In our increasingly digital world, personal data has become one of the most valuable commodities. Recognizing this, Uzbekistan's Law 'On Personal Data' (updated in 2022) establishes a robust framework for how organizations must handle citizens' information. This law is not just for tech companies; it applies to any entity (a bank, a clinic, an online store, an employer) that collects, stores, or processes personal data.
The law grants you, the 'data subject,' several fundamental rights. First, you have the right to informed consent. An organization must clearly explain why they are collecting your data and what they will do with it *before* you provide it. Vague or pre-checked consent boxes are generally not sufficient. Second, you have the right to access your data at any time and demand that any incorrect or outdated information be corrected or deleted (the 'right to be forgotten').
For businesses (data 'operators'), the law imposes serious responsibilities. They must implement appropriate technical and organizational security measures to protect data from leaks, loss, or unauthorized access. Violations of this law can lead to significant administrative and, in severe cases, criminal liability, including substantial fines. This legislation empowers citizens to take control of their digital footprint and holds organizations accountable for how they use it.