Privacy Law at Mongolia
Mongolia's Law on Protection of Personal Data, enacted on December 17, 2021, and effective from May 1, 2022, establishes a comprehensive framework for data privacy and protection. This legislation aligns with international standards, including the EU's General Data Protection Regulation (GDPR), and aims to enhance individuals' privacy rights while regulating data processing activities within the country.
Key Provisions of the Law
1. *Scope and Applicability
The law applies to all individuals, legal entities, and organizations in Mongolia that collect, process, use, or protect personal dat. It also governs the collection and processing of personal data related to personal secrets, except where specifically regulated by the Law on Intelligence Activities. Notably, it does not apply to personal data collected for personal or family use, or the placement of audio, video, and audio-video recording devices to protect an individual's movable and immovable properties, life, and health.
2. *Definition of Personal Data
Personal data encompasses sensitive information such a: Biometric data (e.g., fingerprints, iris scans, facial feature) Genetic information Health information Race, ethnic origin, religion, beliefs, sexual orientation, and other personal identifies
3. *Consent Requirements
Data controllers must obtain explicit, written consent from data subjects for the collection, processing, and use of personal dat. This consent must be informed, specifying the purpose, scope, and duration of data use, and the data subject's right to withdraw consent. Silence or failure to respond does not constitute consent.
4. *Data Subject Rights
Individuals have the right t: Access their personal data Rectify inaccuracies Request erasure or restriction of processing Object to data processing Withdraw consent at any tie
5. *Data Controller and Processor Obligations
Organizations must: Implement internal policies and procedures to ensure data security Notify data subjects and relevant authorities of data breaches Ensure data accuracy and integrity Conduct regular assessments of data processing activities
6. *Cross-Border Data Transfers
The transfer of personal data outside Mongolia is prohibited unless: Authorized by law or international treaties to which Mongolia is a party Explicitly consented to by the data subject
7. *Penalties for Non-Compliance
Violations of the law can result i: Fines ranging from MNT 500,000 (approximately $144) for individuals to MNT 5 million (approximately $1,450) for legal entities Criminal penalties under the Criminal Code, including fines, imprisonment, or other sanctions depending on the severity of the breach
🏛️ Oversight and Enforcement
The implementation and enforcement of the law are overseen y:
*National Human Rights Commission of Mongolia: Monitors compliance, investigates complaints, and issues recommendations.
*Ministry of Digital Development and Communications: Regulates data processing activities in the electronic environment, sets technical standards, and addresses cybersecurity concerns.
📌 Summary
Mongolia's Law on Protection of Personal Data establishes a robust legal framework for data privacy, emphasizing consent, transparency, and accountability. Organizations operating in Mongolia must ensure compliance with these provisions to protect individuals' privacy rights and avoid potential penalties.
RELATED Blog
0 comments