Powers of the Personal Data Protection Authority in Europe and Kazakhstan: comparative analysis, recommendations for improving the activities of the Kazakhstani Personal Data Protection Authority

Abstract

The progressive development of digital technologies has penetrated all spheres of human activity, society, business, and the state. The constant development of digital technologies entails risks and threats to human rights and freedoms, honour and dignity, and well-being. States, as guarantors and defenders of human rights and the right to the protection of personal data, are improving legislation and the activities of executive bodies. European legislation emphasises the vital role of personal data protection authorities (DPA). At the legislative level, the General Data Protection Regulation (GDPR) obliges DPAs to raise public awareness and provide advice and guidance on personal data law and its uniform application.

This article examines the powers of European and Kazakhstani DPAs. We will look at European legislation on the functions of DPA. Next, we will demonstrate the Estonian experience and look at the activities of the Kazakhstani DPA. We conclude that it is necessary to allocate DPA in Kazakhstan to an independent, separately existing executive body specialising exclusively in protecting personal data with highly qualified personnel and empower it with additional functions. Strengthening the role of the Kazakhstan DPA will contribute to more effective and improved protection of the right to personal data protection.