REGULATORY REQUIREMENTS OF UKRAINE IN THE FIELD OF CYBER PROTECTION OF PERSONAL DATA IN INFORMATION AND COMMUNICATION SYSTEMS IN COMPARISON WITH THE REQUIREMENTS OF THE USA AND THE EU
DOI:
https://doi.org/10.35546/kntu2078-4481.2024.2.23Keywords:
cybersecurity, personal data, information protection, regulatory requirements, CCPA, GDPR.Abstract
In today’s realities, the protection of personal data is an integral part of the society’s progress and has a significant impact on its safety. Protection of personal data is not only a personal responsibility, but also an important aspect of the functioning of the state and business. The article deals with the topical issue of the application of regulatory requirements in the field of cyber protection for the preservation of personal data processed in information and communication systems. The personal data protection system in Ukraine needs research and improvement, and therefore there is a need to study the regulatory documents of the United States of America and the European Union, which are recognized as leaders in the field of personal data protection. It is necessary to compare the regulatory requirements of Ukraine, the USA and the EU with an emphasis on cyber protection, but not just on the protection of personal data. Ensuring cyber security and protection of personal data is a key factor in the development of Ukraine’s digital economy. However, it’s noteworthy that the provisions of the American and European acts on the protection of personal data are much broader than mentioned in Ukraine’s Law "On the Protection of Personal Data". The identification of gaps and deficiencies in the regulations of cyber protection of personal data in Ukraine is the basis for further improvement of regulatory documents. The implementation of norms and regulatory principles of American and European legislation in the field of personal security in Ukraine will significantly strengthen the cyber protection of personal data. For example, this will significantly improve the trust level of citizens and businesses to the state, stimulate the development of the digital economy and contribute to Ukraine’s integration into the global digital space. The perspective of further research should be the development of a methodology for assessing the level of cyber protection of personal data in information and communication systems, the development of recommendations for the implementation of the best global norms and practices, which will help Ukraine become a leader in this field.
References
Romansky, Radi. (2023). Internet of Things and User Privacy Protection. 37th International Conference on Information Technologies, InfoTech 2023 – Proceedings. URL: http://infotech-bg.com/proceedings.
Brown, R., Truby J., Imad Antoine Ibrahim. Mending Lacunas in the EU’s GDPR and Proposed Artificial Intelligence Regulation. European Studies. Volume 9 (2022): Issue 1. (August 2022). URL: https://sciendo.com/issue/EUSTU/9/1/.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). URL: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN.
Yu Zhang, Haoyun Dong. Criminal law regulation of cyber fraud crimes—from the perspective of citizens’ personal information protection in the era of edge computing. Journal of Cloud Computing volume 12, Article number: 64 (2023). URL: https://journalofcloudcomputing.springeropen.com/articles/10.1186/s13677-023-00437-3#citeas.
Кальченко, В., Ободяк, В. (2024). Порівняльна характеристика нормативних вимог України та ЄС у сфері кіберзахисту персональних даних в інформаційно-комунікаційних системах. Інформаційні технології та суспільство, (5 (11), 14-20. https://doi.org/10.32689/maup.it.2023.5.2.
Privacy Act of 1974. U.S. Government Information. URL: https://www.govinfo.gov/content/pkg/STATUTE-88/pdf/STATUTE-88-Pg1896.pdf.
Закон України “Про захист персональних даних”. URL: https://zakon.rada.gov.ua/laws/show/2297-17#Text.
Директива 95/46/ЄС Європейського парламенту і Ради «Про захист фізичних осіб у зв’язку з обробкою персональних даних і вільне переміщення таких даних» від 24 жовтня 1995 року. URL: https://zakon.rada.gov.ua/laws/show/994_242#Text.
План заходів з виконання Угоди про асоціацію між Україною, з однієї сторони, та Європейським Союзом, Європейським та Європейським Союзом, Європейським співтовариством з атомної енергії і їхніми державами-членами, з іншої сторони. Затверджено постановою Кабінету Міністрів України від 25 жовтня 2017 р. № 1106. URL: https://zakon.rada.gov.ua/laws/show/1106-2017-%D0%BF#Text.
Проект Закону України “Про захист персональних даних” від 07.06.2021 р. URL: https://itd.rada.gov.ua/billInfo/Bills/Card/26873.
Проект Закону України “Про захист персональних даних” від 25.10.2022. URL: https://itd.rada.gov.ua/billInfo/Bills/Card/40707.
Federal Act concerning the Protection of Personal Data (DSG). URL: https://www.ris.bka.gv.at/Dokumente/Erv/ERV_1999_1_165/ERV_1999_1_165.html.
Act on the implementation of the general data protection regulation. URL: https://azop.hr/national-legislation/.
Act of 12 March 2019 about the processing of personal data. URL: https://www.zakonyprolidi.cz/translation/cs/2019-110?langid=1033&srcid=1029.
Lov nr 502 af 23/05/2018 om supplerende bestemmelser til forordning om beskyttelse af fysiske personer i forbindelse med behandling af personoplysninger og om fri udveksling af sådanne oplysninger (databeskyttelsesloven). URL: https://www.retsinformation.dk/eli/lta/2018/502.
La loi Informatique et Libertés. URL: https://www.cnil.fr/fr/la-loi-informatique-et-libertes.
Federal Data Protection Act (BDSG). URL: https://www.gesetze-im-internet.de/englisch_bdsg/index.html.
Data protection act 2018. Number 7 of 2018. URL: https://www.irishstatutebook.ie/eli/2018/act/7/enacted/en/html.
Personal data protection code. Containing provisions to adapt the national legislation to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. URL: https://www.garanteprivacy.it/codice.
Uitvoeringswet Algemene verordening gegevensbescherming. URL: https://wetten.overheid.nl/BWBR0040940/2021-07-01.
The Act of 10 May 2018 on the Protection of Personal Data. URL: https://uodo.gov.pl/en/660/1464.
Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales. URL: https://www.boe.es/eli/es/lo/2018/12/05/3.
Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning. URL: https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-2018218-med-kompletterande-bestammelser_sfs-2018-218/.
Data Protection Act (1050/2018, amendments up to 239/2023 included) Translation from Finnish. URL: https://www.finlex.fi/en/laki/kaannokset/2018/en20181050.pdf.
Republic of Lithuania Law on legal protection of personal data, 11 June 1996 No I-1374 (As last amended on 3 November 2016 – No XII-2709). URL: https://e-seimas.lrs.lt/portal/legalAct/lt/TAD/ef70b5d2f14811e78f3dc265493430ae.
California Consumer Privacy Act of 2018. URL: https://cppa.ca.gov/regulations/pdf/cppa_act.pdf.
The Civil Code of California. URL: https://leginfo.legislature.ca.gov/faces/codesTOCSelected.xhtml?tocCode=CIV&tocTitle=+Civil+Code+-+CIV.
NIST Privacy Framework: a tool for improving privacy through enterprise risk management, version 1.0. URL: https://doi.org/10.6028/NIST.CSWP.01162020.
National Cybersecurity Strategy, March 1, 2023. URL: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf .
Про рішення Ради національної безпеки і оборони України від 14 травня 2021 року "Про Стратегію кібербезпеки України". URL: https://zakon.rada.gov.ua/laws/show/447/2021#Text.
