The EU Should Strengthen GDPR-driven Data Protection Activities in Central Asia

Raising awareness among professionals and individuals regarding the GDPR requirements on one hand, and educating citizens about digital rights and data protection, on the other, should become the benchmark for Central Asian countries. While developing their own way in addressing data protection, Central Asia combines elements of the Russian and Chinese concepts of ‘sovereign internet’, ‘great firewall’ and ‘censorship’. In this regard, strengthening cooperation with the EU partners under the New EU-Central Asia Strategy is of utmost importance for building transparent, accountable and healthy ecosystems. Personal data protection, advocacy and promotion of the digital agenda along with cyber literacy and cyber hygiene should be an integral part of the campaign to promote a culture of personal data protection in Central Asia.

Since the adoption of the cyber- and personal data related legislation, the countries of Central Asia have made significant progress in understanding, identifying and fixing problems associated with the use of cyber technologies in cyberspace. In addition to important initiatives and implemented measures, governments and societies have many objectives to be prepared to recover from cyber-attacks as quickly as possible, since it is not possible to prevent them, which results in building and introducing the culture of personal data protection without violating human rights and freedoms both online and offline.

While some countries are making real progress in the field of Internet freedom, such as the EU countries, others, on the contrary, i.e. Russia and China are tightening and restricting measures to control or regulate Internet freedom. Based on recent research on data protection in Kazakhstan (Data Protection in Kazakhstan: Status Quo, Challenges and Opportunities, Anna Gussarova, 2020), there is a whole spectrum of challenges that should be adequately addressed to maintain sustainable development in Central Asia in the long-term perspective.

The first is data protection legal and institutional framework. Since all Central Asian countries have already adopted personal data legislation, now is the time to implement national development strategies towards open and transparent digital economies. It is essential to ensure the implementation of data protection laws and monitor compliance with personal data protection requirements. Since personal data is subject to protection and the state acts as its guarantor, all stakeholders without any exception must comply with the developed technical and legal parameters. More importantly, it is about labor division, inter-agencies responsibilities and data protection agency which oversees data protection under one umbrella. Here GDPR, its main principles and institutions could serve as a basis for the Central Asian countries to build their own systems.

Secondly, it is about differentiating information and cyber security. Since these two terms do mean different things, the misuse or false understanding of these concepts prevent the countries of Central Asia to properly assess strengths and weaknesses of non-technological solutions. The same logic applies to the protection of personal data, its privacy and confidentiality. From a technological point of view, achieving protection will require less time and resources, while it is important to promote the culture of digital rights as a form of vaccination for the society and develop immunity to cybercrimes. Currently, paid Virtual Private Network (VPN) services (in most cases even free Russian applications) are widely used to protect a user’s privacy online whereas the logic behind this is to protect a person from the government rather than from cyber criminals.

Finally, it is about building the culture of data protection. Obviously, it is impossible to create the culture of protecting personal data overnight and it took the EU several years to significantly raise awareness among its citizens, as well as explain why it is important and what needs to be done. More importantly, the large-scale promotion of this legal culture has increased the level of trust and communication among the government agencies, businesses and citizens, which is essential for Central Asian countries.

SEnECA blog contribution by Anna Gussarova, Director of the Central Asia Institute for Strategic Studies and Chevening Scholar at King’s College London.