Iran takes first steps towards the protection of personal data
An Electronic Commerce Law has existed since 2004, and a Protection of Data and Privacy in the Cyber Space bill is now in the legislature. By Tayebeh Saheb of Modares University in Iran.
Efforts have been made in Iran to ensure the proper and effective protection of personal data processed in cyberspace. To this end, in 2004, the first rules on protection of personal data were laid down in the Electronic Commerce Law 2004. Recently, the Ministry of Communication and Information Technology has drafted a bill for the protection of personal data in cyberspace. The bill seeks to address the existing legal deficiencies and to protect personal data in line with recent developments around the world. The bill is currently in its early stages in the legislature.
Also, on 15 December 2016, President Rouhani issued the Charter of Citizenship Rights, the 12th section of which has been dedicated to the Right to Privacy. This document, however, is not legally binding. Therefore, the only legally binding rules for the protection of personal data in Iran are those provided for in the Electronic Commerce law of 2004, Chapter 3. Article 71 of the law also provides criminal sanctions for the violation of these provisions. Nonetheless, although protection of personal data in cyberspace has been a concern of Iranian lawmakers, chapter 3 of the law is quite brief and contains four articles (articles 58-61), only two of which (articles 58 & 59) deal with the substantive rules on data protection.