regulations relating to the protection of personal data. Because the provisions and regulations must continue to be relevant to the emerging risks posed by the rapid development and enhancement of biometric technologies.

Conclusion. In the era of modern digital technologies, the existing security risks in biometric authentication are quite serious. Consequently, interested parties need to respond promptly to the latest developments so that the data of individuals and legal entities can be reliably protected.In this regard, at the legislative level, all conditions of protection should be clearly defined and regulated. They should also be aimed at the ability of users to control their biometric data.We propose the following amendments and additions to the legislation of the Republic of Kazakhstan:- to amend the current legislation of the Republic of Kazakhstan regulating civil and public legal relations in the form of electronic interaction, in terms of defining terminology in the field of personal data identification and the formation of a unified terminology base. Moreover, the improvement of the institute of legal regulation of identification and authentication technologies based on biometric data.- to develop provisions aimed at establishing the possibility of working with electronic documents signed by an analogue of the client’s handwritten signature on an electronic tablet, in particular, regulating the process of obtaining a sample of a handwritten signature, digitizing it and comparing the electronic analogue of a handwritten signature with an existing sample.

References:

1. Kukharev G.A. Biometricheskie sistemy: Metody i sredstva identifikatsii lichnosti cheloveka [Biometric systems: Methods and means of identification of a person], Politekhnika., 2020 pp. 240.
2. Afanas’ev A.A. Autentifikatsiya. Teoriya i praktika obespecheniya bezopasnogo dostupa k informatsionnym resursam [Authentication. Theory and practice of providing secure access to information resources]
3. Barry, A. Ireland ‘should consider laws that would jail cyber bullies’ (TheJournal.ie. 2018). [Electronic resource] – Available at: https://www.thejournal.ie/cyber-bullying-ireland-1162881-Nov2013
4. Gomez-Barrero M., Drozdowski P. Biometrics: Challenges and Opportunities (IEEE Transactions on Technology and Society, 2022). [Electronic resource] – Available at: https://arxiv.org/pdf/2102.09258