Support Centre

CIS

Insights

Similar to many other countries around the world, the regulation of artificial intelligence (AI) in Russia is a hot topic as AI is becoming increasingly popular and widely used in various fields of daily life and business. One of the main issues is determining the legal status of AI. Other key issues include the definition of responsibility for the action of AI, ethical aspects of AI use, and regulation of autonomous systems. Vyacheslav Khayryuzov, Partner at Arno Legal, discusses the salient regulations currently in place in these areas and what developments are expected in the near future.

The interest of business, especially foreign investors, in the Astana International Financial Centre (AIFC) has been growing steadily over the past years. In the framework of the AIFC, Kazakhstan has, for the first time in the post-Soviet space, introduced a special jurisdiction based on the principles of the laws of England and Wales. The AIFC aims to attract investments to the Kazakhstan economy, develop local capital markets, and create effective projects in the sphere of production and services. As of February 7, 2024, 2,537 companies are registered in the AIFC.1 The regulatory framework of the AIFC has been actively developing. In this article, Yekaterina Khamidullina, Partner at AEQUITAS Law Firm, considers the legal regulation of personal data protection in the AIFC, the basis of which is formed by the AIFC Data Protection Regulations (the Regulations) and the AIFC Data Protection Rules.

The Law of the Republic of Uzbekistan of July 2, 2019 No. ЗРУ-547 on Personal Data (Personal Data Law) (only available in Russian here) is the main law that governs the processing, protection, and requirements related to personal data. While the Personal Data Law establishes general principles of personal data protection and processing, the Uzbek legal system relies on additional regulations to provide more detailed guidelines.

In this context, Resolution No. 570 (the Resolution), approved by the Cabinet of Ministers on October 5, 2022, plays a crucial role in specifying how the protection of personal data must be ensured. In this Insight article, Abdumalik Mukhtorov and Azizbek Suyunboev, from Azizov & Partners Firm of Advocates, aim to shed light on the interplay between the requirements outlined in these two Regulations and the provisions of the Personal Data Law.

On 22 April 2022, the National Centre for Personal Data Protection ('NCPDP') approved the standard contract for the cross-border transmission of personal data to states that do not ensure an adequate level of personal data protection. Roger Gladei, Iulian Pașatii, and Irina Culinschi, from Gladei & Partners, look at Standard Contractual Clauses ('SCCs'), their main clauses, and challenges of this newly established data transfer regime.

Russia's privacy landscape is set to change on 1 September 2022, with the entry into force of the Federal Law of 14 July 2022 No. 266-FZ on Amending the Federal Law on Personal Data ('the Amendment Law'). Amending the Federal Law of 27 July 2006 No. 152-FZ on Personal Data ('the Law on Personal Data'), the Amendment Law introduces new provisions which will enhance data protection for Russian citizens. It also imposes stricter obligations on domestic and foreign data operators in terms of how they interact with data subjects and vendors and, more importantly, how they demonstrate and document their compliance generally and specifically in the case of data transfers. OneTrust DataGuidance breaks these new provisions down, highlighting the key differences between the existing law.

In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Federal Law of 27 July 2006 No. 152-FZ on Personal Data (the Law on Personal Data).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Law on Personal Data with the  GDPR.

You can access the latest version of the report here.

In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and Law of 7 May 2021 No. 99-Z on Personal Data Protection (the PDP Law).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the PDP Law with the  GDPR.

You can access the latest version of the report here.

The Law of 11 November 2021 No. 175 for the amendment of some normative acts ('the Amendment Law') amended the Law of 8 July 2011 No. 133 on Personal Data Protection ('the Law on Personal Data Protection') and entered into effect on 10 January 2022. In particular, the Amendment Law introduces new controller obligations, including the obligation to conduct Data Protection Impact Assessments ('DPIAs') and the appointment of a data protection officer ('DPO'). OneTrust DataGuidance breaks down the key amendments.

In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Law No. 133 of 8 July 2011 on Personal Data Protection (the Law on Personal Data).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Law on Personal Data with the  GDPR.

You can access the latest version of the report here.

The Assembly of the Representatives, under the Majlisi Oli of the Republic of Tajikistan, recently published a Draft Information Code ('the Draft Code') to provide legal bases for information activities. In contrast to existing legislation, such as the Law of 3 August 2018 No. 1537 on Protection of Personal Data ('the Law on Personal Data'), the Draft Code aims to establish a wide-ranging framework for information relations, encompassing both personal and non-personal data. OneTrust DataGuidance breaks down the key provisions of the Draft Code, featuring insights from Alisher Hoshimov and Amina Nazaralieva, Partner and Paralegal respectively at Centil Law Firm.

The Law on the protection of personal data ('the PDP Law') entered into effect, on 15 November 2021, following its enactment by the President of Belarus on 7 May 2021. The PDP Law establishes basic principles for the protection of personal information, some of which are comparable to that under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). This insight will examine the key requirements set out in the PDP Law.

The Russian Parliament adopted Bill No. 1176731-7 on Activities of Foreign Undertakings in the Information Telecommunication Network in the Territory of the Russian Federation, dated 17 June 2021 ('the  Law'), aimed at establishing a specific regulatory and legal framework for the activities of foreign (non-Russian) companies operating in the information network (internet) within the Russian Federation. Maxim Boulba and Elena Andrianova, from CMS Russia, provide an overview of the scope of the Law's application, as well as the requirements and sanctions introduced by the Law.