On 30 May, 2024, the Moldovan Parliament passed in first reading a new draft law on the protection of personal data The draft law was approved by the Government earlier on 8 May, 2024 to connect the national legal framework to international standards, including European Union law.
The law aims to create a balance between the rights of the data subject (an identifiable natural person), the general principles of data protection and the general confidence in the activity carried out by controllers. The law provides for better control and more rights to data subjects, obligations and responsibility of the controller to better protect personal data and limit the processing to what is strictly necessary.
Premises and problems that led to the legal initiative
The initiative is provided in the National action plan for accession of the Republic of Moldova to the European Union for the years 2024-2027, with a due date for adoption of the law in February 2024. The aim of the current draft is to transpose the EU Regulation 2016/679 (General Data Protection Regulation - GDPR) into the internal regulatory framework of the Republic of Moldova. The Ministry of Justice , the initiator of the draft law, defined three problems that underpin the need to adopt the new law:
- Failure to ensure a high level of personal data protection in accordance with legal instruments and international standards, of the European Union and the Council of Europe.
- Companies that carry out economic activities in the member states of the European Union face different requirements of the national legislation of the Republic of Moldova, and on the EU level. The result is a fragmented legal environment that generates a context of legal uncertainty and unequal protection of individuals, unnecessary costs and administrative burdens.
- Difficulties for individuals to maintain control over their personal data.
Benefits of the new draft law
Individuals would benefit from the law in the following ways:
- Easier access to personal data processed by the controllers; (providing more information about how that data is processed and making this information available in a clear and understandable form);
- A new right to data portability (facilitates the transmission of personal data from one service provider to another);
- A clearer "right to be forgotten" (refers to the obligation of the controller to delete personal data following the request of the data subject, when there is no good reason to keep the data);
- A comprehensive set of rules regarding the violation of personal data security.
Benefits for business and CSOs include the following:
- A harmonised legal framework that will lead to the uniform application of the rules for the benefit of the digital single market of the EU;
- Techniques favourable to confidentiality (pseudonymisation);
- Clearer responsibility of the controllers and clearer obligations of the processors ;
- A modern system of government to ensure that rules are enforced more consistently and firmly;
- A modern set of tools for international data transfers. The tools include adequacy decisions adopted by the European Commission in case the non-EU country offers an adequate level of protection, pre-approved (standard) contractual clauses, mandatory corporate rules, codes of conduct and certification mechanism.
Participation in the preparation of the law, and what it means for CSOs
The Parliament launched a round of public consultation on the draft with feedback expected until 3 June, 2024. The draft law was first proposed for public consultation by the Government in July 2023.
If adopted by the Parliament, the new law would replace the current Law on the protection of personal data 133/2011.The current law regulates the processing, storing and use of personal data. CSOs are entitled to handle personal data and are subject to the same obligations and requirements as other legal persons. Monitoring and control of compliance with the relevant legislation is the duty of the National Centre for Personal Data Protection, which keeps its functions under the new draft law.