Personal Data in Surveys: Law and Ethics in Uzbekistan

Field research is the collection of personal data at industrial scale. Over a single project your team gathers the names, addresses, phone numbers, ages, incomes, health conditions, political views, and religious beliefs of thousands of people — and it does so in strangers' homes, through interviewers you cannot personally supervise every second. In Uzbekistan this work is regulated by law, and a breach is not only a reputational but a legal risk. This article is a practical walk-through of what a data-collection team must get right — both by the letter of the law and by the ethics of the profession.

An important caveat up front: this is general information, not legal advice. Personal-data regulation in Uzbekistan is changing actively across 2025–2026, and before you design a storage architecture or launch a large project, the specific requirements must be confirmed with qualified counsel.

The Law "On Personal Data": the frame you work inside

The core document is the Law of the Republic of Uzbekistan "On Personal Data" No. ZRU-547, adopted on 2 July 2019 and in force since 1 October 2019. For a researcher it translates into a handful of practical duties that stay stable regardless of the ongoing reforms.

• A lawful basis and the data subject's consent. You need a legal basis for processing, and in survey work that is almost always the respondent's consent — voluntary, informed, and given before collection begins.
• Purpose limitation. Data is gathered for a specific, stated purpose. Having surveyed someone "for dairy-market research," you may not reuse their contact a year later for a political phone campaign.
• Data minimization. Collect only what the purpose requires. If the analysis needs neither an exact address nor passport details — don't ask for them.
• Accuracy. Data must be reliable and updated where necessary.
• Security measures. A duty to protect data technically and organizationally — from the interviewer's device to the final export.

These five principles are the foundation. They don't depend on where the server physically sits and don't shift from reform to reform. They are where any project should begin.

It helps to separate two layers of duty straight away. The first is the legal minimum, checked by the regulator and carrying liability for breach. The second is research ethics, whose floor is broader than the law: it covers things that are technically legal but destroy respondents' trust and the agency's reputation. A serious team holds both layers, because over the long run it is reputation that decides whether the next mahalla opens its door to you at all.

Respondent consent: what it means in the field

Consent is not a signature at the end of the questionnaire "for the record." In research practice, informed consent means the person understood three things before the interview: who is collecting the data, why, and what happens to it next. And understood them in their own language.

This is where the Uzbek specifics begin. Consent read out in Russian to a respondent in the rural Fergana Valley or a Karakalpak village is legally and ethically doubtful: the person did not grasp what they were agreeing to. So the consent statement must exist and be read out:

• in Russian — in Tashkent and for urban, older, professional respondents;
• in Uzbek — in the valley and the rural south, where Russian is weaker;
• in Karakalpak — in Karakalpakstan, where it is a separate official language;
• in Tajik — in Samarkand and Bukhara, where a meaningful share is more comfortable in Tajik.

A good opening consent briefly states: the organization or project name, the survey's purpose, the voluntary nature of participation and the right to stop at any time, the anonymity or confidentiality of the answers, and — if you plan a callback for quality control — that the respondent may be contacted again. That last point matters especially: a back-check without warning of a possible repeat contact undermines both the consent and the trust.

There are purely field-level subtleties that are often missed. Uzbek hospitality and respect for authority work against the cleanliness of consent: a respondent may agree not because they have consciously decided to take part but because it feels rude to refuse a guest, or because "the raisi said so." Formally the box is ticked — but that is not the voluntary consent the law has in mind. Interviewers should be trained to tell a polite "all right then" from genuine consent and to voice the right to refuse in a way the person actually hears. A separate case is consent for other household members: the head of the family cannot "give consent" for an adult daughter or daughter-in-law; consent comes from the person being surveyed.

Consent obtained in a language the respondent doesn't really understand is not consent. In Uzbekistan's multilingual field, the consent text must live in all of the project's working languages, not only the client's.

Embedding the consent block at the start of the instrument and making it a mandatory screen is a task of the questionnaire design stage. Digital collection gives an advantage here: the fact and time of consent are recorded together with the interview.

Registering the personal-data database

One duty professionals often forget is the registration of a personal-data database in the State Register. The register is kept by the State Personalization Center under the Cabinet of Ministers; the procedure takes up to roughly 15 days, with exemptions for certain categories.

The practical meaning for a research organization: if you systematically maintain respondent databases — panels, longitudinal samples, contacts accumulated for repeat waves — that generally falls under the registration requirement. A one-off anonymized measurement and a standing contact database are, from the law's standpoint, different situations. Where exactly the line falls for your activity is worth establishing in advance: registration is not instantaneous, and it should be built into project timelines, not handled in a rush.

In practice this means a simple planning discipline. If your business model is a household panel you re-survey wave after wave, or a CATI base accumulated over years, the registration and the rules for working with that base should be formalized before it grows large. It is far worse to discover an unregistered base of tens of thousands of contacts after the fact, under inspection, than to set the procedure up at the start. Ask counsel which of your data sets fall under the requirement, which categories are exempt, and in what form the notification is filed — and keep this work in the same row as the contract and instrument sign-off, not for later.

Who enforces it: Uzkomnazorat and liability

Oversight and control of personal data is carried out by Uzkomnazorat — the state inspectorate for control in informatization and telecommunications. It keeps a register of violators, and liability for breaches is provided under administrative and criminal law.

For a research team this means something simple: data protection is not a voluntary "best practice" but a duty with legal consequences. A leaked respondent database, the transfer of contacts to third parties without a basis, collection without consent — all of this sits in the plane of liability, not only of ethics. So data security deserves the same seriousness you give to sample quality.

The most frequent "everyday" risks in field teams are not hacker attacks but human carelessness: respondent lists in shared messenger chats, export files with phone numbers forwarded without a password, interviewers' personal devices holding an unprotected copy of the base, contacts saved "just in case" and reused in the next project without fresh consent. Each of these episodes is a potential breach. Good internal discipline — who has access to personal data, how it is transferred, when it is deleted — removes most of the risk well before a regulator takes an interest.

Data localization: the principle holds, the details move

A separate and currently the most "moving" question is data localization. Since 2021 the law required that the personal data of Uzbek citizens be processed on servers physically located in Uzbekistan. This is the principle to keep in mind when choosing a platform and a storage architecture.

But this very regime is under active reform across 2025–2026. Breach-notification rules in the financial sector were tightened by Presidential Decree PP-153 of 30 April 2025, and in 2026 a broader liberalization of cross-border transfer and localization rules is reported. In other words, the general frame holds, but the specifics are in motion.

The practical takeaway for a researcher is honest and cautious: proceed from the principle of in-country storage, but confirm the current requirement with counsel before you design where and how your respondents' data is stored. Don't build an architecture off a two-year-old article on the internet — in this area it may be out of date.

Why this matters especially right now. Many research teams reach by habit for foreign cloud tools — global survey services, foreign storage, spreadsheets in someone else's data center. While the localization requirement applies, that default choice can turn out to be a breach, even if it is technically more convenient. So the question "where do the data of Uzbek citizens physically sit" is not a formality but the first one to put to any platform vendor. And because this very rule is in motion now, the only honest advice is to rely on neither an old article nor this one: confirm the current edition with counsel and lock the decision into your architecture before the field starts, not after.

Field ethics: beyond the letter of the law

The law sets a floor. Professional research ethics goes further, and it is precisely what distinguishes a serious team. The core principles here are universal, but each has its own texture in the Uzbek field.

• Voluntariness. Participation is always the respondent's choice. Pressure through authority (for example, through the mahalla chairman) technically produces answers, but destroys both the ethics and the data quality.
• Confidentiality and anonymization. Hand analytics over de-identified: separate the identifiers (name, phone, exact address) from the substantive answers. The client usually needs aggregates, not personal data.
• Honesty about who the data is for. The respondent has a right to know, at least in general terms, who stands behind the survey. Disguising a commercial poll as a "social study" is a breach of trust.
• Security from the doorstep to export. Data is protected along the whole path: on the interviewer's device, at sync, on the server, and in the export file.

Special care: vulnerable groups and sensitive topics

Not all data is equal. Law and ethics single out special categories — health, religious and political views — and a distinct caution with minors.

• Minors. Surveying children and adolescents requires the consent of a parent or legal guardian, not just the child, and especially careful question wording.
• Sensitive topics. Health, income, religion, politics — things a person discloses with caution. In some regions (for instance, the politically sensitive context of Karakalpakstan) certain topics are best worded with extreme care or avoided. More on this in the piece on questionnaire design.
• Gender and access. In conservative households, a conversation with a woman on health or family topics is correctly led by a female interviewer — a matter of both ethics and quality.

The sensitivity of the data also shapes access logistics: the more delicate the topic, the more it matters to enter the mahalla correctly and secure local support. How that works in practice is covered in the piece on field logistics and access through the hokimiyat and the mahalla.

A distinct ethical trap of the Uzbek field is migration. In many households the adult men work in Russia or Kazakhstan, and it is their relatives who tell you about the absent person. Recording, from the wife's account, the income or health of a husband who has left, you are collecting the personal data of a third party who gave no consent. This has to be recognized: either the question is framed so that the third-party data is not personalized, or such a block is designed with particular care. The same applies to data on children, neighbors, and any people mentioned but not surveyed.

Where data physically lives: from the interviewer's device to export

Data protection is not a single password but a whole chain. In offline collection, data first lives on the interviewer's device: a phone or tablet that travels through mahallas, gets lost, breaks, ends up in the wrong hands. So it matters that the data on the device is protected and that, after sync, it doesn't sit in the open longer than necessary.

Then come sync (the transfer must be secured), storage on the server (where the localization question takes effect), and finally export to Excel or Word. Export is an underrated hole: the de-identified set for analytics and the full set with contacts are two different files with different access rights. The contacts for a back-check should not sit in the same table that goes to the client. How a reliable offline pipeline is built is covered in the piece on offline data collection.

What a platform helps with — and what it doesn't take off you

A well-chosen platform closes part of the duties technically. AISurvey stores data in-country, supports consent capture at the start of the interview, anonymized export, and access control within the team. That removes a significant share of the technical load — especially around localization, secure sync, and the separation of personal from analytical data.

But the platform does not do the legal and ethical work for you. Compliance is the researcher's responsibility, not the tool's. The platform gives you a consent screen — but you write the consent text in four languages and make it correct. It stores data in-country — but you ensure the database registration, the lawfulness of the basis, and the handling of vulnerable groups. How we process and protect data on the service side is described in the privacy policy.

Where the tool helps most is access control and the data lifecycle. Splitting rights within the team (who sees the personal fields and who sees only de-identified analytics) turns the minimization principle from a slogan into a setting. De-identified export by default removes the situation where a table of phone numbers accidentally goes to the client. And a single storage location does away with the zoo of copies in personal messengers and on interviewers' flash drives. But the decisions stay with you: which fields count as personal, who gets access, when to delete contacts once the project closes. A good tool makes the right behavior easy — it does not make it automatic.

If you're building a collection process from scratch and want consent, localization, and access control built in rather than bolted on the side, it makes sense to start by registering with AISurvey and assemble your first instrument with the right frame from the outset.

A short compliance checklist

1. State the collection purpose and the lawful basis (usually consent) before you start.
2. Prepare the consent text in all of the project's working languages (Russian, Uzbek, and where needed Karakalpak and Tajik).
3. Collect the minimum data for the purpose; don't ask for the superfluous.
4. Check whether the database needs registration in the State Register, and allow up to 15 days.
5. Make sure storage meets the current localization requirements — confirm with counsel.
6. Separate personal from analytical data; the export to the client is de-identified.
7. For minors and sensitive topics — separate rules for consent and wording.

And finally: use this text as a map, not a legal opinion. The regulation changes, and the final word belongs to qualified counsel familiar with the current edition of the law.