Posted: 1 month ago

IRC, GYLA, EMC and RIVG: We Address the Parliament of Georgia to Adopt the Law "On Personal Data Protection"

IRC, GYLA, EMC, and RIVG call upon the Parliament of Georgia to renew the review of the draft Law of Georgia "On Personal Data Protection" and ensure its timely adoption.

This draft law was initiated at the Parliament of Georgia on 22 May 2019; however, after the first committee hearing, its review was suspended for uncertain reasons and for indefinite terms.

We believe that despite some shortcomings and debatable issues, adoption of the draft law will substantially improve the state of personal data protection and approximate the Georgian legislative framework with the new European Regulation (GDPR). In contrast, the current law is outdated and does not respond to the existing challenges. At the same time, we consider, that the respective committees shall carefully review the comments and recommendations, expressed towards the draft law by Civil Society Organisations and ensure refinement of the draft law at the plenary session, before voting. 

As of today, the magnitude of threats stemming from unregulated and uncontrolled processing of personal data significantly surpasses psychological pain and discomfort to persons, which can result from the disclosure of specific personal data. Excessive and unchecked processing of personal data contains substantial risks of restricting other human rights and freedoms, which are related to forecasting human behaviour and using it for manipulating persons. This, in turn, also poses a threat to the existence of modern democratic order. These threats are further aggravated by unprecedented rapid development in technology.

In Georgia, in the light of the existing legislative framework, a significant share of public institutions and private companies still ignore the importance of data protection and address the issue superficially. Software is again created without due analysis of their impact on privacy, which will result in high costs to the Georgian society, in financial terms, as well as undue restrictions in terms of human rights.

This situation is reflected in the 2019 report of the State Inspector, where, among other essential facts, it is noted that for example, software implemented in the public sector does not contain due measures for the protection of personal data; specifically: no records are kept on access and viewing of data, no history is maintained on the search history in the system by a person. At the same time, law enforcement bodies possess rather voluminous and sensitive databases on persons, while access, viewing, or deletion of data from these bases are not recorded or are insufficiently justified. Similar problems apply to the processing of data concerning minors and special category data in the healthcare sector.

As it is known, the Visa Liberalisation action plan with the European Union envisaged improvement of personal data protection legislation and practice, as well as its approximation to the EU standards. This commitment was successfully fulfilled; however, the current legislation no longer complies with the European standards. If we look at the current reality, we will see that the result achieved by Georgia in the field of personal data protection is somewhat fragile and the absence of a specific foreign policy motivation, similar to the visa liberalisation action plan, should not slow the Georgian Parliament's interest in further reforms in fields, like personal data protection.

Based on the above-mentioned, IRC, GYLA, EMC, and RIVG call upon the Parliament of Georgia, to support the improvement of personal data protection legislation and practice in Georgia by adopting the new Law, and through this to help approximation of the Georgian legislation with the new European standards.

We fully acknowledge the existing political context, challenges faced by the Parliament and political groups, obstacles caused by the pandemic, however in the presence of the respective will, we believe it is possible to review the Law "On Personal Data Protection," and we consider unjustified leaving this topic open and postponing it for an indefinite time.