We here at the IAPP are shocked and saddened by the news coming out of Ukraine. Like everyone, we are sobered by the developments as we continue to do our daily jobs. The IAPP is a big tent with members around the world. We have many members from Ukraine and wish everyone safety during this time.
For a little background on the recent history of privacy in Ukraine, in September 2020, three IAPP members — Artem Kobrin, CIPP/E, CIPM, FIP, Dmytro Korchynskyi, CIPP/E, CIPM, FIP, and Vladislav Nekrutenko, CIPP/E, CIPM, FIP — wrote a Privacy Tracker article on the “Ukrainian GDPR” and the future of privacy legislation in the country. They also created “Privacy HUB,” a nongovernmental organization aimed at tracking the current state of data protection in Ukraine, as well as “tracking what can be done to change the paradigm, and how not to fail while searching for a balance between the private and public interested in reform initiatives.”
In their piece, they provided a brief history of Ukraine’s involvement with the Council of Europe — a member since 1995 — and in 1997, Ukraine ratified the European Convention on Human Rights. They also pointed out that Ukraine ratified Convention 108 in 2010 and adopted the Law of Ukraine On Personal Data Protection, “which was largely based on the provisions of Convention 108 with the EU’s Data Protection Directive of 1995 and mirrors most of their provisions.”
They also noted that Ukraine is “one of the leading outsourcing centers in Eastern Europe,” and is home to global startups, including Grammarly, Preply, Gitlab and People.ai. To help SMEs in Ukraine, the authors created a privacy self-assessment toolkit and shared it with readers in The Privacy Advisor last Spring.
The nation has a supervisory authority, though the authors above pointed out it is severely understaffed and underfunded. Just last October, the Ukrainian Parliament proposed a draft law on the creation of a National Commission for Personal Data Protection and Access to Public Information.
It’s clear in reading their article from 2020 that they actively work to develop a culture of privacy in Ukraine, but acknowledged there are a lot of obstacles. They noted that a “major stakeholder is people." They wrote that many “people of Ukraine don’t understand the importance of privacy, and as a result, they don’t demand a new law,” but added, “On the other hand, the younger generation starts to show interest in privacy issues, though there is still a long way to go.”
They ended on a positive note, with the hopes of eventually receiving an adequacy decision from the European Commission, “which will make Ukraine an even more attractive economic partner.”
Let us hope these ambitions will eventually become a reality.
Photo by Eugene on Unsplash