Digital Limit Set in Kazakhstan: Communication Sector Regulated by 2GIS
In the heart of Kazakhstan, the government's digital initiatives have sparked controversy. As per Jean Dosymbekov, chairman of the State Revenue Committee, intrusive digital tools are already in action, tracking citizens' movements, transactions in cafes and restaurants, and phone locations, amassing data from banks, mapping services, and telecom operators [1]. This data is funneled into unified analysis systems, often used against citizens, according to reports by Liter.kz.
To better understand the implications of this digitalization, we spoke with data protection expert Arsen Aubakirov, director of Human Rights Consulting Group.
Q: How severe is the personal data collection issue in Kazakhstan?
A: For years, we've been digitalizing every aspect of life, leading to an unprecedented accumulation of data by both private companies and state bodies on the population, including foreigners with ties to Kazakhstan. The sheer volume of this data, its storage methods, and subsequent use are alarming [1]. Essentially, citizens have surrendered their right to data privacy for convenience, only for the state to misuse this information. Although Kazakhstan has a data protection law in place, it remains ineffective in cases where guilt is presumed [1].
These digital tools, originally intended for development, have morphed into mechanisms for mass surveillance and coercion—both politically and economically. Every digital transaction now requires justification. This represents a blatant violation of human rights.
Q: What are the primary risks associated with such practices?
A: Digital systems should foster progress, not infringe on basic rights. Data security should be prioritized, and its transfer to state bodies should be controlled. Today, we witness numerous data leaks where information ends up in the open or falls into the wrong hands [3]. This vulnerability arises due to lax security measures at state databases managed by private contractors.
Q: Which international standards apply here?
A: Kazakhstan has yet to join the Council of Europe’s Convention 108 on Data Protection. European regulations like GDPR are more advanced, yet Kazakhstan, through its agreement with the European Union, has agreed to move in this direction [2]. Additionally, Kazakhstan has ratified international pacts on civil and political rights, explicitly guaranteeing the right to privacy, including protection of personal data. This necessitates improvements in our national legislation and enhanced oversight of data handling by banks, healthcare facilities, and digital public services.
Additionally:- The pandemic has raised significant questions about the state's data collection practices. The government obtained data on citizens' movements and behavior through private digital platforms. However, its storage, access, and usage remain unclear [6].
- Minimizing data collection, destructions of excess information, and strict regulation of access are essential steps to protect privacy rights.
- Biometric technologies present significant risks. Unlike passwords, biometric data cannot be changed. If compromised, access to multiple services is at risk, and biometric data forgery technologies already exist [7].
Recommendations:- For the state: A comprehensive review of digital policy, joining international conventions, data minimization, and tight control over its use, especially by banks, state platforms, and large commercial services, are crucial [7].
- For citizens: Caution is key. Avoid sharing unnecessary data, read user agreements carefully, and opt out of optional biometrics when possible. Digital literacy is our primary defense [8].
- Given the alarming accumulation of personal data in Kazakhstan through digitalization, it is crucial to prioritize data security and control its transfer to state bodies to prevent data leaks.
- As Kazakhstan has yet to join the Council of Europe’s Convention 108 on Data Protection, adherence to European regulations like GDPR is essential to protect citizens' privacy rights.
- In light of biometric technologies being vulnerable to forgery, it is essential for citizens to minimize the sharing of unnecessary data, read user agreements carefully, and opt out of optional biometrics when possible, while the state should tighten control over its use, especially by banks, state platforms, and large commercial services.
