Twitter Logo Youtube Circle Icon LinkedIn Icon

Armenia

Armenia > Legal Developments > Law firm and leading lawyer rankings

Editorial

Some practical issues regarding the transaction of right to inviolability of personal life and perso

The right to inviolability of personal life is one of the most essential components in the system of values of modern society which is established in constitutions or laws of relevant connotation of various countries. Acknowledgement of the right to inviolability of personal life as a constitutional right is currently highly necessary and is possible within scopes of certain level of development of engineering and information technologies. A person’s personal life is directly related to his/her personal data, the inviolability and security of which is what creates actual conditions for making the inviolability of his/her personal life real.

All companies and entrepreneurs, state and local self-governmental bodies deal with personal data directly.

The necessity of its protection is more essential to companies which take care of this issue via modern information technologies as well as to those who can use the personal data acquired for and by purposes stipulated by the Law for other commercial purposes. Such companies include banks, credit and insurance organizations, tourism agencies, communication providers, stores etc.

The Republic of Armenia (hereinafter the RA) is included in the aforementioned list of countries and according to part 1 of article 31 of its Constitution “Each person has a right to inviolability of his/her personal life, virtue and good reputation”. The actualization of this right is backed up by article 34 of the Constitution which, however, might mainly be of declaratory character if certain laws had not been adopted by the legislative body of the RA. Some provisions of those laws or in some cases – the whole law- are aimed at creating a real opportunity of actualizing this right in social life and establish practical recommendations and mechanisms for protection of inviolability of a person’s personal life.

Armenian law on personal data protection (hereinafter the Law), adopted on December 6, 2015 and gone into force on December 22 of the same year, plays an essential role in the system of these regulatory legislative acts.

It is noteworthy that many provisions of this law are in line with the Convention of January 28, 1981 on Protection of entities in case of automated processing of personal data.

The provision of the first point of part one of article 3 of the Law states that under personal data any data regarding the person which allows or may allow to directly or indirectly identify a person’s identity is understood. Points 12, 13, 14 and 15 of part one of the same article of the Law classify types of personal data, the protection process of which is somewhat different dependent on how important such data is for the person, as well as on high risk level of becoming revealed to third parties.

According to these provisions, personal data can be of the following categories; personal life data, biometric personal data, special category personal data and publicly accessible personal data.

From this point of view, each includes a group of data which is generalized by specific traits and as such requires to be regulated by one separate regime.

Personal life data includes data on a person’s personal life, family, physical, physiological, mental and social states and other relevant data.

Biometric personal data includes data describing a person’s physical, physiological and biological features.

Special category personal data includes data regarding a person’s racial and national affiliation or ethnic origin, political views, religious or philosophical beliefs, membership to trade unions, as well as data regarding health conditions and sexual life.

Publicly accessible personal data includes data which become accessible to a certain or uncertain scope of personnel with the data subject’s consent or by his/her intentional actions aimed at making such data publicly accessible, as well as data regarded publicly accessible as stipulated by the law.

Points 2 and 4 of the same article of the Law define the concepts “personal data processing” and “personal data usage”.

Personal data processing is any action or a group of actions which irrespective of its way and method of implementation, (including using automated and any technical means or without them) is related to collecting or reserving or implementing or systemizing or organizing or preserving or using or modifying or repairing or transferring or amending or banning or destroying (etc.) personal data.

Personal data usage is the action with data, the direct or indirect purpose of which may be making decisions or formulating an opinion or obtaining rights or granting rights or privileges or limiting or depriving of rights or realization of other purpose which creates or may create legal consequences for the data subject or third parties or otherwise deal with their rights and freedoms.

The discovery of aforementioned legal concepts’ content allows to find out to what extent the mentioned companies process and use personal data throughout their operations which creates necessity for providing a regime as stipulated by the law for them to process and use personal data.

Suppose a person gets a health insurance; the insurance company will of course require full and detailed information on that person’s health, which is considered special category personal data and the insurance company shall conduct its processing and usage as per the law on such kind of personal data, not accounting the possibility of such data being protected by insurance secrecy regime since the latter is dispositive towards mentioned data.

In case of banks and credit organizations, for example, if a person wants to receive a loan, he/she is required to provide his/her passport data, phone number and e-mail address, all of which are considered to be personal data and as per the Law, such data needs to be protected irrespective of the fact that it is subject to protection in scopes of banking data secrecy as well. Other examples include communication providers and tourism agencies conducting direct marketing.

Not ensuring these regimes results in administrative and even criminal liability.

Considering the fact that as currently regulated, the structure of personal data protection is new to Armenian legal system and as such is a new legislative culture aimed at protecting a value backed by constitution and international documents – inviolability of a person’s personal life, therefore it is essential that any subject processing personal data be informed completely and in details of mentioned stipulations to avoid any liability for breaching those stipulations and what is more important – to contribute to the formulation and establishment of this new legislative culture in the RA.

Author - Gagik Grigoryan

Senior Associate

Hovhannisyan and partners LLC