Regulatory and Legal Framework for Personal Data Processing in Ukraine’s Public Electronic Registries
DOI:
https://doi.org/10.35774/app2026.01.098Keywords:
personal data, public electronic registers, personal data protection, GDPR, digital transformation, right to privacy, access to registry data, personal data processing principlesAbstract
The article examines the legal regulation of personal data processing in public electronic registers of Ukraine in the context of intensive digital transformation of public administration and the country’s European integration course. It is established that public electronic registers are among the largest personal data operators in the modern state, and their functioning gives rise to legal conflicts between the principles of openness of registry data and the requirements for the protection of the right to privacy. The article analyses the multi-level system of legal regulation in this sphere, encompassing constitutional guarantees, special legislation – in particular the Laws of Ukraine «On Personal Data Protection» and «On Public Electronic Registers» – sectoral normative acts and subordinate legislation.
The methodological framework of the study is based on general scientific and special legal methods, in particular the dialectical, formal-legal, systemic-structural, and comparative-legal methods, which were used to analyze the legal regulation of personal data protection in public electronic registers, identify legislative gaps, and formulate proposals for its improvement.
The key principles of personal data processing in registry systems are examined: lawfulness, functional sufficiency, purpose limitation, accuracy and data security. It is revealed that the practice of aggregating registry data through integrated electronic service portals significantly complicates compliance with the data minimisation principle and creates additional risks to the confidentiality of citizens’ personal information. The standards of the EU General Data Protection Regulation (GDPR) and the case law of the Court of Justice of the European Union are examined as key reference points for the harmonisation of national legislation.
The main gaps in the current legislation are identified: an excessively broad range of persons entitled to special access to registry data; the absence of a legislatively enshrined «privacy by default” principle; and the fragmented regulation of cross-border transfers of registry data. Proposals are formulated regarding the differentiation of legal access regimes for registry data, the codification of information legislation, and the strengthening of cybersecurity measures at the normative level.
Downloads
References
1. Zadereiko, O. V., Trofymenko, O. H., Yelenych, S. I., Lohinova, N. I., & Hura, V. I. (2025). Systemnyi analiz zakhyshchenosti derzhavnykh elektronnykh reiestriv ta baz personalnykh danykh [System analysis of the security of state electronic registers and personal data databases]. Kiberbezpeka: osvita, nauka, tekhnika – Cybersecurity: education, science, technology, 4(28), 57–70. Retrieved from https://doi.org/10.28925/2663-4023.2025.28.735 [in Ukrainian]
2. Elektronni reiestry: stan v Ukraini [Electronic registers: the state in Ukraine]. (2021). Kyiv: NAN Ukrainy, Instytut demohrafii ta sotsialnykh doslidzhen im. M. V. Ptukhy. Retrieved from https://www.idss.org.ua/arhiv/registers3.pdf [in Ukrainian]
3. Hladun, O. M., Puhachova, M. V., & Vynohradova, M. V. (2021). Elektronni reiestry: zarubizhnyi dosvid formuvannia ta vykorystannia [Electronic registers: foreign experience of formation and use]. Kyiv: NAN Ukrainy, Instytut demohrafii ta sotsialnykh doslidzhen im. M. V. Ptukhy. Retrieved from https://idss.org.ua/arhiv/registers.pdf [in Ukrainian]
4. Teremetskyi, V. I. (2015). Zahalna kharakterystyka okhorony bazy personalnykh danykh za zakonodavstvom Ukrainy [General characteristics of personal data database protection under the legislation of Ukraine]. Pidpryiemnytstvo, hospodarstvo i pravo – Business, Economics and Law, 11, 3–5 [in Ukrainian]
5. Teremetskyi, V. I. (2015). Subiekty vidnosyn, poviazanykh z personalnymy danymy [Subjects of relations related to personal data]. Pravo i bezpeka – Law and Security, 2(57), 171–176 [in Ukrainian]
6. Teremetskyi, V. I., & Tsviriuk, D. V. (2014). Zastosuvannia zarubizhnoho dosvidu pravovoho zakhystu personalnykh danykh v Ukraini [Application of foreign experience of legal protection of personal data in Ukraine]. Chasopys Akademii advokatury Ukrainy – Journal of the Ukrainian Bar Association, 7(2), 73–82. Retrieved from http://nbuv.gov.ua/UJRN/Chaau_2014_7_2_11 [in Ukrainian].
7. Kasperskyi, I. P. (2022). Problemy zabezpechennia pryntsypiv zakhystu personalnykh danykh u protsesakh tsyfrovoi transformatsii [Problems of ensuring the principles of personal data protection in the processes of digital transformation]. Sotsialna i tsyfrova transformatsiia: teoretychni ta praktychni problemy pravovoho rehuliuvannia: materialy II vseukr. nauk.-prakt. konf. (Kyiv, 2022, Hruden 25) – Social and Digital Transformation: Theoretical and Practical Issues in Legal Regulation: Proceedings of the 2nd All-Ukrainian Scientific and Practical Conference (Kyiv, 2022, December 25), 33–37 [in Ukrainian]
8. Osyka, Yu. V. (2023). Pravove rehuliuvannia vykorystannia personalnykh danykh [Legal regulation of the use of personal data]. Irpinskyi yurydychnyi chasopys – Irpin Law Journal, 3(12), 343–351. Retrieved from https://doi.org/10.33244/2617-4154.3(12).2023.343-351 [in Ukrainian]
9. Maslak, N. V. (2024, December 19). Vidkrytist ta dostupnist publichnykh elektronnykh reiestriv Ukrainy: perevahy ta vyklyky na shliakhu aproksymatsii acquis communautaire Yevropeiskoho Soiuzu [Openness and accessibility of public electronic registers of Ukraine: advantages and challenges on the way to approximation of the acquis communautaire of the European Union]. Yevropeizatsiia kryminalnoho prava Ukrainy: materialy mizhnar. nauk. konf., 2024, 19 Hrubnia – The Europeanisation of Ukrainian Criminal Law: Proceedings of the International Scientific Conference, 19 December 2024, 253–257 [in Ukrainian]
10. Verkhovna Rada Ukrainy (2010, June 1). Pro zakhyst personalnykh danykh: Zakon Ukrainy № 2297-VI [On Personal Data Protection: Law of Ukraine No. 2297-VI]. Retrieved from https://zakon.rada.gov.ua/laws/show/2297-17#Text [in Ukrainian]
11. Verkhovna Rada Ukrainy (1992, October 2). Pro informatsiiu: Zakon Ukrainy №2657-XII [On Information: Law of Ukraine No. 2657-XII]. Retrieved from https://zakon.rada.gov.ua/laws/show/2657-12#Text [in Ukrainian]
12. Verkhovna Rada Ukrainy. (2021, November 18). Pro publichni elektronni reiestry: Zakon Ukrainy № 1907-IX [On Public Electronic Registers: Law of Ukraine No. 1907-IX]. Retrieved from https://zakon.rada.gov.ua/laws/show/1907-20#Text [in Ukrainian]
13. Court of Justice of the European Union. (2022, November 22). Luxembourg Business Registers, Case C-37/20 [Judgment in case C-37/20]. Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:62020CJ0037 [in English]
14. Paziuk, A., & Slabko, T. (2024). Vykorystannia komertsiinykh khmarnykh tekhnolohii dlia obrobky danykh derzhavnykh reiestriv Ukrainy [The use of commercial cloud technologies for processing data from state registers of Ukraine]. Retrieved from https://www.ifesukraine.org/wp-content/uploads/2024/01/ifes-ukraine-the-use-of-commercial-cloud-technologies-for-processing-data-from-state-registers-of-ukraine-1.pdf [in Ukrainian]
15. Verkhovna Rada Ukrainy. (n.d.). Proekt Zakonu pro vnesennia zmin do Kryminalnoho kodeksu Ukrainy shchodo vstanovlennia kryminalnoi vidpovidalnosti za nesanktsionovane vtruchannia, zbut abo rozpovsiudzhennia informatsii, shcho obrobliaietsia v publichnykh elektronnykh reiestrakh, ta posylennia kryminalnoi vidpovidalnosti pid chas dii voiennoho stanu za kryminalni pravoporushennia u sferi vykorystannia informatsiino-komunikatsiinykh system [Draft Law on Amendments to the Criminal Code of Ukraine regarding the establishment of criminal liability for unauthorized interference, sale or dissemination of information processed in public electronic registers, and strengthening criminal liability during martial law for criminal offenses in the field of use of information and communication systems]. Retrieved from https://itd.rada.gov.ua/billinfo/Bills/Card/43139 [in Ukrainian]
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
