Personal data protection, including biometric personal data, is a fundamental human right that grants individuals the ability to safeguard their information, ensuring it is not used unlawfully or in a manner that causes disturbance.
To uphold this right, the Law "On Protection of Personal Data" was enacted in Armenia in 2015, outlining regulations for handling personal data.
1. Definition And Types Of Personal Data:
Personal data is any information relating to a natural person that allows or can be used to directly or indirectly identify that person (for example, a person's photo, first and last name).
Personal data can also be such that it can indirectly identify a person. In this case, the personal data will need to be combined with other information as well. For example, a person's cell phone number alone is not enough to identify a person at once. Other information will also be needed, for example, the last name, address, etc.
There are 4 types of personal data. They are:
- Biometric personal data,
- Personal life data,
- Special category personal data,
- Publicly Available Personal Data.
2. Biometric Personal Data. Types And Protection Of Biometric Personal Data:
Biometric personal data are the information characterizing the physical, physiological and biological characteristics of a person.
Biometric personal data have their own characteristics. They usually
a) are very close to a person, and they can only be obtained from a person, the physical presence of a person is necessary;
b) allow unmistakable identification of a person, because they are unique, refer to (belong to) only one person and are not repeated.
Examples of biometric personal data include fingerprints, retinal scans, photographs, DNA codes, signatures, voice, etc.
Given its distinctiveness, biometric personal data is categorized as sensitive personal data, necessitating heightened protection. Its usage requires explicit consent from the data subject and should only be processed if necessary for the intended purpose.
Moreover, prior to processing biometric personal data, legal entities or natural person personal data processors (hereinafter the Processor) must notify the personal data protection agency (hereinafter the Agency), particularly if sharing data with third parties or transferring it internationally.
3. Rights And Obligations Of The Data Subject And Processor:
The data subject has the right to receive free of charge information about his/her personal data, the grounds and purposes of processing the data, the processor of the data, his location, as well as the scope of the persons to whom the personal data may be transferred.
The data subject has the right to access his/her personal data free of charge, to request the processor to correct, block or destroy his personal data, if the personal data is incomplete or inaccurate or outdated or obtained illegally or is not necessary to achieve the purposes of the processing.
The Processor is obliged to provide the data subject with the opportunity to get to know the personal data concerning the data subject free of charge. If the personal data of the data subject is incomplete or inaccurate or out of date or obtained illegally or is not necessary to achieve the purposes of the processing, then upon discovery by the processor or an authorized person or after receiving a request from the data subject or a legal representative (or an authorized person), the processor is obliged to take necessary actions to complete, update, correct, block or destroy them immediately or in the absence of such an opportunity within three working days.
In case of refusal to provide, correct, block or destroy the personal data of the data subject based on the written request of the data subject, the processor is obliged to provide the data subject and the Agency with a reasoned written decision within five days from the date of receiving the request, referring to the provisions of the law that served as the basis for making the decision. for:
If the reasons for refusing to provide, correct, block or destroy personal data are not considered justified by the Agency, the processor is obliged to immediately provide, correct, block or destroy the personal data of the data subject or to appeal the decision of the authorized body in court.
Conclusion
In summary, the protection of personal data, especially biometric personal data, is a crucial aspect of ensuring individuals' fundamental rights are upheld. Armenia's Law "On Protection of Personal Data" establishes clear regulations for handling personal data, including biometric information, to prevent unlawful use and protect privacy.
Author:
Artyom Poghosyan
Associate, Legelata Law Firm
DISCLAIMER:
This material is produced for Legelata LLC. The information contained in this piece is provided for general informational purposes only and does not contain a comprehensive analysis of each item described. Prior to undertaking (or not to undertaking) any actions, the reader is advised to seek professional advice tailored to their specific situation. Legelata or the author accepts and holds no liability for acts or omissions taken in reliance upon the contents of the contained information in this material.
LEGELATA LLC 26.04.2024
