Publication Details
Abstract
The digital transformation of governance, commerce, and social interaction in the Republic of Uzbekistan has generated urgent imperatives for the effective protection of personal data. While Uzbekistan enacted its foundational Law “On Personal Data” in 2019 and established the Agency for Personal Data Protection in 2020, the practical implementation of international standards particularly those embodied in the General Data Protection Regulation (GDPR) of the European Union and the Council of Europe’s Convention 108 remains incomplete. This article undertakes a systematic legal analysis of the institutional, legislative, and practical obstacles that impede the alignment of Uzbekistan's personal data protection framework with international norms. Drawing on statutory texts, regulatory instruments, comparative jurisprudence, and doctrinal scholarship, the study identifies six principal categories of implementation deficit: inadequate supervisory independence, underdeveloped consent and purpose-limitation mechanisms, insufficient data subject rights enforcement, the absence of cross-border data transfer safeguards, nascent accountability and data breach notification regimes, and structural tensions arising from state-directed digital infrastructure. The article further situates these challenges within the country's broader digital transformation agenda and offers reform recommendations oriented toward substantive rather than merely formal compliance with international personal data protection standards.