Legislative Framework for Data Policy (AM0046)
Overview
At-a-Glance
Action Plan: Armenia Action Plan 2022-2024 (December)
Action Plan Cycle: 2022
Status:
Institutions
Lead Institution: Ministry of High-Tech Industry
Support Institution(s): Office of Deputy Prime Minister Mher Grigoryan; "Armenia Information Systems Agency" Foundation; Ministry of Justice; Ministry of Foreign Affairs; Office of the Security Council; National Security Service; "Digital Armenia" NGO; Other NGOs and organizations that will join the commitment; Central Bank, the National Assembly, "EKENG" CJSC, Private Sector
Policy Areas
Access to Information, Data Stewardship and Privacy, Digital Governance, Legislation, Open Data, RegulationIRM Review
IRM Report: Armenia Action Plan Review 2022-2024
Early Results: Pending IRM Review
Design i
Verifiable: Yes
Relevant to OGP Values: Yes
Ambition (see definition): High
Implementation i
Completion: Pending IRM Review
Description
Brief Description of the Commitment
In the context of modern technological developments, data and the management of data and information systems are of central importance for the establishment of an efficient society, economy and state. Accordingly, the strategic agendas of digitalization and public administration reforms of the Republic of Armenia consider the formation of institutional structures of data management in the country as an agenda priority, emphasizing first of all the formation of the legislative framework defining the general policy around data. Under the mentioned strategic agendas, the ideology of considering the data as public wealth is laid as the basis of the state policy. The establishment of a complete institutional and legislative system of data management is of the utmost importance not only for the effective delivery of the state system and state services, but also for increasing the productivity and competitiveness of the private sector. The formation of institutional and legislative foundations of data management is an opportunity to create a legal and citizen-centric design and operation of administrative information systems, the introduction of data access structures with the logic of open data policy, the introduction of citizen inquiries and traceability systems about their personal data, the interoperability of administrative information systems, data management standards, the scope of data-related rights and responsibilities, etc. At the moment, the policy and institutional arrangements regarding data and information systems in Armenia are fragmented and partial, they do not fully meet the developments of the time and the needs of the development of digital and virtual economy, public service provision and management systems. Therefore, it is necessary to develop and implement unified and comprehensive legal regulations, which will outline the entire field of data relations and enforcement mechanisms. With the legislative package defining the data policy, it is planned to develop: 1. The Law of the Republic of Armenia "On Freedom of Information and Public Information", the purpose of which is to ensure the realization of the right to receive information provided by the Constitution of the Republic of Armenia by providing effective and quality public services to the public and every person, as well as ensuring access to information defined by this law, which will enable to carry out public control over the performance of their duties by state bodies. The law will regulate relations related to freedom of information, will define the authority of information managers in the field of information provision, as well as regulate the conditions, procedure and methods of providing public information, receiving information and multiple use of information, the conditions and procedure for classifying, using and accessing restricted information. 2. RA Law "On Cyber Security", the main purpose of which is to create a cyber-safe environment in information systems and critical information infrastructures. The law will regulate the relations related to the detection of cyber incidents, their notification, prevention and resolution, monitoring, supervision and the application of measures of responsibility for compliance with the requirements of this law, as well as will define the scope of the subjects who are obliged to ensure the information systems and critical information they use. cyber security of infrastructures, their continuous, uninterrupted and safe use.
Problem Definition
1. What problem does the commitment aim to address? The development of the legislation defining the data policy is aimed at the regulation of relations around the formation and use of data in Armenia, the formation of institutional frameworks with the adoption of the open data doctrine. RA legislation will form foundations and provide an opportunity to clarify the rights and responsibilities of data market participants, regulatory bodies and other institutional structures with the best available solutions, the legal framework necessary for providing safe and citizen-centric services, increasing the efficiency of the public administration system, promoting the competitiveness and efficiency of the economy, and developing the digital economy and digital society.
2. What are the causes of the problem? Currently, the principles and approaches of data policy, the system of rights and responsibilities related to data generation, processing, storage, exchange, use and distribution, security issues are regulated in a fragmented manner. Currently, in the context of the increasing volumes of the digital economy, the modernization and digitization processes of public administration and public services, there is an inevitable need for ensuring full regulation. The fragmentation of legal regulations defining the data policy hinders the implementation of the commitments declared by the State, aimed at ensuring the more effective, open, transparent and accountable management system.
Commitment Description
1. What has been done so far to solve the problem? There is a legislation on personal data protection and freedom of information in place, which, however, does not provide the full and up-to-date legislative framework on the data policy. A working team has been formed within the Information Systems Management Council for the elaboration of legislation aimed at the introduction of data policy.
2. What are the solutions we propose? With the aim to address the problem, the Ministry of High-Tech Industry, in co-operation with interested institutions, has undertaken the implementation of the measure "Formation of legislation defining the data policy", which is also one of the goals declared by the 2021-2026 RA Government Programme and the strategy of Public Administration reforms.
3. What results do we want to achieve by implementing this commitment? The elaboration and adoption of data policy legislation will enable to fully regulate the field of relations for the digital economy, digital society and digital state and services, which will, in its turn, improve the quality of data, access and their safe management. The quality of services being provided to the public, the public confidence in state data and information systems, and the usage of digital services will significantly increase. As a final result, it is expected to create complete legal grounds critical for development of citizen-centred and data-based policy, and development of economy and digital society.
Commitment Analysis
1. How will the commitment promote transparency? The legislation defining the data policy will include regulations on the rights and responsibilities of those carrying out actions regarding the data, their receipt, processing, storage, transmission and other actions; the system of rules related to data access and transparency will also be formed based on the doctrine of open data; legal grounds and standards for data catalogues and on ensuring public access to meta data will be provided.
2. How will the commitment help foster accountability? The standards of data classification, usage, quality assessment, identification, data protection and accurate distribution, risk management principles, responsibility and accountability, and other legal relations will be defined and specified by the legislation of the Republic of Armenia.
3. How will the commitment improve citizen participation in defining, implementing, and monitoring solutions? The elaboration and actual implementation of data legislation based on the open data policy will also contribute to the development of citizen-state communication and participatory management systems through the implementation of more intelligent and mutually reliable solutions and platforms. At the same time, the data legislation will also provide a sufficient legal infrastructure, which will make it possible to introduce public service quality monitoring, control and management systems, to encourage citizen-centric and citizen-experience-based design and delivery practices of public services.
Commitment Planning (Milestones | Expected Outputs | Expected Completion Date)
Action 1. Study of international practice with the participation of international experts and interested public sector representatives | Selection of the best applicable practice for Armenia, revealing legislative gaps based on international benchmarking and identification of necessary regulations | 2nd half of 2022
Action 2. Drafting of a legislative package based on international practice and local context | Formation of a legislative infrastructure | 1st semester of 2023
Action 3. International and local expert discussions on the draft legislative package | Applying as much as possible the available expertise and collecting feedback during the elaboration stage of the initial version of the package | 1st half of 2023
Action 4. Public discussions on the draft legislative package through recognized official channels and in more interactive and participatory formats | Public awareness raising measures on legislative solutions, formation of perceptions, opinions and public consensus | 2nd half of 2023
Action 5. Circulation of the final document between the state administration bodies. Adoption of relevant legal act | The basic concept document will be accompanied by manuals for the application and use of the concept. | 1st half of 2024
Relation of the Commitment to strategic documents and other international processes | Section "6. Institutional Development" of the 2021-2026 Programme of the Government of the Republic of Armenia
IRM Midterm Status Summary
Action Plan Review
Commitment 1. Legislative framework on Data policy
● Verifiable: Yes
● Does it have an open government lens? Yes
● Potential for results: Substantial
Commitment 1. Data policy legislation
Lead agency: Ministry of High-Tech Industry
For a complete description of the commitment, see Commitment 1 in Armenia’s 2022–2024 action plan here.
Context and objectives:
Under this commitment, the government will adopt a unified data management policy that will govern all state-held information and define a policy for open data (i.e., clarify the legal grounds and standards for data catalogs and ensure public access to meta data). It will also set criteria for which state-held information should be available to the public free of charge and which should be provided for a fee. Several proposals during the co-creation process from civil society concerned opening specific databases and registries. This commitment will provide a general regulatory policy for resolving questions in this area.
The commitment is linked to the Public Administration Reform Strategy, which calls for a comprehensive data policy and an institutional data management system. [1] It is also in line with the Government Program 2021–2026, which aims to upgrade the administrative information systems and the capacities of official statistics through a unified data policy. [2] The commitment will contribute to government transparency by setting clear regulations for the publication of state-held information and ensuring government compliance to open data principles.
Potential for results:Substantial
The IRM assesses this commitment as having substantial potential for results in opening government-held data. If fully implemented, this commitment would result, for the first time, in state-wide, legally binding, comprehensive regulations on how the government manages and publishes the data it holds, including the application of open data standards. While the laws on freedom of information [3] and government procedures provide basic rules on managing and providing information, they are limited in scope and do not contain any official policies on open data. [4] The government has implemented many stand-alone open data initiatives in the past. For example, previous OGP action plans included commitments on open data in officials’ asset declarations, beneficial ownership, education, and an interactive state budget. Other platforms established outside OGP include an electronic register of legal persons, a public procurement plan and contract management platform, and a legal information system. [5] However, until now, there has been no comprehensive approach or unified regulatory principles for such initiatives.
This commitment addresses the need for a unified policy that will clarify the grounds for restrictions to public access to types of information handled by specific government bodies (as well as non-state public service providers). [6] For example, journalists can request information on company founders and shareholders on the state register for free, but other organizations and citizens must pay. This can make it difficult to verify beneficial ownership information and establish potential conflicts of interest or corruption risks. Similarly, the information in the state cadastre is provided on a paid basis, while this information might help users verify officials’ asset declaration or check conflict of interest when a public property is sold. There is no consistent approach by state bodies around what data they provide to the public and what data they consider closed. For example, some state bodies publish information on civil servants while others consider this personal data and thus not eligible for publication. Moreover, some information can be rejected on the grounds of state secrecy without proper justification. This commitment will provide important clarifications around the grounds for restricting access to certain state-held information and, where possible, remove unnecessary restrictions.
The commitment will also give Armenia its first state-wide official open data policy, which is a priority for civil society. [7] Although some platforms and registers incorporate open data standards, many government agencies still publish documents in PDF format, which are often not machine readable (e.g., a scanned text). While Armenia’s score in Open Data Inventory by Open Data Watch has improved from 53 in 2018 to 57 in 2020, the openness score remained the same—55. [8] In the long term, this commitment could expand the coverage of government-held data to be disclosed and improve usability and openness by requiring compliance to open data standards for any government-held data.
Despite an increased volume of digital data, the government lacks regulations on how to manage, protect, and archive this data electronically. The new regulations will address issues related to mismanagement of personal data (such as leaks) by setting government-wide standards for management, processing, storage, and publication.
Opportunities, challenges, and recommendations during implementation
Although the commitment sets an important regulatory framework for government-held information, it lacks clarity on important components of the legislation. For example, it does not explicitly mention who the legislation will cover as data holders (e.g., state administration, state-owned organizations, local governments, public service providers) what type of legislation is expected (e.g., government regulation, law, or other type of legal act), or the sanctions for noncompliance. In addition, a potential challenge to implementation will be the lack of capacity of state officials to deal with datasets and a lack of knowledge on open data standards and handling personal data.
For achieving substantial results, the IRM recommends the following steps during implementation:
- Clearly define in the legislation the datasets to be made public, the open data standards to be adopted, the requirements for regular updates, and the sanctions for noncompliance. Based on civil society stakeholders’ suggestions, the government could prioritize making available free of charge the data of the State Registry and the State Cadastre, as well as information on state-owned property and its usage, including lease contracts, the list of museum pieces, and others per discussions with the public and civil society. [9] The European Union’s (EU’s) Directive 2019/1024 on open data and the reuse of public sector information could be useful for setting open data regulations, [10] along with the guidelines on open data. [11] Armenia could also learn from the experiences of other countries pursuing national open data portals, such as Canada, Estonia, Finland, and Ukraine. [12]
- Engage open data users when designing and implementing the data legislation. To ensure the legislation’s usefulness, it will be important to incorporate the needs of potential data users, including civil society and investigative journalists, during its drafting and implementation. For example, in its 2016–2018 action plan, Ireland developed a three-year open data roadmap in consultation with public bodies, businesses, civil society organizations (CSOs), and researchers. [13] In its 2022–2024 action plan, Romania is engaging civil society to identify high-value data sets in implementing its national law on open data. The commitment also entails implementing an “open by design and by default” principle in the government and increasing citizens’ data literacy. [14]
- Train the staff of state administration, local governments, and public service providers dealing with data. The government could conduct trainings in collaboration with experts and partner CSOs to ensure the application of the effective execution of the data policy. Also, data security should be addressed in the data management legislation and trainings of civil servants. For example, Croatia’s 2022–2024 action plan has a commitment to train civil servants and officials on personal data protection. [15]
- Clarify if the legislation will cover private entities providing public services and municipal governments. Armenia’s freedom of information law covers private companies providing public services in the list of information holders. However, there is a need to clarify whether, and in what scope, the new policy will cover such companies. The government could consider the enforcement of the data management policy for private actors engaged in delivering public services and for municipalities.