copy the linklink copied!Chapter 3. Mandate of the oversight body for access to information

copy the linklink copied!General objectives of the Commission

Resolution of the Government of the Republic of Kazakhstan of 31 December 2015 No. 1175 provides that: “5. The main objectives of the Commission shall include: 1) develop proposals on the issues of access to information; 2) consider proposals and review the practice of implementing the legislation of the Republic of Kazakhstan in social relations linked to access to information that does not relate to sensitive information; 3) develop recommendations based on the analysis of the practice of implementing the legislation of the Republic of Kazakhstan in social relations linked to access to information that does not relate to sensitive information.”

It should be noted that the terms of this article are quite abstract and need to be clarified to facilitate their application.

The CATI's jurisdiction is limited to access to information

As noted above, in certain OECD countries, legislation on access to information and on the protection of personal data is distinct, and different bodies oversee their implementation (e.g. France, Portugal, Italy). On the other hand, in several OECD countries, only one law or two laws apply to the right of access to information and the protection of personal data, but only one body is responsible for both legislations (e.g. UK, Germany, and Canada).

In Kazakhstan, the Parliament has passed two different laws: the Personal Data Protection Act and the ATIL. In accordance with the Law on Internal Affairs of the Republic of Kazakhstan, the institutions responsible for internal affairs ensure the protection of personal data. The CATI is therefore only competent for access to information, and it is incompetent for data protection. However, these provisions should not prevent the CATI from establishing relationships with institutions responsible for the enforcement of the Data Protection Act. More generally, the Kazakhstan government should consider establishing an institution to ensure the protection of personal data.

Relationship between access to information and data protection

The relationship between the right of access to information and the protection of personal data is very close, which explains why in most OECD countries, the same body is responsible for both. Even in the countries of this organisation where two different bodies deal with these domains, close cooperation exists and sometimes representatives of one body sit on the other. For instance, Italian law foresees that in the event of refusal of a request for access to documents for grounds of personal data protection, the Commission for Access to Administrative Documents must, before deciding on the applicant’s appeal, request the opinions and considerations of the Guarantor Authority for the Protection of Personal Data. The French Law of 7 October 2016 organised the cooperation between the data protection body, the Commission nationale de l'informatique et des libertés (CNIL) and the CADA. The presidents of both institutions now sit on both boards. Moreover, the CNIL and the CADA may, at the joint initiative of their chairs and when a subject of common interest justifies it, meet in a joint session as a single body.

As explained above, for the infringements of the law on personal data protection occurring in Kazakhstan, the prosecutor’s office is responsible for enforcing that law.

In summary, it is recommended that:

  • While respecting independence from the judiciary, establishing a regular exchange of information between the CATI and the Ministry of Justice on the application of the ATIL;

  • Creating close relations between the CATI and the institutions responsible for internal affairs to ensure the protection of personal data, and organising joint actions, such as the sharing of information and experiences.

Considering the creation of an entity in charge of personal data protection

As stated above, Kazakh law on Personal Data Protection did not establish a designated body to monitor the law’s implementation. In contrast, all OECD countries have set up such institutions. The tasks of these bodies are summarised as follows:

  • Informing people about their rights and obligations and helping them exercise their rights;

  • Regulating and identifying files and authorising the processing of the most sensitive data before their implementation;

  • Ensuring that citizens are informed of, and have easy access to the data contained in processing operations concerning them;

  • Monitoring compliance with the law;

  • Sanctioning violations of the law;

  • Understanding and anticipating developments in information technologies and being able to assess the consequences for the exercise of citizens’ rights and freedoms

International experiences, and those of OECD countries, show that such personal data protection institutions are indispensable because of the importance of data in people's lives and the risks that an improper data usage may entail for them and for the rule of law.

It is therefore recommended to establish an independent data protection institution in Kazakhstan.

copy the linklink copied!CATI’s activities

Activity and practical operations

Since the CATI’s inception in December 2015, meetings have taken place at least once every year. The meetings’ agendas have included discussions of the proposals of non-governmental organisations to amend and supplement legislation on access to information, including the Regulation on the Commission's Procedures, the strategy for the development of the “Open Government” web portals, the results of public monitoring of compliance with the Law on Access to Information, conducted by the Ministry of Information and Communications of the Republic of Kazakhstan.

Based on the results of the meetings, decisions were taken, aiming, among other things, at popularising the “Open Government” web portals among the population, providing information holders with access to information, providing online broadcasting of open meetings of the Houses of Parliament and elected councils on official Internet resources, and facilitating the adaptation of official Internet resources for users with disabilities.

In 2019, the CATI has planned to review the results of the on-going law enforcement analysis of the Law on Access to Information, considering inter alia the recommendations of the present report, the results of the audit of the information systems of state bodies, and the creation of a single platform for Internet resources of state bodies.

Operating rules of the CATI

As purely consultative body that does not hear appeals against the refusal of access to information, CATI’s operating rules are consistent with those of OECD countries.

Resolution of the Government of the Republic of Kazakhstan of 31 December 2015 No.1175 concerning the approval of the Regulation on the Rules of Procedure of the Commission for Access to Information is precise and clear:

  • Article 6: “[…] The Commission chairperson shall lead the work of the Commission, approve the agenda of a regular meeting of the Commission, convene its meetings, where necessary, sign the minutes of the Commission meetings.”

  • Article 9: “The Ministry shall be the working body of the Commission. The working body of the Commission in accordance with the procedure established by law shall: 1) provide organisational and technical support to the work of the Commission; 2) prepare proposals on the agenda of the Commission meeting, necessary documents and materials; 3) request necessary information from owners of information relevant to the activity of the Commission; 4) submit proposals for the improvement of the Commission activity to the Government of the Republic of Kazakhstan; 5) involve employees of other government authorities in its work, where necessary.”

  • Article 11: “Meetings of the Commission shall be held as necessary but no more than once a half-year.”

  • Article 12: “Based on the results of the Commission meetings the secretary of the Commission shall draw up the minutes to be signed by the chairperson or deputy chairperson of the Commission and the secretary of the Commission.”

  • Article 15: “Recording and storage of materials and protocol decisions of the Commission shall be maintained by the working body of the Commission”.

  • Article 14: “Decisions of the Commission shall be taken through open voting and considered adopted if the majority of the total membership of the Commission have voted for it.”

Procedure for preparing the meetings

The CATI’s agenda for an upcoming meeting is formed by its working body, i.e. the Ministry of Information and Communications, and approved by its Chairman. The agenda is based on issues arising during the Ministry’s activities in the field of access to information and law enforcement practices, as well as proposals from the CATI’s members or requests from individuals and legal entities to provide access to information made to the Ministry as the working body of the Commission.

Procedure for opinions

According to the Regulations on the procedure, the CATI’s members may independently submit proposals for the meeting’s agenda to the Ministry (without having to request the working body of the Commission, i.e., the Ministry). The draft agenda of the meeting is sent by the secretary to members three days before the CATI's meeting.

At the same time, according to the amendments made to the Regulation on the Commission’s procedure, if there will be decisions on the issues to be discussed at the meeting that are not provided for in the draft agenda, the secretary of the Commission shall draw up a new draft agenda that will be sent to the members of the Commission for voting. Thus, the opinions and decisions of the Commission’s members are fixed in the minutes of meeting.

Official procedure for the implementation of the CATI’s recommendations

The Commission’s decisions are of a recommendatory nature. Protocol decisions taken at the meeting of the Commission are sent for execution to state bodies and organisations. It must be noted that most of the decisions taken to date by the Commission concerned the Ministry itself.

In addition, according to the amendments being made to the Regulation on the Commission’s procedure, its Chairman exercises overall control over the implementation of its decisions.

OECD practice

In OECD countries and based on the principles of due process, it is possible to say that the proceedings before the oversight bodies guarantee:

  • the right to be heard by a competent, independent and impartial oversight body;

  • the right to a public hearing;

  • the right to be heard within a reasonable time;

  • the right to counsel;

  • the right to interpretation.

In these countries, depending on tradition and legislation, the oversight bodies establish formal procedures for the introduction, examination and decision on access to information, both for general matters and for those concerning one or more persons. To ensure the quality and impartiality of their individual decisions, the decision-making procedure adopted by oversight bodies, particularly collegial bodies or commissions, often resembles that of a court. Decision-making is guided by the following principles:

  • Oversight bodies’ operating rules are based on their own legislation and other relevant legislation.

  • Internal operating rules (oversight body internal rules, code of ethics, rules of procedure of the judging body) are adopted.

  • The meetings of the decision-making organisation of the oversight institution for access to information are held according to the agenda communicated in advance by the responsible authority; a secretariat prepares the documents for the meetings; the chairman directs the work; voting regulations are applied; a register of deliberations is drawn up; an individual from the oversight institution is appointed to implement the decision.

  • As regards individual cases, the procedure before the institution for access to information depends on the legal traditions of the OECD countries. The procedure may be written or oral. It is also very often conducted in the presence of both parties. This latter principle means that each party has the right to be informed of the other party’s arguments and submissions. It also implies that the decision of the supervisory bodies will only be based on findings of which the parties to the proceedings are aware. Finally, the procedure may be inquisitorial or adversarial. In the inquisitorial procedure (for instance, in France), the access to information oversight body conducts the investigation. In adversarial proceedings (for example, in Canada), the claimant and the respondent entity are equal, the oversight body being limited to arbitrating the dispute between the two parties.

In summary, it would therefore be advisable for the CATI to adopt the principles of due process. The CATI must enact clear and stable rules of procedure and an adversarial decision-making procedure, with the presence of a rapporteur who prepares the case under review, presents it, and does not take part in the vote on the case.

Similarly, it is recommended that the schedule and programme of meetings be made public, allowing all stakeholders to participate in the procedure. The CATI’s opinions should include all the legal and factual elements necessary for dealing with the subject. Moreover, the decision must be made public and accessible to all citizens. Finally, opinions received on the decisions must be made public as well.

Metadata, Legal and Rights

This document, as well as any data and map included herein, are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Extracts from publications may be subject to additional disclaimers, which are set out in the complete version of the publication, available at the link provided.

© OECD 2020

The use of this work, whether digital or print, is governed by the Terms and Conditions to be found at