The rapid development of digital technology has transformed the communications sector, accelerating economic growth across many industries and improving the quality of life for millions. Yet alongside these advances, a less visible reality is emerging. Digital technologies, designed to collect, store, process and use vast amounts of information, also pose serious risks to human rights and fundamental freedoms, such as risks of which citizens are often unaware.
In today’s digital society, there is virtually no space where personal information is not recorded. Daily activities, movements, communications and even biometric data are increasingly captured through interconnected electronic systems. This raises a critical question: what happens when the state, entrusted with protecting citizens’ personal information, itself becomes a source of human rights violations and severe invasions of privacy under the banner of digitalization and digital governance?
For the past two years, the National Human Rights Commission of Mongolia (NHRCM) has been closely examining this concern. The commission is currently reviewing the preliminary findings of its nationwide inspection entitled “Human Rights and Technology,” with the final conclusions scheduled for public release at the end of next month.
Privacy, personal space and information security form the foundation of human dignity, safety and freedom when they are effectively protected. However, the NHRCM’s inspection indicates that the country’s system for collecting and transmitting data through electronic technologies remains underdeveloped. More importantly, the implementation of existing laws and regulations has proven inadequate. Human rights risks are often insufficiently assessed, and necessary protective mechanisms are not consistently applied.
These shortcomings were highlighted during the commission’s public inspection, which revealed significant gaps between technological advancement and the protection of fundamental rights. To better understand these findings, we spoke with Senior Specialist in the Personal Data Protection Department of the NHRCM B.Zamilan. He explained that the inspection, conducted between 2023 and 2025, examined 12 major sectors and 48 sub-areas, with the involvement of both national and international experts.
The initial findings and recommendations have been incorporated into the 24th Report on the Situation of Human Rights and Freedoms in Mongolia. The research assessed a wide range of issues related to digital transformation, including the human rights implications of electronic civil registration systems such as E-Mongolia, the protection of personal data in the telecommunications sector, the effectiveness of mechanisms enforcing the Law on Personal Data Protection, and the expanding use of surveillance technologies capable of monitoring and tracking individuals. It also examined the human rights risks associated with public surveillance cameras installed for traffic safety, as well as the growing digitalization of the healthcare sector and its impact on patient privacy.
According to the NHRCM, while digital transformation brings undeniable benefits, it must not undermine the fundamental rights it is meant to serve. Without robust legal enforcement, transparency and accountability, technology risks becoming an instrument of control rather than a tool for public service. The nation continues its transition toward a digital society, so the commission stresses that the protection of personal data and respect for human rights must be placed at the center of technological development. Only by doing so can innovation truly contribute to a secure, free and dignified society.
How government systems violate human rights
The study titled “Human Rights Risk Assessment in the Electronicization of Citizens’ Personal Data in the E-Mongolia System and Civil Registration” examined whether core human rights principles are respected in the collection, transmission, processing and use of citizens’ personal data within integrated public service systems. The findings revealed significant shortcomings. Most notably, third parties involved in transmitting personal data often lack a clear understanding of their responsibilities and legal obligations. Although a legal framework formally exists, its provisions remain incomplete and insufficient, creating conditions that enable human rights violations.
One clear example is the online registration and uncontrolled transmission of sensitive and confidential information such as ethnicity and nationality. Such data, by its very nature, requires heightened protection, yet current practices fail to ensure adequate safeguards. Furthermore, when the Law on the Protection of Personal Data was revised in 2021, related regulations were not amended accordingly. As a result, service providers such as Gerege, Kiosk, Dan and the E-Mongolia platform are not held accountable for errors or violations arising from the provision of public services and the handling of citizens’ personal data. In this context, the study emphasizes that the priority should not be to introduce additional laws, but rather to clarify, harmonize, and effectively implement existing legal and regulatory frameworks to ensure genuine protection of human rights.
The chapter on “Human Rights and Digital Technology” in the 24th Report on the Status of Human Rights and Freedoms in Mongolia was developed based on the preliminary findings of this public monitoring exercise and within the mandate granted under Article 24 of the Law on the Protection of Personal Data. Beyond identifying recurring human rights violations associated with the state’s electronic transition, the study also examined the Law on the Protection of Personal Data itself. As the primary legal safeguard in what is often described as the “oil” of the electronic age, the law was assessed in detail, and recommendations were proposed to strengthen its effectiveness.
Compared to previous years, Mongolia’s e-governance infrastructure has undoubtedly improved. The range and number of services have expanded, and a certain degree of openness has been achieved. A prominent example is the E-Mongolia system, introduced in 2020. By 2025, the platform is expected to provide 1,263 services from 88 state institutions and 1,300 services from 21 provincial-level local administrations to citizens and legal entities. Since its launch, an estimated 1.99 million users have accessed approximately 71 million services electronically, resulting in a total savings of 1.4 trillion MNT. These developments have contributed to improvements in e-governance indicators.
Despite these achievements, Mongolia’s information technology competitiveness remains below the global average. The Global Digital Competitiveness Report 2024 points out that this gap is largely due to weak technology adoption and usage, inadequate information protection and security, and limited capacity for data analysis and utilization. Most concerning is the fact that policies and actions aimed at ensuring human rights and fundamental freedoms have been largely overlooked in the development of e-governance management systems and infrastructure. This neglect persists despite the existence of nearly 70 policy documents related to electronic development approved since the 1990s.
In principle, the National Security Concept recognizes the protection of personal information as a vital issue and explicitly states that the collection, storage, use and transfer of personal data to third parties is prohibited except in cases permitted by law and with the individual’s consent. In practice, however, this principle has not been consistently implemented across all stages of electronic governance. Monitoring has been weak, and outcomes have not been systematically evaluated.
The public inspection on “Human Rights and Digital Technology” revealed that the numerous policy documents guiding electronic development fail to incorporate concrete measures to protect personal information, privacy, inviolability, freedom and protection from discrimination or inhumane treatment. Nor do they adequately address risk management. These findings mention the need to view safety, reliability and human rights protection not as one-time initiatives, but as continuous, evolving processes that must remain central to Mongolia’s digital transformation.
E-certificates may enable citizen tracking
The Law on the Protection of Personal Data currently has a limited scope in regulating relations between individuals, legal entities and organizations without legal status in the collection, processing, use and security of personal data. As previously noted, the law also lacks effective mechanisms for enforcement and for holding violators accountable. Moreover, several key regulatory instruments mandated by the law, such as requirements for ensuring information security during the collection, processing, and use of data, evaluation guidelines, and standards for data storage technologies, have yet to be approved. This regulatory vacuum has resulted in inconsistent institutional policies, weak implementation of existing rules, and a lack of continuity in data protection practices among organizations responsible for electronic information systems.
Although the development of information and communication technology-based public service platforms began as early as 2005, full-scale implementation occurred only 15 years later. As a result, human rights protection principles were never fully integrated into the core of electronic development strategies or into the accompanying legal and regulatory frameworks. The “Human Rights and Digital Technology” inspection found that institutions and officials responsible for building the national electronic infrastructure frequently underestimate or overlook human rights risks during technological transitions. This is often due to the mistaken assumption that such risks are addressed solely through the Law on the Protection of Personal Data.
One illustrative example is the digital issuance of vehicle certificates, where insufficient consideration was given to the potential infringement of fundamental rights such as inviolability and freedom, including the risk of tracking individuals through digital systems. Ensuring user safety requires that electronic devices, networks, software and algorithmic systems operate in a reliable manner that minimizes human rights risks. However, this principle has not been consistently applied in practice.
The report also highlights institutional challenges within organizations operating under the Ministry for Digital Development, Innovation and Communications. It notes that the functions of key bodies responsible for electronic services, cybersecurity, data management, telecommunications, and digital capacity building frequently overlap, are poorly coordinated, and lack a clear regulatory framework. This fragmentation weakens effective oversight and undermines the protection of individuals’ rights to privacy, inviolability, freedom, and information security as envisioned in Mongolia’s development policies.
In light of these findings, the NHRCM warned that merely advancing digital infrastructure is insufficient. Human rights protections must be explicitly reflected in e-development policy documents and, more importantly, effectively implemented in practice. Addressing these systemic gaps is not optional but a necessary reform in the digital era, where technological progress must be aligned with the protection of fundamental human rights.
