en
In which cases is the transfer of an employee’s data to third parties prohibited?
In which cases is the transfer of an employee’s data to third parties prohibited?
Expert Anar Bayramov comments on the issue. As a result of the latest amendment, a new – seventh – part has been added to Article 48 of the Labor Code. The addition stipulates that, after the conclusion of an employment contract, except for the transfer to the employer of general information on the employee’s work activity contained in the electronic information system, including data on previously concluded employment contracts with the same or other employers, as well as changes or terminations thereof, the transfer of other information about a person’s employment activity to third parties shall be regulated by the Laws “On Personal Data” and “On Access to Information.”
As can be seen from the addition, through the EMAS subsystem, the following information about an employee may be transferred to the employer:
- Information on employment contracts concluded with current and previous employers;
- Information on amendments made to employment contracts with current and previous employers;
- Information on the termination of employment contracts with previous employers;
The transfer of other information related to the employee’s work activity is regulated by the Laws “On Personal Data” and “On Access to Information.”
First of all, it should be noted that personal data is a set of information relating to an individual’s private and family life. According to Article 13.1 of the Law “On Personal Data,” the transfer of personal data by third parties to the owner or operator, as well as their transfer to any third party, is permitted only with the written consent of the subject (including consent through the Electronic Government Information System).
A personal data subject is understood as a natural person whose personal data is collected, processed, and protected, and whose identity is established or can be established. Under the law, the transfer of personal data is allowed only in the following cases:
1. When open-category personal data is transferred
According to Article 5.3 of the Law “On Personal Data,” open personal data includes information anonymized in accordance with established rules, disclosed by the subject, or entered into an information system created for public use with the subject’s consent.
Example: A person’s name, surname, and patronymic are considered permanently open personal data. Confidentiality is not required for open-category data.
2. When confidential personal data is transferred by state bodies (agencies) or local self-government authorities in connection with the performance of their delegated duties, provided that the legislative requirements for information systems are met
According to Article 5.2 of the Law “On Personal Data,” confidential personal data must be protected by the owner, operator, and users who have access to such data at the level prescribed by law. Except for cases provided by law, confidential data may only be transferred to third parties with the consent of the subject.
3. When the transfer of personal data is necessary to protect the subject’s life and health, and it is not possible to obtain their consent without delay
If a serious threat arises to an employee’s life or health, the law allows the transfer of personal data to third parties without the employee’s consent.
According to Article 38.2 of the Law “On Access to Information,” information relating to private life, access to which is restricted, includes:
Information reflecting political views, religious beliefs, convictions, and worldview, except for membership in private legal entities registered under the law;
- Data on ethnic origin or racial affiliation;
Information collected in the course of criminal cases or other legal proceedings, until an open court hearing is held or a court decision is made, or where necessary to protect morality, private and family life, the interests of a minor, victim, or witness, or to ensure justice;
- Information on a person’s criminal record;
- Information on health status;
- Information on personal qualities, abilities, and other characteristics of the individual;
- Information on applications for social assistance and social services;
- Information on mental and physical suffering;
- Information on domestic violence against the person;
- Tax-related information, except for tax arrears;
- Information on financial transactions.
According to Article 38.3 of the Law, information relating to family life, access to which is restricted, includes:
- Information on sexual life;
- Information on the registration of civil status acts;
- Information on various aspects of family life;
- Information on adoption.
Expert Anar Bayramov comments on the issue. As a result of the latest amendment, a new – seventh – part has been added to Article 48 of the Labor Code. The addition stipulates that, after the conclusion of an employment contract, except for the transfer to the employer of general information on the employee’s work activity contained in the electronic information system, including data on previously concluded employment contracts with the same or other employers, as well as changes or terminations thereof, the transfer of other information about a person’s employment activity to third parties shall be regulated by the Laws “On Personal Data” and “On Access to Information.”
As can be seen from the addition, through the EMAS subsystem, the following information about an employee may be transferred to the employer:
- Information on employment contracts concluded with current and previous employers;
- Information on amendments made to employment contracts with current and previous employers;
- Information on the termination of employment contracts with previous employers;
The transfer of other information related to the employee’s work activity is regulated by the Laws “On Personal Data” and “On Access to Information.”
First of all, it should be noted that personal data is a set of information relating to an individual’s private and family life. According to Article 13.1 of the Law “On Personal Data,” the transfer of personal data by third parties to the owner or operator, as well as their transfer to any third party, is permitted only with the written consent of the subject (including consent through the Electronic Government Information System).
A personal data subject is understood as a natural person whose personal data is collected, processed, and protected, and whose identity is established or can be established. Under the law, the transfer of personal data is allowed only in the following cases:
1. When open-category personal data is transferred
According to Article 5.3 of the Law “On Personal Data,” open personal data includes information anonymized in accordance with established rules, disclosed by the subject, or entered into an information system created for public use with the subject’s consent.
Example: A person’s name, surname, and patronymic are considered permanently open personal data. Confidentiality is not required for open-category data.
2. When confidential personal data is transferred by state bodies (agencies) or local self-government authorities in connection with the performance of their delegated duties, provided that the legislative requirements for information systems are met
According to Article 5.2 of the Law “On Personal Data,” confidential personal data must be protected by the owner, operator, and users who have access to such data at the level prescribed by law. Except for cases provided by law, confidential data may only be transferred to third parties with the consent of the subject.
3. When the transfer of personal data is necessary to protect the subject’s life and health, and it is not possible to obtain their consent without delay
If a serious threat arises to an employee’s life or health, the law allows the transfer of personal data to third parties without the employee’s consent.
According to Article 38.2 of the Law “On Access to Information,” information relating to private life, access to which is restricted, includes:
Information reflecting political views, religious beliefs, convictions, and worldview, except for membership in private legal entities registered under the law;
- Data on ethnic origin or racial affiliation;
Information collected in the course of criminal cases or other legal proceedings, until an open court hearing is held or a court decision is made, or where necessary to protect morality, private and family life, the interests of a minor, victim, or witness, or to ensure justice;
- Information on a person’s criminal record;
- Information on health status;
- Information on personal qualities, abilities, and other characteristics of the individual;
- Information on applications for social assistance and social services;
- Information on mental and physical suffering;
- Information on domestic violence against the person;
- Tax-related information, except for tax arrears;
- Information on financial transactions.
According to Article 38.3 of the Law, information relating to family life, access to which is restricted, includes:
- Information on sexual life;
- Information on the registration of civil status acts;
- Information on various aspects of family life;
- Information on adoption.