12:37 11.02.2009
Republic of Ukraine
The Constitution of Ukraine guarantees the right of privacy and data protection.[2707] Article 31 states, “Everyone is guaranteed privacy of mail, telephone conversations, telegraph and other correspondence. Exceptions shall be established only by a court in cases envisaged by law, with the purpose of preventing crime or ascertaining the truth in the course of the investigation of a criminal case, if it is not possible to obtain information by other means.” Article 32 states “No one shall be subject to interference in his or her personal and family life, except in cases envisaged by the Constitution of Ukraine. The collection, storage, use and dissemination of confidential information about a person without his or her consent shall not be permitted, except in cases determined by law, and only in the interests of national security, economic welfare and human rights. Every citizen has the right to examine information about himself or herself, that is not a state secret or other secret protected by law, at the bodies of state power, bodies of local self-government, institutions and organizations. Everyone is guaranteed judicial protection of the right to rectify incorrect information about himself or herself and members of his or her family, of the right to demand that any type of information be expunged, and also the right to compensation for material and moral damages inflicted by the collection, storage, use and dissemination of such incorrect information.” There is also a limited right of freedom of information. Article 50 states, “Everyone is guaranteed the right of free access to information about the environmental situation, the quality of food and consumer goods, and also the right to disseminate such information. No one shall make such information secret.”
There have been efforts to enact a data protection act for several years. However, as of June 2003, no data protection act has been enacted. A draft Law on Personal Data Protection (No. 2618) passed first hearings on May 15, 2003. This draft law was submitted by Members of Parliament Rodionov, Nikolaenko, Yukhnovsky, Tolochko, and Sytnyk, and drafted by communications experts, employees of the State Committee on Communications and Information, and the Ministry of Internal Affairs. In June 2001, Mr. Zadorozhniy (then Chief of the Parliament Committee on Legal Policy, currently the Representative of the President in the Parliament) introduced an alternative draft bill on Personal Information to the Parliament. The bill was prepared with the assistance of Mr. A. Pazyuk, Director of Privacy Ukraine. The draft covers public and private sectors, provides natural persons with the right to informational self-determination. It includes special provisions concerning sensitive data (racial origin, nationality, trade union membership, political, philosophical and religious beliefs, medical and health data, and data on criminal offenses) and imposes limitation of data transfer to third countries with inadequate level of data protection. The draft proposes the establishment of independent authority for supervision. The National Agency on Personal Data Processing Supervision would be empowered to conduct investigations, impose sanctions, maintain a national register of databases, and to adopt or approve codes of fair information practice proposed by private sector. The draft would require amendments to the Constitution to provide for the appointment of the National Agency chief nominated by the President of Ukraine and subject to the authority of the Parliament. The Agency would be required to submit annual reports to Parliament. MP Zadorozhny’s draft has received positive evaluation by the experts of the Council of Europe in 2001 as it is based on the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108) (Convention No. 108) and the EU Data Protection Directive (95/46/EC). At the same time, the direct marketing industry opposed strong data protection rules. The main obstacle for the adoption of a data protection legal framework in Ukraine is the misunderstanding of the role of a data protection commissioner and the unwillingness to establish an additional public body with effective powers of control.
Before Bill No. 2618, a draft bill on Data Protection, prepared by the State Committee of Communications and Computerization, had been introduced to the Cabinet of Ministers for consideration in December 1999. The draft was loosely based on the Convention No. 108 and the State of Hesse’s (Germany) 1970 Data Protection Act and focused on property rights for privacy control.
A draft Law on Telecommunications (No. 2059-d) passed first hearings on May 22, 2003. The bill was submitted by MPs Pustovoytenko, Lutsenko, Kyukharchyuk, Kostynyuk. Article 33 of the bill establishes consumers’ rights while Article 35 is devoted to the protection of personal data. MP Mr. Rudkovskyi submitted the draft Law on the Protection of the Rights of Telecommunications Users (No. 3299) on March 31, 2003 drafted by Mr. Pazyuk of Privacy Ukraine. The Ukranian Parliament adopted the Law on Telecommunications on July 9, 2003, subject to consideration by the President. The Law does not restrict personal data collection by service providers but prohibits further dissemination.[2708]
The 1992 Act on Information defines only general principles of citizens’ access to information personally related to them. Article 9 provides individuals with access to information concerning them. Exceptions are to be defined by Law. Article 23 of the Statute prohibits collection of personal data without consent of the data subject, and provides the right to know about data collection.[2709] The Constitutional Court of Ukraine ruled in October 1997 that Article 23 prohibited not only the collection of information, but also the storage, use and dissemination of confidential personal information without the consent of the individual.[2710] There are exceptions for national security, economic well-being, and information that would affect another’s rights and freedoms. Confidential information includes, in particular, information about a person such as education, marital status, state of health, date and place of birth, property status and other personal details.
The Act on the Operational Investigative Activity (OIA) of February 18, 1992 empowers law enforcement agencies to conduct surveillance. The agencies are obliged to obtain a warrant under the court procedure as implemented by the Act of the Supreme Court Plenary Session of November 1, 1996.[2711] The Statute does not provide wiretapping procedure rules. Those are regulated by secret rules, adopted by the joint Ministry of Internal Affairs and State Committee as Communications Order No. 745/90 of September 30, 1999. The applications are registered and include the names of officials, and the date and type of communications. Statistical data on wiretapping activity is not publicly available. Under article 11 of the Act, priests, doctors, and lawyers can not be asked about information concerning their clients, and any such information cannot be used as evidence in court. However, in practice, the courts regularly use such information. The special services investigated the Kazakhstan Energy Grid Operating Company in June 2000 for the illegal tapping of employee conversations and charged one employee with a violation of the criminal code.[2712]
On January 18, 2001 a new law was passed amending the OIA Act of 1992. The new Act clarifies the offenses for which surveillance may be used and significantly improves procedures for judicial supervision and oversight. Individuals are not granted full access to the personal data collected by police during the investigation and are allowed only to receive an explanation of the human rights implications of the surveillance. The Act prohibits the dissemination of information about undisclosed crimes, information that might damage an open investigation, the interest of man or the security of the State. The disclosure of State secrets is also prohibited. An Order of the Chief of the Security Service dated March 1, 2001 defines a State secret as data relating to “the preparation, performance and results of secret OIA measures used against persons who are preparing or have committed especially dangerous or heinous crimes against the State.”
The ongoing political scandal concerning the case of murdered journalist and founder of the Ukrainska Pravda newspaper, Heorhiy Honhadze, centers on allegations of illegal wiretapping by the Secret Service Unit (SSU). On November 28, 2000, Oleksandr Moroz, the leader of the opposition Socialist Party faction in Parliament publicly released cassettes linking President, Leonid Kuchma, chief of the President’s Office Volodymyr Lytvyn and Interior Minister Yury Kravchenko to the disappearance of the journalist in September 2000. Not long before his disappearance Honhadze had complained to the Attorney General that he was under continuous surveillance. The cassettes contained alleged recordings of conversations between the three officials during which the President gave the order for action to be taken against Honhadze.[2713] Moroz claimed that he received the cassettes from a telecommunications officer at the SSU, which maintained secret bugging devices in the President’s office.[2714] Presidential office head, Lytvyn, and the president’s representative in parliament, Roman Besmertny, immediately denied the allegations claiming that the cassettes were clearly fakes. One week later the SSU released an official statement dismissing the Moroz report as slander and stating that it was impossible “from the technical or organizational or physical points of view’ to wiretap the communications of state officials.[2715] On December 8, however, members of a committee of inquiry that had been set up to investigate the journalist’s murder were detained and searched by custom and security officers while returning from a visit to the SSU telecommunications officer involved. The recordings of their interview with the SSU officer were taken from them and damaged. In May 2001, the Socialist and Peasant political parties issued a joint official statement demanding answers to some of the legal questions that arose during the scandal including the allegations of widespread wiretapping by the SSU.[2716]
As of June 13, 2002, the Ukrainian Prosecutor-General’s Office has suspended the investigation into the case against former security officer Mykola Melnychenko who was granted United States political asylum after he publicized wiretapped conversations of Ukrainian President Leonid Kuchma suggesting the president’s involvement in illegal activities.[2717] The tapes made in the president’s office are said to implicate President Leonid Kuchma in the journalist’s murder and Several other crimes[2718]. Ukraine wants Melnychenko extradited for divulging state secrets.
Another high-profile incident of illegal wiretapping occurred in 2002. Investigators launched a criminal investigation into the bugging of telephone conversations between the Kiev mayor Oleksandr Omelchenko and the leader of the popular centre-right “Our Ukraine bloc,” Viktor Yushchenko, during a 2001 election campaign.[2719] In Ukraine, it is a criminal offense to publicize private conversations, as well as to secretly record them. The leaders of the all-Ukrainian public movement “For Honesty in Politics” first published the recordings at a news conference on January 9, 2002. The wiretapping is believed to have been done in Kiev and investigators do not rule out the possibility that it was done legally by law enforcement agencies as part of a criminal investigation directed at non-public or -state figures.[2720]
The Ukrainian Supreme Council has supported a resolution to create a parliamentary ad hoc commission to investigate violations of constitutional human rights to the confidentiality of telephone conversations.[2721] Last year the Supreme Council parliament renewed prosecutor supervision over people’s and politicians’ constitutional right to privacy of telephone conversations and correspondence.
The Department of Special Telecommunication Systems and Information Safeguard of the Security Service of Ukraine is authorized under an April 2000 Presidential Ukase[2722] to adopt regulations on the protection of information in data transmitting networks, as well as to establish the “application of the tools for the protection of state information resources.”[2723] The Presidential Ukase, although in force, is not observed. To implement provisions of this Ukase, the Parliament of Ukraine should adopt new laws and amend others. The situation with this Ukase is typical in Ukraine when a law although enacted is not implemented and does, as a result, not influence the social and political life of the country. In July 2000, President Kuchma signed the Ukase on “development of national content of the global informational network (Internet) and wide access to this network in Ukraine.” It sets rules on digital signatures, information security and protection of information “which can not be published according to the law.”[2724]
In September 1999, President Leonid Kuchma proposed regulations requiring that Internet service providers install surveillance devices on their systems based on the Russian SORM system. The regulations had to be withdrawn because of a Constitutional issue and he proposed a bill to implement them. The bill was attacked by the Parliament and withdrawn. In June 2000, several high government officials (including the deputy chair of the security service, the chair of the headquarters of the Ministry of Defense, and the chair of the Presidential Committee on informational security) held closed meetings with representatives of the major Ukrainian ISPs to discuss new SORM regulations. A working group released a document announcing that the group had agreed to implement surveillance capabilities based on the European ENFOPOL 98 initiative and create a working group on filtering and monitoring of unlawful information.[2725] The large ISPs are expected to support the regulations to eliminate competition from smaller ISPs who will not be able to afford the new systems.
An opportunity of use of SORM systems has never been discussed in Ukraine. In 2000, during a conference on information security issues, two Internet associations were created: the Internet Association of Ukraine[2726] and the Association of the Internet Market Players of Ukraine.[2727] When the State Committee on Communications and Information understood that it was difficult to enact a law establishing telephone tapping and making ISPs install tap equipment, they issued Instruction No. 122 in June 2002 that compels State bodies’ ISPs to get a certification at the Department of Special Telecommunication Systems and Information Safeguard of the Security Service, that requires the use of special tap equipment. Currently, only one Ukrainian ISP has already been granted such certification. Other ISPs refuse to apply for certification and go on working with state bodies.
The chief of the National Security Service (SBU) Yuri Radchenko stated at a press conference on July 14, 2001 that the SBU “ha[d] no plans to control the Internet in Ukraine but that it would rather like to register all Ukrainian Internet users.”[2728] In October 2001, the Council of National Security and Defense took a decision that was enacted by the Ukaseof the President on The Measures for the Improvement of National Information Policy and Safeguards of Information Security of December 6, 2001 (No. 1193/2001). The Ukase directed the Cabinet of Ministers to elaborate and introduce draft laws compelling ISPs and electronic media to obtain licenses, monitor Internet traffic, and store Internet traffic data for a period of six months. It has been President Kuchma’s second attempt to oblige the Ukrainian providers of communication services to install at their own expenses wiretapping equipment as a requirement to obtain a state license. The first attempt was embodied in Ukase No. 737/99 of June 27, 1999 supplemented with the draft law introduced to the Parliament on June 29, 1999. The Parliament of Ukraine considered the presidential proposal but turned it down, by an Enactment of September 7, 1999 (No. 1016-14), and since then, the Cabinet of Ministers has not introduced any similar bill to the Parliament yet.
There are several other laws that control personal information.[2729] The cabinet approved the creation of a Single State Automated Passport System in January 1997 as a component of the State Register of Population.[2730] The system will be used as an internal ID system and hold both textual and graphical data about every Ukrainian. The text data will include: first, patronymic and last name, date of birth, sex, identification number, date of registration and residence, data of another state citizenship, data of passport and its duplicates, data of job/study, matrimonial status, data of husband/wife and children, education, military draft status, date of documents for traveling abroad, and memorandums (disability care, restriction for traveling abroad). The graphical information will include: identifier, biometrics data and signature. Religious conservatives demonstrated in opposition to the application of personal identification numbers approved by the Act on State Register of Natural Persons - Taxpayers.[2731] The Parliament approved an amendment to the statute in July 1999 allowing for an alternative system of registration to be used for persons with religious grounds for opposing identity numbers.[2732] There are also laws relating to tax information,[2733] social insurance,[2734] domicile registration,[2735] retirement insurance,[2736] unemployment insurance,[2737] criminal investigations,[2738] juvenile records,[2739] former prisoners,[2740] military service records,[2741] medical records,[2742] and HIV and AIDS records.[2743]
The Parliament of Ukraine adopted a new edition of the Criminal Code on April 5, 2001. The new code includes several articles relating to privacy violation and will go into effect in September 2001. Article 132 prohibits dissemination of information about AIDS or other incurable diseases data by medical personnel. Dissemination of other confidential medical data by a doctor is punishable under Article 145. Article 162 provides for criminal liability for unlawful entrance, search and seizure. Article 163 criminalizes the unlawful wiretapping or interception of electronic communications. Article 168 provides liability for disclosing confidential information regarding child adoption. Finally, Article 182 on ‘Breaching the Inviolability of Private Life’ provides that the
[u]nlawful collection, storage, usage or dissemination of confidential information related to a person without consent or the dissemination of such information in a public speech, or production or in the mass-media, is punishable by a fine of up to 50 multiple tax free incomes or correctional labor of up to 2 years or imprisonment of up to 6 months or limitation of liberty of up to 3 years.
Considering that the Constitutional Court of Ukraine has interpreted “confidential information” to include all personal data related to individual, the broad scope of Article 182 poses a real threat to freedom of speech. In order to address this issue, the draft bill on Personal Information (introduced in June 2001) proposes that this article be amended to criminalize only the use of personal data for unlawful actions that endanger the life or health of the person concerned.
The 1992 Act on Information provides a right of access to government records.[2744] Article 21 sets out methods for making official information public, including disclosing it to interested persons orally, in writing or in other ways. Article 29 of the Statute prohibits the limitation of the right to obtain non-covert information. Article 37 sets out a long list of exceptions. The author of a rejected or postponed request has a right to appeal the decision to a higher echelon or court (Article 34). There is limited access to the files of the former secret police under the Act “on rehabilitation of victims of political repressions,” which gives the rehabilitated citizen or his heirs the right to read his personal file kept in the KGB archives.
Access to public and private archives is regulated by the Law on National Archival Fund and Archival Bodies of December 24, 1993 (No. 3814-XII) in the version of the Law of December 13, 2001 (No. 2888-III). Article 16 provides that archival bodies have the right to limit access to documents owned by state or local communities containing state secrets, or other secrets protected by the laws until the documents are declassified by state secrecy experts. The duration of access limitation is regulated by the Law on State Secret of November 21, 1999. It ranges from five to thirty years depending on the level of secrecy. Public access to confidential personal data the disclosure of which could threaten life or the inviolability of the home is barred for seventy-five years. It is possible to get access to such documents with the permission of the data subject or his heirs. Access is permitted to the staff of the archival bodies, courts, law-enforcement and tax bodies if provided by laws.
Ukraine is a member of the Council of Europe but has not signed or ratified the Convention No. 108. It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[2745] The European Parliament supported the European Union Common Strategy towards Ukraine in a vote on March 15, 2001, but at the same time it urged rapid changes to many current Ukraine policies.[2746]
http://www.privacyinternational.org/survey/phr2003/countries/ukraine.htm#top