Processing of personal data in Kazakhstan

2024:140 sellers of personal data detained in Kazakhstan, five of them arrested

In June 2025, employees of the Ministry of Internal Affairs of Kazakhstan, together with the National Security Committee, detained a group engaged in the illegal sale of personal data. The operation identified 140 suspects, five of whom were arrested.

According to the Ministry of Internal Affairs of the republic, the criminal group carried out the illegal sale of personal information of Kazakhstanis in the Internet space. Among the detainees are the owners of the company and administrators of Telegram channels through which confidential information was distributed.

𝓲

Фото: Freepik

The head of the cybercrime department of the Ministry of Internal Affairs, Zhandos Sүyіnbay, said that information was obtained from state bases and distributed through instant messengers. Personal data were transferred to individual collection companies for use in their activities.

During searches in collection companies, more than 400 units of computer and other electronic equipment were seized. The seized equipment will be used as an evidence base in the initiated criminal cases.

On the fact of illegal trade in personal data, criminal cases were initiated under several articles of the Criminal Code of Kazakhstan. Law enforcement officers qualified the actions of the group under the article of the 205 part of the 3 as illegal access to information.

Also, the defendants in the case were charged under article 147 of the 5 for violation of privacy and personal data legislation. The third charge was brought under article 211 of part 3 of the Criminal Code for the unlawful distribution of electronic resources of limited access.

Zhandos Sүyіnbay noted that work to establish a full circle of involved persons continues. Investigative actions are aimed at identifying all participants in the criminal scheme and determining the extent of damage from their activities.^[1]

2020: Kazakhstan approved the rules for the collection and processing of personal data

In November 2020, the order of the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan "On the approval of the rules for the collection and processing of personal data" came into force. The rules apply to relations arising between owners, operators, entities, as well as third parties in the process of collecting and processing personal data.

According to the document, the collection and processing by the owner or operator of personal data is allowed in the amount determined by the list of personal data necessary and sufficient to perform the tasks.

Kazakhstan approved the rules for the collection and processing of personal data

In this case, the list of personal data is determined and approved in accordance with the rules for determining the list of personal data by the owner or operator. The collection and processing by the owner or operator of personal data is allowed in the amount determined by the list of personal data necessary and sufficient to perform the tasks performed. In this case, the list of personal data is determined and approved in accordance with the rules for determining the list of personal data by the owner or operator.

Separately, it is said about the processing of personal data in the activities of courts. Thus, the texts of judicial acts of the Supreme Court of Kazakhstan, local and other courts, with the exception of the texts of judicial acts providing for provisions that contain information constituting a state or other secret protected by law, as well as judicial acts in cases considered in a closed trial, are placed on the services "Judicial Cabinet," "Bank of judicial acts" of the Internet resource of the Supreme Court in full.

To ensure the safety of participants in the trial and protect the secrets protected by law when collecting and using or distributing judicial acts by third parties, personal data are excluded (depersonalized) from them. At the same time, third parties undertake obligations to ensure compliance with the requirements of the law.^[2]

Notes