The Law on Information of Turkmenistan explicitly excludes certain national security and law enforcement activities from its scope of application.

Text of Relevant Provisions

The Law on Information Art.3(3)(4):

"3. The act of this Law does not apply to relations arising in the following cases:> personal data is collected, processed and protected in the course of intelligence, counter-intelligence and reconnaissance activities, as well as security measures to ensure the safety of protected persons and facilities, as prescribed by the laws of Turkmenistan."

Original (Turkmen):

"3. Şu Kanunyň hereketi şu halatlarda döreýän gatnaşyklara degişli edilmeýär:> 4şahsy maglumatlar Türkmenistanyň kanunlary bilen bellenilen razwedka, kontrrazwedka we dessin-agtaryş işleriniň, şeýle hem goralýan şahslaryň we desgalaryň howpsuzlygyny üpjün etmek boýunça gorag çärelerini amala aşyrmagyň dowamynda ýygnalanda, işlenip taýýarlananda we goralanda."

Analysis of Provisions

Article 3 of the Law on Information outlines the scope of the law, and Article 3(3) specifically lists situations where the law does not apply. Within these exceptions, Article 3(3)(4) exempts the collection, processing, and protection of personal data when conducted in the course of:

• Intelligence, counter-intelligence, and reconnaissance activities: This broadly encompasses activities undertaken by state agencies to gather and analyze information related to national security threats, both domestically and internationally.
• Security measures to ensure the safety of protected persons and facilities: This refers to activities aimed at protecting individuals and locations deemed critical to national security or public safety. This could include government officials, critical infrastructure, or diplomatic missions.

The provision emphasizes that these activities must be "as prescribed by the laws of Turkmenistan," suggesting that there should be a legal basis for these activities under Turkmenistan law.

The rationale behind this exemption is likely to avoid hindering the State's ability to perform essential functions related to national security and public safety. These activities often involve processing personal data, and subjecting such processing to the full scope of data protection principles could potentially compromise intelligence gathering, law enforcement operations, or the safety of protected individuals and facilities.

Implications

The exemption for national security and related activities in Turkmenistan's Law on Information has several implications:

• Broad Exemption: The exemption is phrased broadly, potentially encompassing a wide range of data processing activities undertaken by various state agencies. This lack of specificity might create ambiguity regarding the scope of the exemption.
• Limited Transparency and Oversight: The law does not explicitly mandate specific safeguards, transparency obligations, or independent oversight mechanisms for data processing activities falling under this exemption. This raises concerns about potential for abuse and lack of accountability.
• Impact on Data Subject Rights: Individuals whose data is processed under this exemption may have limited or no recourse to exercise their data subject rights under the law. This underscores the importance of clear legal frameworks and oversight mechanisms for data processing in these sensitive areas.
• Challenges for Businesses: Businesses operating in Turkmenistan, particularly those involved in sectors with potential connections to national security or critical infrastructure protection, may face challenges in navigating this exemption. They need to be aware of the potential applicability of this exemption to their activities or those of their clients.