Problems of personal data protection under martial law were discussed at a round table

In the context of martial law, the issue of clarifying data on persons liable for military service has become particularly relevant. The state must have up-to-date information on the mobilization reserve. At the same time, this process is accompanied by legal problems.

Some of them were discussed during the roundtable «Protection of Personal Data under Martial Law: Peculiarities and Problematic Issues» organized and held by the Ukrainian National Bar Association's Committee on Human Rights Protection.

«There are many issues related to personal data handling that are not explained by the current legislation. In particular, the joint processing of personal data by different legal entities, subcontracting relations in the processing of personal data, etc., - explained Oksana Polotnyanko, Head of the Committee's Section on Personal Data Protection, noting some positive developments. - Recently, the Ukrainian Parliament Commissioner for Human Rights Dmytro Lubinets provided explanations to some of these problematic issues, which are freely available for review».

Oleksandr Marchenko, a representative of the Ombudsman's Secretariat, drew attention to the threats associated with the processing of personal data. «Today, access to personal information can become a means of influence, abuse and violation of personal freedom, and can threaten a person's safety and even life, - she said. - In this regard, persons dealing with the processing of personal data need to properly organize its processing and ensure the protection of personal data at all stages».

According to available statistics, in 2023, the Commissioner considered 2205 appeals related to violations in the field of personal data protection. Among them:

49% - illegal processing of personal data;

14% - access to own personal data;

16% - organization of personal data processing at enterprises, institutions and organizations;

21% - receiving recommendations and explanations.

The representative of the Ombudsman also said that last year 101 inspections in the field of personal data protection were conducted.

Oleksandr Shevchuk, the Council of Europe's expert on personal data protection, reminded that any personal data protection system has two components: legal and institutional. And all EU member states have had a separate authority for personal data protection since 1995. «The powers that the Office of the Verkhovna Rada Commissioner for Human Rights currently has in this area are insufficient, - the expert is convinced. - This is objective, because in the EU, each body has the right to initiate an inspection, conduct it independently and impose a fine on the offender. There is no need to draw up protocols, go to court or use any other mechanisms. This system has been in place since 1995 and has already proven its effectiveness».

The existence of problems in this area was confirmed by another expert in the field of personal data protection, who previously headed the Department for Personal Data Protection of the Ombudsman's Secretariat Andriy Nikolayev. «Having conducted more than a hundred inspections, I can say that, indeed, the situation with personal data protection is tense... I have not yet met a single organization or body that has not recorded violations, - he said. - However, it is necessary to distinguish between intentional violations and violations due to ignorance. In this regard, it is very important to pay attention to educational processes and legal culture, as this stimulates the development of legislation».

Iryna Smirnova, a member of the Committee's Council, shared with her colleagues the international court practice (Z v. Finland, Odiuvre v. France, S. and Marper v. the United Kingdom) and the practice of national courts (cases No. 804/4069/17, 580/9113/23).

Zhanna Grushko, a member of the UNBA NextGen, gave a legal assessment of the draft Law No. 8153 dated 25.10.2022 «On Personal Data Protection». She noted that according to the document, biometric data includes a signature, fingerprint, and digital face image. «But the Council of Europe says that in fact such data cannot be considered biometric, because it is only personalized information that can be transmitted from separate sources. Whereas a digital signature, fingerprint and digital image are identifiers that confirm the presence of certain biometric data», - the lawyer explained. In her opinion, the definition of biometric data in the draft law should be edited.

Z. Grushko also highlighted the liability for offenses in the field of personal data protection. The supervisory authority here is actually the Verkhovna Rada Commissioner for Human Rights, which conducts inspections and takes measures to impose sanctions on offenders. At the same time, the draft law does not propose any relevant changes to the Code of Administrative Offenses. «We can say that the fundamental points of this draft law provide for absolute mutual exchange of databases and electronic registers, but the biggest problem is that Ukraine should be able to receive information from foreign countries not only in criminal proceedings», - the lawyer added.

© 2025 Unba.org.ua Всі права захищені
"Національна Асоціація Адвокатів України". Передрук та інше використання матеріалів, що розміщені на даному веб-сайті дозволяється за умови посилання на джерело. Інтернет-видання та засоби масової інформації можуть використовувати матеріали сайту, розміщувати відео з офіційного веб-сайту Національної Асоціації Адвокатів України на власних веб-сторінках, за умови гіперпосилання на офіційний веб-сайт Національної Асоціації Адвокатів України. Заборонено передрук та використання матеріалів, у яких міститься посилання на інші інтернет-видання та засоби масової інформації. Матеріали позначені міткою "Реклама", публікуються на правах реклами.