Kiri

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

TAIEX application form - INTPA PEER 2 PEER

1. Request

Type of event: Series of Events

Title of event series Strengthening the human rights oversight capacity of Mongolia in privacy and personal data protection

Partner country: Mongolia

Partner institution: National Human Rights Commission of Mongolia (NHRCM)

Date of submission: 17/01/2024

Objective of the request

Explanation of the current gaps in the area concerned and justify how and why public sector expertise could support to address these gaps. Please also list the workshops, expert missions and study visits that you would like to request within the above-mentioned project

As Mongolia, like many other nations, undergoes rapid digital transformation, safeguarding individuals' privacy and personal data has become more critical. With the proliferation of internet usage, social media platforms, and electronic transactions, the volume of personal data generated and shared online has skyrocketed. This vast digital landscape brings new challenges and risks to individuals' privacy. Meanwhile, a robust data protection regime ensures that citizens have confidence in the safety and security of their personal information when engaging with digital services. This trust is vital for promoting the widespread adoption of digital technologies and driving economic growth. By enhancing its oversight capacity, Mongolia can effectively address emerging privacy challenges, stay ahead of potential threats to data protection, and create a secure and trustworthy digital ecosystem that promotes innovation, economic growth, and societal well-being. In response to the rapid digital transformation, Mongolia has adopted laws to regulate digital activities and establish institutions to facilitate the digitalisation policy. Notably, a batch of legislation was adopted in December 2021, including the Law on Personal Data Protection. The present project titled 'Strengthening the Human Rights Oversight Capacity of Mongolia in Privacy and Personal Data Protection' is a crucial initiative led by the NHRCM. Its primary objective is to reinforce and enhance Mongolia's capacity to oversee and uphold the legal framework for personal data protection, ensuring the protection of individuals’ rights in an increasingly data-driven world. Through capacity building, this project aims to protect individual privacy rights, ensure effective data oversight, and align Mongolia with international privacy and data protection standards. 1. Capacity development workshop on Privacy and Data Protection; 2. Expert visit; 3. Study visit to Estonia

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

What is the objective and the expected outcome/s of the requested series of TAIEX events? The expected outcomes of this initiative include: 1) Improved legal framework: The initiative will help Mongolia develop and implement a comprehensive legal framework for personal data protection that is in line with international standards. 2) Strengthened institutional capacity: The initiative will help to strengthen the institutional capacity of the NHRCM and its partner institutions to effectively enforce the new legal framework. 3) Increased awareness: The initiative will raise awareness among the public, private sector, and civil society organizations about the importance of personal data protection and privacy rights. These outcomes are expected to contribute to the protection of personal data and privacy rights in Mongolia and to promote the country’s digital economy.

Validation Point: [email protected]

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

2. Applicant

Is the Partner country/beneficiary submitting the application? Yes

Did you consult/inform the EU Delegation in your country? Yes

Representative of Partner country institution submitting the application

Title (Ms, Mr): Mr First Name: Ganbat Family Name: Ganbold Ministry or Institution: National Human Rights Commission of Mongolia Function: Officer in Charge of the International Mechanisms City: Ulaanbaatar Country: Mongolia Office phone: +976-11320284 Email: [email protected]

Representative of EU Delegation in Partner Country coordinating the application

Title (Ms, Mr): Mr First Name: Arnaud Family Name: APPRIOU Ministry or Institution: European Union Delegation to Mongolia Function: Programme Manager City: Ulaanbaatar Country: Mongolia Office phone: +976 7511 5000 - ext.208 Email: [email protected]

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

3. Content

3.1 Beneficiaries

Please explain who are the direct (who will participate in the event(s)) and indirect beneficiaries (those who are not directly involved in the event(s) but will benefit from the expected outcome). Please describe which departments and stakeholders will take part and provide a justification.

The NHRCM and its partner institutions (The Ministry of Digital Development and Development, the Authority for Fair Competition and Consumer Protection, the Mongolian National Chamber of Commerce, e-Mongolia Academy, National Center for Comprehensive Development, MNSEC2023, Golomt Bank, UBCab LLC, TMK Energy, Digital Information LLC, Info Sec Plus LLC, Securezone LLC, Telecommunication Network LLC, Tridium e-Security LLC, MNCERT/C NGO, PwC, Nomin & Advocates LLP-д Partner, MDS Khanlex LLP are direct beneficiaries). Ordinary Mongolians who learn about privacy and benefit from data protection will receive indirect benefits.

3.5 Relevant policy framework (International, EU and national) Goal 16 - Peace, Justice and Strong Institutions,Goal 17 - Partnerships for the Goals

Please explain how this request fits in the overall cooperation between the EU and the partner country (Multi Annual Indicative Programme, Team Europe Initiatives, Global Gateway) and in the policies of the partner country (e.g. strategies, targets, ongoing reforms, etc.)

This request corresponds to cross-cutting themes of the Multi-Annual Indicative Programme (2021-2027), such as 'Digital Agenda' and 'Human Rights and Civil Society.' This request fits with the following programmes of Mongolia:Section 2.1.3.5 'The law on privacy and confidentiality shall be made more specific as of the definition of the information, which is to be considered private in respect to an individual’s or family’s correspondence, health and property. A list of the information to be considered private and documents that contain private information shall be developed, training among the staff of all organizations that deal with private information shall be conducted, and a pledge to protect the privacy of customers and clients shall be introduced in these organizations' of the National Action Plan for Human Rights, adopted by the 41st Resolution of the State Great Hural (Parliament) Mongolia in 2003.Section 4.1.2 'Create a legal environment that respects human rights, promotes e-governance, and regulates technological safety, and take PPPs into a new level of development', and Section 4.1.6 'Strengthen the information safety and security system that ensures the protection of national interests, the completeness, confidentiality and accessibility of public, individual and private sector information and increase its capacity' of the 'The Government of Mongolia’s Action Plan between 2020-2024', adopted by the 24th Resolution of the Parliament of Mongolia in 2020. Section 5.1.1 'Strengthen a national mechanism for the development, implementation, and monitoring of policy and legislation to ensure human rights, and increase its effectiveness' of the 'VISION-2050' Long-Term Development policy of Mongolia, adopted by the 52nd Resolution of the Parliament in 2020.

3.7 Requested event

Event Type: Workshop

Proposed indicative date of the

event: 01/04/2024

Expected number of participants: 40

Main topics and justification

Please explain (in bullet points) the topics and subareas that you would like to raise during the event. Explain

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

why this type of activity event would be the most suitable to address your needs. Qualified international experts, who are specialised in privacy law and data protection will train staff of the Commission and its partner institutions. The trainees will be carefully selected from the potential partners of the NHRCM, such as the Ministery of Digital Communications and Development the Authority for Fair Competition and Consumer Protection, the Mongolian National Chamber of Commerce and Industry, civil society, academia and the private sector, especially the ICT industry. The domestic experts will then form the base of the NHRCM's network of experts, who will collaborate in the Commission's work when needed. By bringing together experts from various sectors and organisations related to data protection, privacy, technology, and human rights, the NHRCM aims to leverage diverse perspectives and expertise to address the challenges and opportunities in the digital transition effectively. The training will ensure a privacy-aware culture within the NHRCM and equip staff and its partner institutions with the knowledge and skills to effectively collaborate with and support the Private Data Protection Unit of the NHRCM.The training will cover the following issues. 1) Technology and its Impact on Human Rights: a.Understanding the role of technology in society and its effects on human rights; b.Identifying potential risks and challenges posed by technology to human rights; c.Analysing real-world instances where technology has affected human rights positively or negatively; and d.Identifying best practices for integrating technology and human rights principles. 2) Digital Privacy and Data Protection: Understanding the importance of privacy and data protection in the digital world and the fundamentals of data protection, relevant laws (e.g., GDPR, CCPA), best practices, and case studies to illustrate real-world scenarios. 3) Digital Rights and Marginalised Communities: a. Exploring how technology affects vulnerable and marginalised groups; and b. Addressing digital divides and promoting digital inclusion. 4) Practical Skills for Protecting Human Rights in the Digital Age: a. Building digital security and privacy skills; b. Embedding privacy measures throughout the development lifecycle, making privacy an integral part of every project; c. Best practices to create a privacy-aware culture; d. Develop communication materials (e.g., newsletters, posters, videos) to raise awareness of data protection practices and their importance; and e.The latest privacy tools and technologies can aid them in their data protection efforts.

Event Type: Expert Mission

Proposed indicative date of the

event: 08/04/2024

Expected number of participants:

Main topics and justification

Please explain (in bullet points) the topics and subareas that you would like to raise during the event. Explain why this type of activity event would be the most suitable to address your needs.

Because the Mongolian Law on Personal Data Protection is based on the EU's Directive 2016/679, or GDPR, it is critical to invite EU experts who specialize in privacy and data protection, have experience with GDPR implementation, and have provided consultation on personal data protection and privacy issues to assess the Mongolian Law on Personal Data Protection and its implementation, whether it is in line with GDPR, and evaluate notions and knowledge among government and private sector stakeholders. Furthermore, visiting experts should identify legal gaps and deviations in implementation, evaluate the data process flow of the government information system on data privacy and protection solutions, and make recommendations for improvements to the data privacy and protection process and data breach incident response plan.

Event Type: Study Visit

Proposed indicative date of the

event: 19/08/2024

Expected number of participants: 15

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

Main topics and justification

Please explain (in bullet points) the topics and subareas that you would like to raise during the event. Explain why this type of activity event would be the most suitable to address your needs.

Estonia quickly embraced digital governance, starting in the 1990s after gaining independence from the Soviet Union. This early adoption allowed Estonia to build a robust and integrated digital infrastructure, consistently ranked high in various global indices for e-governance, digital innovation, and data protection. The country has stringent data protection laws and measures to safeguard citizens' personal information and implemented robust encryption techniques, data minimisation principles, and strict access controls to protect sensitive data. Estonia has invested significantly in developing robust cybersecurity infrastructure to protect citizens' data from cyber threats and attacks. Estonian citizens are highly engaged in digital governance, and there is a high level of trust in the government's handling of personal data, contributing to e-governance initiatives' success. As a post-socialist country, Mongolia has much to learn from the Estonian experience. The Estonian model was the roadmap of Mongolia's digitalisation policy and its implementation. In April 2022, the Ministry of Digital Development and Communication and the Estonian e- Governance Academy signed a memorandum of understanding to facilitate Mongolia's digital transformation.In collaboration with the Estonian Institute of Human Rights and the Estonian Data Protection Inspectorate, a study tour involving PDPU staff members will be organised in Estonia. The main objective of this study tour is to gain insights into Estonia's advanced practices in personal data protection and e-governance, to understand the legal and technical frameworks, and to learn from their experiences in privacy and personal data protection. The study tour is planned for seven days, including travel time and covers the following topics and activities: 1) Meetings with Government Agencies: Engage in discussions with relevant government agencies responsible for data protection and e-governance, such as the Estonian Data Protection Inspectorate and the e-Governance Academy. 2) Site Visits: Visit critical institutions and facilities that play a significant role in e-governance implementation, such as the Estonian Information System Authority and the X-Road infrastructure. 3) Interactive Sessions: Conduct workshops with experts on secure data storage, blockchain technology, digital signatures, and e-voting systems. 4) Case Studies: Analyse case studies of successful e-governance projects and their impact on citizens' lives, such as e-residency and digital healthcare, and their privacy features. 5) Discussions with Civil Society and Private Sector: Organise discussions with representatives from civil society organisations and private companies involved in data protection and e-governance initiatives. 6) Debriefing Session: Conduct a debriefing session with the delegation after returning from the study tour to discuss key takeaways, lessons learned, and action items for future implementation. 7) Follow-up Collaboration: Establish mechanisms for ongoing collaboration and knowledge exchange between the visiting delegation and Estonian counterparts.

4. Relation to other projects

4.1 Have you considered any other sources of funding for this request? If so, which ones and why was it not successful? (If partner country institution, please consult EUD)

No other financial sources were sought.

4.3 Is there any planned or currently running project financed by EU funds and/or other international programmes dealing with the issues covered by the request? Has any such project been implemented in the last two years? (If partner country institution, please consult EUD) No

Please provide details thereof

4.4 (If you are from an EU Delegation or an EU Institution) Will this request be followed up by a longer- term project and or concrete measures to ensure sustainability? Please develop further.

Mongolia claims to have a continental legal system, and its legislation has become more similar to that of Germany and the European Union after the democratic transition in 1990. In December 2021, the Mongolian Parliament passed the Personal Data Protection Law, which is modeled on the EU's GDPR. However, this law comprises 32 articles as

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

opposed to the GDPR's 99. According to analysts and experts Mongolian law is an abridged version of GDPR that, as Mongolian legislation always does, lacks procedural regulation. Following the TAIEX initiative, Mongolia will need to further cement regulations on digital space while also controlling hate speech, disinformation, and fake news in digital space while guaranteeing freedom of speech. Due to the upheaval of international relations recently, Mongolia was left in precarious situations between the competing powers fighting for dominance at the regional and global levels. Thus, as it keeps its democracy and prevails in human rights, it needs assistance from other than its neighbours, especially 'third neighbours', such as the EU. With the long-term assistance of the EU on legal reform and promotion of human rights, Mongolia will be a beacon of democracy in East Asia that will it disseminate to its neighbours.

5. Logistics

5.1 Member State administration(s) from which you wish to receive the expertise

Preferred Member State (if known - choice cannot always be guaranteed) Denmark,Estonia,Ireland

Preferred Member State Institution (if known). Briefly, explain your preference and if contact has started? The Danish Institute for Human Rights is a renowned human rights institution that specialised in human rights education and research in the world.

5.2 Preferred Member State(s)'s expert(s) - if known

Additional information (if required)

5.3 Contact person in Partner Country or in EU Delegation best suited for administrative questions and practical matters related to this event

Title (Ms, Mr): Mr First Name: Arnaud Family Name: APPRIOU Institution/EU Delegation: European Union Delegation to Mongolia Function: Programme Manager

Office address: Office: ICC Tower, 9th floor, Jamiyan Gun Street 9 1st khoroo, Sukhbaatar district,

Office number: Postcode: 14240 City: Ulaanbaatar Country: Mongolia Office phone: +976 7511 5000 - ext.208 Email: [email protected]

5.4 Contact person for the evaluation of the impact of TAIEX - INTPA PEER 2 PEER assistance

As part of our quality improvement effort, we conduct an evaluation survey. We kindly ask you to provide a contact person who can provide feedback after the implementation of the event on behalf of the partner country administration

[email protected]

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

Please Note: The information contained in this form will be made available on-line to the Permanent Representation, or Mission of your country in Brussels. All applications received directly from administrations of beneficiaries will be forwarded to the EU Delegation / Office concerned for a preliminary evaluation. This application form has a validity period of two years from the date that it was submitted; TAIEX reserves the right to cancel any event that has not been implemented within the two year period.

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

TAIEX application form - INTPA PEER 2 PEER

1. Request

Type of event: Series of Events

Title of event series Strengthening the human rights oversight capacity of Mongolia in privacy and personal data protection

Partner country: Mongolia

Partner institution: National Human Rights Commission of Mongolia (NHRCM)

Date of submission: 17/01/2024

Objective of the request

Explanation of the current gaps in the area concerned and justify how and why public sector expertise could support to address these gaps. Please also list the workshops, expert missions and study visits that you would like to request within the above-mentioned project

As Mongolia, like many other nations, undergoes rapid digital transformation, safeguarding individuals' privacy and personal data has become more critical. With the proliferation of internet usage, social media platforms, and electronic transactions, the volume of personal data generated and shared online has skyrocketed. This vast digital landscape brings new challenges and risks to individuals' privacy. Meanwhile, a robust data protection regime ensures that citizens have confidence in the safety and security of their personal information when engaging with digital services. This trust is vital for promoting the widespread adoption of digital technologies and driving economic growth. By enhancing its oversight capacity, Mongolia can effectively address emerging privacy challenges, stay ahead of potential threats to data protection, and create a secure and trustworthy digital ecosystem that promotes innovation, economic growth, and societal well-being. In response to the rapid digital transformation, Mongolia has adopted laws to regulate digital activities and establish institutions to facilitate the digitalisation policy. Notably, a batch of legislation was adopted in December 2021, including the Law on Personal Data Protection. The present project titled 'Strengthening the Human Rights Oversight Capacity of Mongolia in Privacy and Personal Data Protection' is a crucial initiative led by the NHRCM. Its primary objective is to reinforce and enhance Mongolia's capacity to oversee and uphold the legal framework for personal data protection, ensuring the protection of individuals’ rights in an increasingly data-driven world. Through capacity building, this project aims to protect individual privacy rights, ensure effective data oversight, and align Mongolia with international privacy and data protection standards. 1. Capacity development workshop on Privacy and Data Protection; 2. Expert visit; 3. Study visit to Estonia

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

What is the objective and the expected outcome/s of the requested series of TAIEX events? The expected outcomes of this initiative include: 1) Improved legal framework: The initiative will help Mongolia develop and implement a comprehensive legal framework for personal data protection that is in line with international standards. 2) Strengthened institutional capacity: The initiative will help to strengthen the institutional capacity of the NHRCM and its partner institutions to effectively enforce the new legal framework. 3) Increased awareness: The initiative will raise awareness among the public, private sector, and civil society organizations about the importance of personal data protection and privacy rights. These outcomes are expected to contribute to the protection of personal data and privacy rights in Mongolia and to promote the country’s digital economy.

Validation Point: [email protected]

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

2. Applicant

Is the Partner country/beneficiary submitting the application? Yes

Did you consult/inform the EU Delegation in your country? Yes

Representative of Partner country institution submitting the application

Title (Ms, Mr): Mr First Name: Ganbat Family Name: Ganbold Ministry or Institution: National Human Rights Commission of Mongolia Function: Officer in Charge of the International Mechanisms City: Ulaanbaatar Country: Mongolia Office phone: +976-11320284 Email: [email protected]

Representative of EU Delegation in Partner Country coordinating the application

Title (Ms, Mr): Mr First Name: Arnaud Family Name: APPRIOU Ministry or Institution: European Union Delegation to Mongolia Function: Programme Manager City: Ulaanbaatar Country: Mongolia Office phone: +976 7511 5000 - ext.208 Email: [email protected]

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

3. Content

3.1 Beneficiaries

Please explain who are the direct (who will participate in the event(s)) and indirect beneficiaries (those who are not directly involved in the event(s) but will benefit from the expected outcome). Please describe which departments and stakeholders will take part and provide a justification.

The NHRCM and its partner institutions (The Ministry of Digital Development and Development, the Authority for Fair Competition and Consumer Protection, the Mongolian National Chamber of Commerce, e-Mongolia Academy, National Center for Comprehensive Development, MNSEC2023, Golomt Bank, UBCab LLC, TMK Energy, Digital Information LLC, Info Sec Plus LLC, Securezone LLC, Telecommunication Network LLC, Tridium e-Security LLC, MNCERT/C NGO, PwC, Nomin & Advocates LLP-д Partner, MDS Khanlex LLP are direct beneficiaries). Ordinary Mongolians who learn about privacy and benefit from data protection will receive indirect benefits.

3.5 Relevant policy framework (International, EU and national) Goal 16 - Peace, Justice and Strong Institutions,Goal 17 - Partnerships for the Goals

Please explain how this request fits in the overall cooperation between the EU and the partner country (Multi Annual Indicative Programme, Team Europe Initiatives, Global Gateway) and in the policies of the partner country (e.g. strategies, targets, ongoing reforms, etc.)

This request corresponds to cross-cutting themes of the Multi-Annual Indicative Programme (2021-2027), such as 'Digital Agenda' and 'Human Rights and Civil Society.' This request fits with the following programmes of Mongolia:Section 2.1.3.5 'The law on privacy and confidentiality shall be made more specific as of the definition of the information, which is to be considered private in respect to an individual’s or family’s correspondence, health and property. A list of the information to be considered private and documents that contain private information shall be developed, training among the staff of all organizations that deal with private information shall be conducted, and a pledge to protect the privacy of customers and clients shall be introduced in these organizations' of the National Action Plan for Human Rights, adopted by the 41st Resolution of the State Great Hural (Parliament) Mongolia in 2003.Section 4.1.2 'Create a legal environment that respects human rights, promotes e-governance, and regulates technological safety, and take PPPs into a new level of development', and Section 4.1.6 'Strengthen the information safety and security system that ensures the protection of national interests, the completeness, confidentiality and accessibility of public, individual and private sector information and increase its capacity' of the 'The Government of Mongolia’s Action Plan between 2020-2024', adopted by the 24th Resolution of the Parliament of Mongolia in 2020. Section 5.1.1 'Strengthen a national mechanism for the development, implementation, and monitoring of policy and legislation to ensure human rights, and increase its effectiveness' of the 'VISION-2050' Long-Term Development policy of Mongolia, adopted by the 52nd Resolution of the Parliament in 2020.

3.7 Requested event

Event Type: Workshop

Proposed indicative date of the

event: 01/04/2024

Expected number of participants: 40

Main topics and justification

Please explain (in bullet points) the topics and subareas that you would like to raise during the event. Explain

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

why this type of activity event would be the most suitable to address your needs. Qualified international experts, who are specialised in privacy law and data protection will train staff of the Commission and its partner institutions. The trainees will be carefully selected from the potential partners of the NHRCM, such as the Ministery of Digital Communications and Development the Authority for Fair Competition and Consumer Protection, the Mongolian National Chamber of Commerce and Industry, civil society, academia and the private sector, especially the ICT industry. The domestic experts will then form the base of the NHRCM's network of experts, who will collaborate in the Commission's work when needed. By bringing together experts from various sectors and organisations related to data protection, privacy, technology, and human rights, the NHRCM aims to leverage diverse perspectives and expertise to address the challenges and opportunities in the digital transition effectively. The training will ensure a privacy-aware culture within the NHRCM and equip staff and its partner institutions with the knowledge and skills to effectively collaborate with and support the Private Data Protection Unit of the NHRCM.The training will cover the following issues. 1) Technology and its Impact on Human Rights: a.Understanding the role of technology in society and its effects on human rights; b.Identifying potential risks and challenges posed by technology to human rights; c.Analysing real-world instances where technology has affected human rights positively or negatively; and d.Identifying best practices for integrating technology and human rights principles. 2) Digital Privacy and Data Protection: Understanding the importance of privacy and data protection in the digital world and the fundamentals of data protection, relevant laws (e.g., GDPR, CCPA), best practices, and case studies to illustrate real-world scenarios. 3) Digital Rights and Marginalised Communities: a. Exploring how technology affects vulnerable and marginalised groups; and b. Addressing digital divides and promoting digital inclusion. 4) Practical Skills for Protecting Human Rights in the Digital Age: a. Building digital security and privacy skills; b. Embedding privacy measures throughout the development lifecycle, making privacy an integral part of every project; c. Best practices to create a privacy-aware culture; d. Develop communication materials (e.g., newsletters, posters, videos) to raise awareness of data protection practices and their importance; and e.The latest privacy tools and technologies can aid them in their data protection efforts.

Event Type: Expert Mission

Proposed indicative date of the

event: 08/04/2024

Expected number of participants:

Main topics and justification

Please explain (in bullet points) the topics and subareas that you would like to raise during the event. Explain why this type of activity event would be the most suitable to address your needs.

Because the Mongolian Law on Personal Data Protection is based on the EU's Directive 2016/679, or GDPR, it is critical to invite EU experts who specialize in privacy and data protection, have experience with GDPR implementation, and have provided consultation on personal data protection and privacy issues to assess the Mongolian Law on Personal Data Protection and its implementation, whether it is in line with GDPR, and evaluate notions and knowledge among government and private sector stakeholders. Furthermore, visiting experts should identify legal gaps and deviations in implementation, evaluate the data process flow of the government information system on data privacy and protection solutions, and make recommendations for improvements to the data privacy and protection process and data breach incident response plan.

Event Type: Study Visit

Proposed indicative date of the

event: 19/08/2024

Expected number of participants: 15

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

Main topics and justification

Please explain (in bullet points) the topics and subareas that you would like to raise during the event. Explain why this type of activity event would be the most suitable to address your needs.

Estonia quickly embraced digital governance, starting in the 1990s after gaining independence from the Soviet Union. This early adoption allowed Estonia to build a robust and integrated digital infrastructure, consistently ranked high in various global indices for e-governance, digital innovation, and data protection. The country has stringent data protection laws and measures to safeguard citizens' personal information and implemented robust encryption techniques, data minimisation principles, and strict access controls to protect sensitive data. Estonia has invested significantly in developing robust cybersecurity infrastructure to protect citizens' data from cyber threats and attacks. Estonian citizens are highly engaged in digital governance, and there is a high level of trust in the government's handling of personal data, contributing to e-governance initiatives' success. As a post-socialist country, Mongolia has much to learn from the Estonian experience. The Estonian model was the roadmap of Mongolia's digitalisation policy and its implementation. In April 2022, the Ministry of Digital Development and Communication and the Estonian e- Governance Academy signed a memorandum of understanding to facilitate Mongolia's digital transformation.In collaboration with the Estonian Institute of Human Rights and the Estonian Data Protection Inspectorate, a study tour involving PDPU staff members will be organised in Estonia. The main objective of this study tour is to gain insights into Estonia's advanced practices in personal data protection and e-governance, to understand the legal and technical frameworks, and to learn from their experiences in privacy and personal data protection. The study tour is planned for seven days, including travel time and covers the following topics and activities: 1) Meetings with Government Agencies: Engage in discussions with relevant government agencies responsible for data protection and e-governance, such as the Estonian Data Protection Inspectorate and the e-Governance Academy. 2) Site Visits: Visit critical institutions and facilities that play a significant role in e-governance implementation, such as the Estonian Information System Authority and the X-Road infrastructure. 3) Interactive Sessions: Conduct workshops with experts on secure data storage, blockchain technology, digital signatures, and e-voting systems. 4) Case Studies: Analyse case studies of successful e-governance projects and their impact on citizens' lives, such as e-residency and digital healthcare, and their privacy features. 5) Discussions with Civil Society and Private Sector: Organise discussions with representatives from civil society organisations and private companies involved in data protection and e-governance initiatives. 6) Debriefing Session: Conduct a debriefing session with the delegation after returning from the study tour to discuss key takeaways, lessons learned, and action items for future implementation. 7) Follow-up Collaboration: Establish mechanisms for ongoing collaboration and knowledge exchange between the visiting delegation and Estonian counterparts.

4. Relation to other projects

4.1 Have you considered any other sources of funding for this request? If so, which ones and why was it not successful? (If partner country institution, please consult EUD)

No other financial sources were sought.

4.3 Is there any planned or currently running project financed by EU funds and/or other international programmes dealing with the issues covered by the request? Has any such project been implemented in the last two years? (If partner country institution, please consult EUD) No

Please provide details thereof

4.4 (If you are from an EU Delegation or an EU Institution) Will this request be followed up by a longer- term project and or concrete measures to ensure sustainability? Please develop further.

Mongolia claims to have a continental legal system, and its legislation has become more similar to that of Germany and the European Union after the democratic transition in 1990. In December 2021, the Mongolian Parliament passed the Personal Data Protection Law, which is modeled on the EU's GDPR. However, this law comprises 32 articles as

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

opposed to the GDPR's 99. According to analysts and experts Mongolian law is an abridged version of GDPR that, as Mongolian legislation always does, lacks procedural regulation. Following the TAIEX initiative, Mongolia will need to further cement regulations on digital space while also controlling hate speech, disinformation, and fake news in digital space while guaranteeing freedom of speech. Due to the upheaval of international relations recently, Mongolia was left in precarious situations between the competing powers fighting for dominance at the regional and global levels. Thus, as it keeps its democracy and prevails in human rights, it needs assistance from other than its neighbours, especially 'third neighbours', such as the EU. With the long-term assistance of the EU on legal reform and promotion of human rights, Mongolia will be a beacon of democracy in East Asia that will it disseminate to its neighbours.

5. Logistics

5.1 Member State administration(s) from which you wish to receive the expertise

Preferred Member State (if known - choice cannot always be guaranteed) Denmark,Estonia,Ireland

Preferred Member State Institution (if known). Briefly, explain your preference and if contact has started? The Danish Institute for Human Rights is a renowned human rights institution that specialised in human rights education and research in the world.

5.2 Preferred Member State(s)'s expert(s) - if known

Additional information (if required)

5.3 Contact person in Partner Country or in EU Delegation best suited for administrative questions and practical matters related to this event

Title (Ms, Mr): Mr First Name: Arnaud Family Name: APPRIOU Institution/EU Delegation: European Union Delegation to Mongolia Function: Programme Manager

Office address: Office: ICC Tower, 9th floor, Jamiyan Gun Street 9 1st khoroo, Sukhbaatar district,

Office number: Postcode: 14240 City: Ulaanbaatar Country: Mongolia Office phone: +976 7511 5000 - ext.208 Email: [email protected]

5.4 Contact person for the evaluation of the impact of TAIEX - INTPA PEER 2 PEER assistance

As part of our quality improvement effort, we conduct an evaluation survey. We kindly ask you to provide a contact person who can provide feedback after the implementation of the event on behalf of the partner country administration

[email protected]

Contact details: Rue de la Loi 15, B-1000 Bruxelles/Wetstraat 15, B-1000 Brussel - Belgium - Office: L-15 04/091. Telephone: switchboard +32-2-229-67307. Email: [email protected]

Please Note: The information contained in this form will be made available on-line to the Permanent Representation, or Mission of your country in Brussels. All applications received directly from administrations of beneficiaries will be forwarded to the EU Delegation / Office concerned for a preliminary evaluation. This application form has a validity period of two years from the date that it was submitted; TAIEX reserves the right to cancel any event that has not been implemented within the two year period.