15/03/2023
The FIIAPP, a Spanish cooperation agency specialising in public policy, is organising this conference through the EU cooperation programme EU4DigitalUA, which it has been implementing in Ukraine since 2020
The Data Protection Conference, held in Warsaw on 14-15 March by the FIIAPP through the European programme EU4DigitalUA, brought together specialists from the Spanish Data Protection Agency with the Ukrainian Ombudsman’s Office, the European Data Protection Board, the European Data Protection Supervisor and representatives of the Ukrainian and European business community. The conference addressed the need to reform Ukrainian data protection legislation to match the challenges of the digital world.
“The courage shown by the Ukrainian people in these difficult times has been reflected in their defence of the fundamental right to data protection in times of war. When the foundations of society are shaken by external events, it is of utmost importance to uphold the freedom of individuals and the rule of law,” said Luis De Salvador, Director of the Technological Innovation Division of the AEPD.
“The Ombudsman and the Ukrainian authorities realised the importance of the protection of citizens’ rights and did not stop working under great pressure to guarantee them, in particular with regard to the protection of personal data,” he added.
“For Ukraine, the reform of data protection legislation is crucial, as its adoption is not only an essential part of Ukraine’s integration into the European Union, but also ensures an adequate level of personal data protection, aligned with the highest European and international standards, a fundamental right that must be protected, especially given the situation the country is going through,” says María Gastón Bertrán, FIIAPP’s Technical Institutional Coordinator for the EU4DigitalUA programme.
During the two-day conference, participants discussed the drafting of the Ukrainian Personal Data Protection Law and the National Commission on Personal Data Protection and Access to Public Information, with the aim of bringing Ukrainian legislation into line with EU standards. EU institutions, including the European Data Protection Supervisor and the European Data Protection Board, have shared their expertise on the implementation of the European Data Protection Regulation (GDPR).
“The current Ukrainian law on personal data protection was adopted in 2010 and is based on Convention 108, a European document from 1981. Therefore, in order to ensure the protection of Ukrainians’ personal data, new updated legislation should be adopted that corresponds to the current level of technological development and, consequently, of personal data processing,” said the representative of the Ukrainian Ombudsman’s Office for information rights, Yulia Derkachenko. The Ukrainian Ombudsman’s Office welcomed the opportunity provided by the conference to highlight the importance of the adoption of a new law and to discuss the European experience of the implementation of the GDPR.
In addition to legislative reforms, the conference also addressed the future of data protection and the role of governments in shaping the future of data protection regulation. Representatives discussed the evolution of privacy laws and the importance of keeping abreast of new technologies and emerging privacy risks.
The EU4DigitalUA project works directly with the Spanish Agency for the Protection of Personal Data, a partner of the programme and responsible for compliance with European standards in Spain, with invaluable experience in this field. In addition, EU4DigitalUA’s Personal Data Protection specialists are co-authors of the new draft law in Ukraine and have provided expert support in relation to the analysis of the draft law’s rules for compliance with the requirements of European law.
Data protection, together with digitisation of the administration and cybersecurity, are the three main axes of the European EU4DigitalUA project that FIIAPP implements in Ukraine since 2020 with a budget of 10 million euros, where the AEPD collaborates in the data protection component.
