Соціально-правові студії
ISSN 2617-4162
e-ISSN 2617-4170
Видавець: Львівський державний університет внутрішніх справ
Анотація
Актуальність даного дослідження обумовлена збільшенням кількості випадків витоку персональних даних громадян, що свідчить про низький рівень захисту їх основних прав. Метою дослідження був аналіз чинного законодавства в контексті забезпечення захисту інформації про персональні дані працівника в Республіці Казахстан. Для цього було використано кілька методів, таких як логічний, формально-юридичний порівняльний аналіз, догматичний метод. Були досліджені норми, які встановлені Конституцією Республіки Казахстан, Трудовим кодексом Республіки Казахстан, Законом Республіки Казахстан “ Про затвердження Правил збору та обробки персональних даних”. Це дало можливість провести порівняльно-правовий аналіз чинних законодавчих норм Казахстану та європейських нормативно-правових актів. Зазначено, що в правовій доктрині Казахстану не закріплені основоположні принципи, які дозволяють врегулювати питання збору, обробки та зберігання персональних даних громадян. Крім того, на державному рівні не встановлено обов’язок роботодавця та чіткий механізм збереження конфіденційності персональних даних працівників. У зв’язку з цим запропоновано рекомендації щодо вдосконалення чинного законодавства. Практичне значення одержаних результатів полягає в можливості використання запропонованих рекомендацій для підвищення ефективності механізму захисту інформації про персональні дані працівника в Казахстані, зменшення кількості випадків витоку інформації, приведення правових норм у відповідність до міжнародних стандартів
Ключові слова: приватність; права і свободи людини; проліферація; загроза; діджиталізація; безпека
Цитувати
[1] 101 of the latest data breach statistics for 2024. (2024). Retrieved from https://secureframe.com/blog/data-breach-statistics
[2] Adeodato, R., & Pournouri, S. (2020). Secure implementation of e-governance: A case study about Estonia. In Cyber defence in the age of AI, smart societies and augmented humanity. Advanced sciences and technologies for security applications (pp. 397-429). Cham: Springer. doi: 10.1007/978-3-030-35746-7_18.
[3] Akhmetova, S.B., Ibrayeva, A.S., Baimakhanova, D.M., Baikenzheyev, A.S., & Tursynkulova, D.A. (2023). Principles of protection of personal data: Comparative analysis of national and foreign legislation. Journal of Actual Problems of Jurisprudence, 106(2) 33-46. doi: 10.26577/JAPJ.2023.v106.i2.04.
[4] Alkhamsi, N.N., & Alqahtani, S.S. (2024). Compliance framework for personal data protection law standards. International Journal of Advanced Computer Science and Applications, 15(7), 512-526. doi: 10.14569/IJACSA.2024.0150751.
[5] Aloisi, A., & Gramano, E. (2019). Artificial intelligence is watching you at work: Digital surveillance, employee monitoring, and regulatory issues in the EU context. Comparative Labor Law & Policy Journal, 41(1), 95-121.
[6] Asainova, L.S. (2021). Protection of personal data in the context of the use of biometric authentication technologies. Astana: Maqsut Narikbayev University.
[7] Borelli, S. (2024). Find great people data breach investigation. Retrieved from http://surl.li/gsjjkd.
[8] Bradford, L., Aboy, M., & Liddell, K. (2020). COVID-19 contact tracing apps: A stress test for privacy, the GDPR, and data protection regimes. Journal of Law and the Biosciences, 7(1), article number lsaa034. doi: 10.1093/jlb/lsaa034.
[9] Buchelnikova, V. (2024). Leakage of personal data: How information about Kazakhstani citizens is lost and what are the risks? Retrieved from https://factcheck.kz/analitika/utechka-personalnyh-dannyh-kak-teryayut-svedeniya-o-kazahstantsah-i-chem-eto-grozit/.
[10] Chang, C., Li, H., Zhang, Y., Du, S., Cao, H., & Zhu, H. (2019). Automated and personalized privacy policy extraction under GDPR consideration. In 14th international conference on wireless algorithms, systems, and applications (pp. 43-54). Cham: Springer.
[11] Code of the Republic of Kazakhstan “On Administrative Offences”. (2014, July). Retrieved from https://online.zakon.kz/ Document/?doc_id=31577399.
[12] Constitution of the Republic of Kazakhstan. (1995, August). Retrieved from https://online.zakon.kz/Document/?doc_ id=1005029.
[13] Custers, B., Sears, A.M., Dechesne, F., Georgieva, I., Tani, T., & Van der Hof, S. (2019). EU personal data protection in policy and practice. Hague: T.M.C. Asser Press. doi: 10.1007/978-94-6265-282-8.
[14] Di Martino, M., Robyns, P., Weyts, W., Quax, P., Lamotte, W., & Andries, K. (2019). Personal information leakage by abusing the GDPR right of access. In Fifteenth symposium on usable privacy and security (SOUPS 2019) (pp. 371-385). Santa Clara, CA: USENIX Association.
[15] Diegtiar, O.A., Kravchenko, T.A., Yevmieshkina, O.L., Sych, T.V., & Linetska, Y.M. (2023). Optimisation of information and communication systems of local government. Electronic Government, 19(6), 734-746. doi: 10.1504/EG.2023.134019.
[16] Entrepreneurial Code of the Republic of Kazakhstan. (2015, October). Retrieved from https://adilet.zan.kz/rus/docs/ K1500000375.
[17] European Social Partners Autonomous Framework Agreement on Digitalisation. (2020). Retrieved from https://www.etuc.org/system/files/document/file2020-06/Final%2022%2006%2020_Agreement%20on%20Digitalisation%202020.pdf.
[18] Every third company in Kazakhstan has experienced cyberattacks. (2023). Retrieved from https://bluescreen.kz/news/13148/ kazhdaia-trietia-kompaniia-v-kazakhstanie-stalkivalas-s-kibieratakami.
[19] Finck, M., & Pallas, F. (2020). They who must not be identified – Distinguishing personal from non-personal data under the GDPR. Max Planck Institute for Innovation and Competition Research Paper, 19(14). doi: 10.2139/ssrn.3462948.
[20] Friedewald, M., Schiering, I., Martin, N., & Hallinan, D. (2022). Data protection impact assessments in practice. In Computer security. ESORICS 2021 international workshops (pp. 424-443). Cham: Springer. doi: 10.1007/978-3-030-95484-0_25.
[21] General Data Protection Regulation (GDPR). (2018, May). Retrieved from https://gdpr-info.eu/.
[22] Guo, Z., Hao, J., & Kennedy, L. (2024). Protection path of personal data and privacy in China: Moving from monism to dualism in civil law and then in criminal law. Computer Law & Security Review, 52, article number 105928. doi: 10.1016/j. clsr.2023.105928.
[23] Hina, S., Selvam, D.D.D.P., & Lowry, P.B. (2019). Institutional governance and protection motivation: Theoretical insights into shaping employees’ security compliance behaviour in higher education institutions in the developing world. Computers & Security, 87, article number 101594. doi: 10.1016/j.cose.2019.101594.
[24] Identity Theft Resource Centre. (2024). 2023 data breach report. Retrieved from https://www.idtheftcenter.org/wp-content/ uploads/2024/01/ITRC_2023-Annual-Data-Breach-Report.pdf.
[25] International Covenant on Civil and Political Rights. (1996, December). Retrieved from https://www.ohchr.org/en/instruments-mechanisms/instruments/international-covenant-civil-and-political-rights.
[26] JSC State Technical Service. (2023). Digital shield: 2023 review in cybersecurity. Retrieved from https://sts.kz/wp-content/uploads/2024/01/kiberdajdzhest-2023.pdf.
[27] Kakeshov, B.D., Kanybekova, B.K., Seidakmatov, N.A., Zheenalieva, A.O., & Kokoeva, A.M. (2023). Political and legal aspects of criminal and administrative responsibility for information security offences in the context of national security of the Kyrgyz Republic. Economic Affairs (New Delhi), 68, 987-993. doi: 10.46852/0424-2513.2s.2023.48.
[28] Ke, T.T., & Sudhir, K. (2022). Privacy rights and data security: GDPR and personal data markets. Management Science, 69(8), 4389-4412. doi: 10.1287/mnsc.2022.4614.
[29] Kumar, V.B., Iyengar, R., Nisal, N., Feng, Y., Habib, H., Story, P., Cherivirala, S., Hagan, M., Cranor, L., Wilson, S., Schaub, F., & Sadeh, N. (2020). Finding a choice in a haystack: Automatic extraction of opt-out statements from privacy policy text. In Proceedings of the web conference (pp. 1943-1954). New York: Association for Computing Machinery. doi: 10.1145/3366423.3380262.
[30] Labour Code of the Republic of Kazakhstan. (2015, November). Retrieved from https://online.zakon.kz/Document/?doc_ id=38910832.
[31] Law of the Republic of Kazakhstan No. 115-VIII “On Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on State Control and Statistics, Improvement of the Population Protection System, Data Management, Registration of Legal Entities and Exclusion of Excessive Legislative Regulation”. (2024, July). Retrieved from https://online.zakon.kz/ Document/?doc_id=33690397#sub_id=3200.
[32] Law of the Republic of Kazakhstan No. 94-V “On Personal Data and their Protection”. (2013, May). Retrieved from https://adilet.zan.kz/rus/docs/Z1300000094/z13094.htm.
[33] Li, H., Yu, L., & He, W. (2019). The impact of GDPR on global technology development. Journal of Global Information Technology Management, 22(1). doi: 10.1080/1097198X.2019.1569186.
[34] Maksutov, B.M. (2019). The legal mechanism for the protection of personal data in Kazakhstan on the basis of the General Data Protection Regulation (GDPR). In XI international correspondence scientific specialized conference “International scientific review of the problems of law, sociology and political science” (pp. 23-35). Boston: Problems of Science.
[35] McGraw, D., & Mandl, K.D. (2021). Privacy protections to encourage use of health-relevant digital data in a learning health system. NPJ Digital Medicine, 4, article number 2. doi: 10.1038/s41746-020-00362-8
[36] Mentukh, N., & Shevchuk, O. (2023). Protection of information in electronic registers: Comparative and legal aspect. Law, Policy and Security, 1(1), 4-17.
[37] National public data breach: What you need to know. (2024). Retrieved from https://support.microsoft.com/en-us/topic/ national-public-data-breach-what-you-need-to-know-843686f7-06e2-4e91-8a3f-ae30b7213535#:~:text=In%20early%20 2024,%20National%20Public%20Data,%20an%20online%20background%20check.
[38] Nurgalieva, E.N., & Syrlybaeva, F.M. (2020). Information legal relations in Kazakhstan labour law. Science, 64(1), 25-29.
[39] Order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan No. 395 “On Approval of the Rules for the Collection and Processing of Personal Data”. (2023, April). Retrieved from https://adilet.zan.kz/ rus/docs/V2000021498.
[40] Personal data protection in Kazakhstan 2022: Statutory changes and the cases of liability for violations. (2022). Retrieved from https://www2.deloitte.com/kz/en/pages/legal/articles/Personal_data_protection_in_Kazakhstan.html.
[41] Podoprigora, R., Apakhayev, N., Zhatkanbayeva, A., Baimakhanova, D., Kim, E.P., & Sartayeva, K.R. (2019). Religious freedom and human rights in Kazakhstan. Statute Law Review, 40(2), 113-127. doi: 10.1093/slr/hmx024.
[42] Protection of personal information. (2023). Retrieved from https://www.gov.kz/memleket/entities/mdai/ activities/9552?lang=ru&parentId=6.
[43] Rieger, A., Guggenmos, F., Lockl, J., Fridgen, G., & Urbach, N. (2019). Building a blockchain application that complies with the EU general data protection regulation. MIS Quarterly Executive, 18(4), 7.
[44] Semeniuk, S., & Horbach-Kudria, I. (2024). Administrative legal principles of human rights-based approach by the police. Law Journal of the National Academy of Internal Affairs, 14(3), 87-97. doi: 10.56215/naia-chasopis/3.2024.87.
[45] Shahrullah, R.S., Park, J., & Irwansyah, I. (2024). Examining personal data protection law of Indonesia and South Korea: The privacy rights fulfilment. Hasanuddin Law Review, 10(1), 1-20. doi: 10.20956/halrev.v10i1.5016.
[46] Sherif, A. (2024). Work from home: Remote & hybrid work – statistics & facts. Retrieved from https://www.statista.com/topics/6565/work-from-home-and-remote-work/#topicOverview.
[47] Sicurella, S. (2024). AT&T and Ticketmaster breaches show hackers can attack from many angles. Retrieved from https://www.adn.com/nation-world/2024/07/26/att-and-ticketmaster-breaches-show-hackers-can-attack-from-many- angles/#:~:text=When%20cybercriminals%20stole%20five%20months%20of%20customers%E2%80%99%20call%20logs%20from.
[48] Special Eurobarometer 487a: Summary. (2019). Retrieved from https://cnpd.public.lu/dam-assets/fr/actualites/ international/2019/ebs487a-GDPR-sum-en.pdf#:~:text=This%20Special%20Eurobarometer%20survey%20was%20 commission%20ed%20by%20European%20Commission.
[49] Syrlybaeva, F.M. (2022). Some issues of protection of employee information rights. Bulletin of L.N. Gumilyov Eurasian National University. Law Series, 140(3), 72-80.
[50] Truong, N., Sun, K., Wang, S., Guitton, F., & Guo, Y. (2021). Privacy preservation in federated learning: An insightful survey from the GDPR perspective. Computers & Security, 110, article number 102402. doi: 10.1016/j.cose.2021.102402.
[51] Yakymenko, B. (2023). Formation of the institute of personal data protection and experience of its implementation in the countries of the EU. Scientific Journal of the National Academy of Internal Affairs, 28(4), 68-79. doi: 10.56215/naia-herald/4.2023.68.
[52] Yerbolatov, E., Kubenov, G., Zhetpisov, S., Alibaeva, G., & Boretskiy, A. (2020). Personal data in the Republic of Kazakhstan: Problems of ensuring confidentiality in the context of digitalization. Bulletin of the Innovative University of Eurasia, 79(3), 49-58.
[53] Zaeem, R.N., & Barber, K.S. (2020). The effect of the GDPR on privacy policies: Recent progress and future promise. ACM Transactions on Management Information Systems, 12(1), article number 2. doi: 10.1145/3389685.