Mongolia Data Protection Law: Sectoral Exceptions Regulated by Other Laws

The factor of Sectoral Exceptions Regulated by Other Laws is used in determining the law's applicability by exempting data processing activities that are already governed by specific regulations with established data protection standards, thereby preventing duplicative regulation for sectors such as crime prevention, offense prevention, and traffic safety.

Text of Relevant Provisions

The Law on Personal Data Protection Art.3.5:

"3.5. This Law shall regulate relations other than those specified in the Law on Crime and Offense Prevention with respect to the installation of video recorders in publicly possessed streets, areas, squares, and public places in order to prevent from crime and offence or for ensuring the traffic safety."

The Law on Personal Data Protection Art.3.3.4:

"3.3.4. Disclosure of information as provided under the law."

Analysis of Provisions

The Law on Personal Data Protection of Mongolia includes provisions that exempt data processing activities regulated by other laws. For example, Art.3.5 specifies that the law does not apply to the installation of video recorders in public places for crime prevention, offense prevention, or traffic safety, as these activities are regulated by the Law on Crime and Offense Prevention.

Similarly, Art.3.3.4 exempts the disclosure of information as provided under the law, indicating that if there are existing legal provisions that govern the disclosure of personal data, the Law on Personal Data Protection will not apply.

Implications

The inclusion of these exemptions has significant implications for businesses in Mongolia. For example, a company that installs video recorders in public places for crime prevention purposes would not need to comply with the Law on Personal Data Protection for these activities, as they are regulated by the Law on Crime and Offense Prevention.

However, it is important to note that these exemptions only apply to the specific data processing activities regulated by these laws. If a business engages in data processing activities that are not regulated by these laws, they would still need to comply with the Law on Personal Data Protection.

For example, a company that processes personal data for marketing purposes would still need to comply with the Law on Personal Data Protection, even if they are exempt from the law for data processing activities related to crime prevention or traffic safety.