1. Amendments to the Law on Electronic Communication
Two amendments to the Law on Electronic Communication are drafted to ensure users’ privacy and anonymity in the use of electronic communication services, as well as to ensure implementation of the network neutrality principle.
The first of the proposed amendments (Article 49 – paragraph 1) is aimed to restrict service providers from the collection and storage of traffic and communication data that are not required for the provision of telecommunication services. In practice, many telecommunications network operators and service providers collect traffic and communication data which are either unnecessary for the provision of services or could be necessary for the provision of some specific on-demand services. These data usually contain information on users’ behavior (traffic logs, users’ location, access timeframe) and might be leaked or infiltrated by adversaries including national and foreign intelligence services without actual knowledge nor consent of users or even service providers themselves.
The second amendment is aimed at the prevention of service providers from the discrimination of traffic by categories or content service providers. The current Armenian telecommunications legislation is missing the net neutrality concept, which is an important element of Internet freedom policy. Armenian Telecommunications Regulatory Authority (Regulator) has declared its adherence to the network neutrality principle but no regulation has been adopted so far to introduce a relevant legal obligation for service provides. The proposed amendment asserts that “service providers must deliver services without discrimination by type of traffic and protocols unless it is technically necessary and unavoidable for a particular type of services”.
2. Amendments and changes to the Law on Personal Data Protection.
The amendments and changes to the Law on Personal Data Protection’s objective is to enhance the institutional and financial independence of the Personal Data Protection Agency (PDPA) and include radical changes of the principles of the establishment and operation of the data protection authority. More specifically, the amendments are proposing the following:
- Establishment of the Personal Data Protection Commission as a collegial body through the appointment by the National Assembly (the Parliament) instead of the Personal Data Protection Agency led by the head, who is appointed by the prime minister and therefore is not fully independent from the executive.
- Introduction of additional administrative procedures to make the Commission’s work more transparent for media and the public.
3. Amendments to the Code of Administrative Violations.
The proposed amendments to the code of administrative violations are aimed at introduction of sanctions for the business entities that are not subject to penalties according to the law in force. The sanctions under the current legislation could be imposed only on individuals even when the violation is made by corporations. If a company collects and processes personal data in violation of legislation the sanctions will be imposed on its management, not the company. The fines that can be imposed are much less than the average salaries of top managers and this results in mass negligence and impunity for the violations of customers’ privacy. The proposed sanctions for corporations are to be calculated as 0.1% of their annual income and will impact shareholders’ income and, therefore, make a change to have a more responsible corporate management.
P.S. The full versions of Amendments in English will be here soon