Draft law on Protection of Personal Data

Draft law on Protection of Personal Data

The Law of Mongolia on Personal Privacy which approved in 1995 has a general regulation that individuals protect their privacy and determine their confidentiality themselves, therefore it needed an urgent renewal in order to meet requirements of rapidly evolving technology.

Under Article 4.1.2 of the “Governance Policy” of the “Action Plan of the Government of Mongolia for 2020-2021” approved by the Appendix of the Resolution No 24 of the Parliament of Mongolia in 2020 stated that forming the legal environment which respects human rights, supports e-government and regulates the technological security and appropriate relations and under Article 4.1.6 of such Government policy stated that strengthens information security systems and enhances the capacity which ensured the integrity, confidentiality and accessibility of information of  the government, citizen and legal entity, which protects the national interest. Within the framework of this action plan, the draft law on the Protection of personal data is in the process of being approved and we are providing an overview of highlighted regulations included in this draft law to you.

The draft law has a total of 8 chapters and 29 articles and its purpose is to regulate the relations in regards with collection, process, and use of personal data and ensure its security. Within the framework of specific regulations:

1. This law defines the new terms such as personal data, personal sensitive data, collection of personal data, process of personal data, use of personal data, owner of the data, data provider, genetic data, biometric data, health data and electronic identifier.

2. The data provider shall collect a data with the written consent of the owner of the data and shall introduce the following pre-conditions and obtain permission from the data owner:

  • Justification and purpose of data collection;
  • Name of the data provider, if a legal entity, given name and contact information;
  • List of data to be processed;
  • Data processing and storage time;
  • Whether to disclose data;
  • Whether to transfer data to others;
  • Terms of permission revocation.

Read more→

For more information or any queries, please feel free to contact Bolormaa.V, Partner by bvolodya@gratanet.com and Yanjmaa.B, Lawyer of GRATA International Law Firm by ybumtsend@gratanet.com or 976 70155031.

This legal information was prepared by Umguulliin GRATA International Mongolia LLP, the Mongolian office of GRATA International, an international law firm that has its branches in 20 countries around the world. The material contained in this alert is provided for general information purposes only and does not contain a comprehensive analysis of each item described. Prior to undertaking (or not undertaking) any action, readers should seek professional advice specific to their situation. No liability is accepted for acts or omissions taken in reliance upon the contents of this alert.