Authors: Gonzalo Zeballos, James Sherer, and Alan Pate

Ukraine privacy law is undergoing a dramatic shift with its introduction of new legislation, “On Amending Certain Legislative Acts of Ukraine Regarding Improving the System of Personal Data Protection,” enacted on July 3, 2013, with an enter-into-force date of January 1, 2014. This legislation abolishes the current State Service of Ukraine on Personal Data Protection, transferring its functions to the Human Rights Commissioner of the Parliament of Ukraine (Ombudsman). The overall shift to Ombudsman oversight and the creation of an independent authority for data protection issues brings Ukraine closer to compliance with European data protection standards, even though Ukraine is not a member state. Further changes incorporate the designation of “High Risk Data,” the processing of which carries requirements of notification to the Ombudsman, and consent requirements for the transfer of individuals’ data, with failures and breaches subject to civil and criminal penalties, including imprisonment of up to 5 years.