About 80 percent of websites in the country illegally collect personal data of users. This is stated in a study of personal data in the commercial sector, conducted with the support of the Soros Foundation-Kyrgyzstan.
It is noted that these companies do not inform users about the personal information collected, purposes of collection and processing, rights, storage periods and their protection.
«Of the more than 500 websites visited, approximately 180 directly collect users’ personal data. The vast majority collect contact information of Kyrgyzstanis for feedback and sending information about company’s promotions and products. The vast majority of online forms for obtaining consent for the processing of personal data do not comply with the law,» the study says.
According to the current legislation, there are no norms for giving electronic consent for the collection and processing of personal information, except for the use of an electronic signature.
Of the 180 websites that requested personal data, more than 40 percent of the resources were located outside the country. At the same time, only six companies displayed items on cross-border transfer of information in the consent form.
Only one firm out of 519 developed and published a data processing policy in the Kyrgyz language.
«In the course of the study, after studying the legislation and analyzing the information leakage, we believe that there are significant gaps in it. The rights to withdraw the consent are not clearly spelled out, the process of giving electronic consent is complex (only electronic signature), there are no rules on notification of leakage, there is no option to unsubscribe from marketing mailings and no rules on the protection of personal data of children,» the researchers noted.
