LEGISLATION IN THE FIELD OF PERSONAL DATA PROTECTION IN THE DIGITAL ENVIRONMENT: FOREIGN EXPERIENCE AND NATIONAL PERSPECTIVES
Keywords:
human rights, the right to privacy, digital transformation, protection of personal data, rights of the data subjectAbstract
This article provides a comparative legal analysis of the experience of various foreign countries in ensuring the protection of personal data as a fundamental human right in the context of digital transformation. The study compares the approaches to ensuring the right to privacy, the rights of the data subject, and human rights in the digital environment in the national legislative systems of the European Union, the United States of America, the Asia-Pacific region, and Central Asia. The article reveals the specific features of the models of regulation of digital rights and institutional systems of states belonging to different legal families. The author used the methodology of comparative analysis to determine the most effective ways of implementing international human rights standards into national legislation. The research results will serve to develop practical recommendations for improving the system of human rights protection in the digital environment of the Republic of Uzbekistan.
References
Act on the Protection of Personal Information. (2003). Act No. 57 of 2003, as amended by Act No. 37 of 2021. https://www.japaneselawtranslation.go.jp/en/laws/view/4241/en
Bradford, A. (2020). The Brussels effect: How the European Union rules the world. Oxford University Press.
California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100–1798.199.
Charter of Fundamental Rights of the European Union. (2000, December 18). https://www.europarl.europa.eu/charter/pdf/text_en.pdf
Children’s Online Privacy Protection Act of 1998, Pub. L. No. 105-277, div. C, title XIII, 112 Stat. 2681 (1998), codified at 15 U.S.C. §§ 6501–6505. https://www.law.cornell.edu/uscode/text/15/chapter-91
Council of Europe. (2018). Convention for the protection of individuals with regard to automatic processing of personal data (Convention 108+).
European Data Protection Board. (2024). Annual report 2023. https://www.edpb.europa.eu/system/files/2024-04/edpb_annual_report_2023_en.pdf
European Parliament & Council of the European Union. (2016). Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation).
European Parliament & Council of the European Union. (2022a). Regulation (EU) 2022/2065 on a single market for digital services and amending Directive 2000/31/EC (Digital Services Act). https://eur-lex.europa.eu/eli/reg/2022/2065/oj/eng
European Parliament & Council of the European Union. (2022b). Regulation (EU) 2022/1925 on contestable and fair markets in the digital sector (Digital Markets Act). https://eur-lex.europa.eu/eli/reg/2022/1925/oj/eng
Greenleaf, G. (2014). Asian data privacy laws: Trade and human rights perspectives. Oxford University Press.
Gramm–Leach–Bliley Act, Pub. L. No. 106-102, 113 Stat. 1338 (1999).
https://www.govinfo.gov/content/pkg/PLAW-106publ102/html/PLAW-106publ102.htm
Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191, 110 Stat. 1936 (1996). https://www.congress.gov/bill/104th-congress/house-bill/3103
Ismailov, B. I. (2019). International standards in the field of personal rights and freedoms and the national legislation of the Republic of Uzbekistan (Doctoral dissertation abstract, specialty 12.00.10 – International law). Tashkent.
Korea Internet & Security Agency (KISIA). (2024). 2023 information security status survey. IITP/KISIA. https://kisia.or.kr/research/infosec_survey/
Kuner, C., Bygrave, L. A., & Docksey, C. (Eds.). (2020). The EU General Data Protection Regulation (GDPR): A commentary. Oxford University Press. https://doi.org/10.1093/oso/9780198826491.001.0001
Republic of Kazakhstan. (2013, May 21). Law No. 94-V of 21 May 2013 “On Personal Data and Their Protection”, as amended by Law No. 96-VII of 30 December 2021. https://adilet.zan.kz/eng/Kyrgyz Republic. (2008, April 14). Law No. 58 of 14 April 2008 “On Personal Data”, as amended (latest amendments: 12 July 2022). https://dpa.gov.kg/en/npa/4
Muminov, A. (2025). International legal regulation of the right to internet access: A new generation of human rights. TSUL Legal Report, 6(4). https://dx.doi.org/10.51788/tsul.lr.6.4./LGWC1735
Republic of South Korea. (2011). Personal Information Protection Act (Act No. 10465).
Personal Information Protection Commission of Korea – PIPC. (2023). Annual report on personal information protection.
President of the Republic of Uzbekistan. (2020, October 5). Decree No. PF-6079 on approval of the “Digital Uzbekistan — 2030” strategy and measures for its effective implementation. https://lex.uz/ru/docs/-5030957
Republic of Uzbekistan. (2019, July 2). Law No. O‘RQ-547 on personal data. https://lex.uz/docs/-4396419
Solove, D. J. (2023). The limitations of privacy rights. Notre Dame Law Review, 98(3), 975–1020.
U.S. Department of Health and Human Services, Office for Civil Rights. (2023). HIPAA security rule: Summary. U.S. Department of Health and Human Services. https://www.hhs.gov/hipaa/for-professionals/security/index.html
United Nations (2018). United Nations High Commissioner for Human Rights. The right to privacy in the digital age (A/HRC/39/29).
World Economic Forum. (2023, September). Internet access is not a luxury, but a basic necessity. https://www.weforum.org/stories/2023/09/broadband-no-luxury-basic-necessity/
Downloads
Published
Issue
Section
License
Copyright (c) 2026 JURISPRUDENCE
This work is licensed under a Creative Commons Attribution 4.0 International License.
