[GA - Passed] Protecting Personal Data

Status
Not open for further replies.
bowloftoast

bowloftoast

Not Just For Breakfast
Discord
bowloftoast

ga.jpg

Protecting Personal Data
Category: Regulation | Area of Effect: Consumer Protection
Proposed by: Marxist Germany | Onsite Topic
The World Assembly,

Appalled by the lack of a resolution regarding data protection;

Recognising the individuals' right to privacy;

Believing that businesses should not be able to collect data from a customer without the explicit consent of that customer as this is clearly a violation of the right to privacy;

Noting that minors are not fully mentally mature and are not capable of taking decisions on their own without the help of their guardians;

Seeking to protect customers from exploitation by businesses;

Hereby,

  1. Defines the following for the purpose of this resolution:
    1. A "Minor" as any sapient being under the age of majority;

    2. A "Guardian" as any legal guardian of a minor, or if none exist, the biological parent;

    3. "Personal Data" as any data that can be used to identify a sapient individual;

    4. A "User" as any sapient being who uses or has used the services of a business;


  2. Prohibits:
    1. Businesses from storing the personal data of any minor without the explicit consent of their guardian except when the business cannot identify the user's age;

    2. Businesses from using personal data collected from any individual to cause harm or severe distress to the individual the data belongs to;

    3. Governments of member states from viewing the data of a user without the explicit prior consent from both the business holding the data and the user that the data belongs to, except when the information is needed for a criminal investigation or trial and a search warrant has been issued;


  3. Mandates that:
    1. Businesses provide explicit information on how they will use a user's data in their terms of service;

    2. Businesses enable users to view the data that the aforementioned business holds on them unless the release of data would compromise the well-being of the user or others;

    3. Personal data processed for any purpose is not kept for longer than is necessary for that purpose unless the user consents to that explicitly and clearly;

    4. Businesses allow users to request the removal of their personal data, and act upon these requests unless there is a clear and very compelling safety or disciplinary reason to do otherwise;


  4. Requires that member states make a private right of action against businesses that don't follow the boundaries established in this resolution;

  5. Encourages member states to enact stricter laws to protect their citizens' privacy from businesses.
Click to expand...
Voting Instructions:
  • Vote For if you want the Delegate to vote For the resolution.
  • Vote Against if you want the Delegate to vote Against the resolution.
  • Vote Abstain if you want the Delegate to abstain from voting on this resolution.
  • Vote Present if you are personally abstaining from this vote.

Detailed opinions with your vote are appreciated and encouraged!
 
2.3 may be seen as problematic to some, but I'm fine with it. It seems to prevent government spying without search warrants. I'm not sure if warrants provided by a military tribunal - much like the FISA court that NSA has used in the past - count. This behavior has often been considered 'warantless' monitoring, however, as the NSA regularly does not inform the FISA court of precisely who it intends to monitor. I would therefore hold that this resolution would prevent such government action unless an official warrant is provided by a standard court following standard procedures.

3.2 - what sort of personal data would be considered to compromise the well-being of the user? If it's personal data, the user likely already knows the information, so how could finding what the business holds be considered harmful? And while I am all for protecting the privacy of others, the same argument applies to the latter half of 3.2 which allows businesses to withhold personal information that may compromise the well being of others. How exactly is 'personal data' defined?

Nonetheless, besides some questions I have with certain parts of the bill, I am mildly in favor unless anyone has a convincing argument against this resolution, at which point, I may change my mind.

WA: El Fiji Grande
 
Against...
...on similar grounds as last time. Will flesh out later, but CoCR covers everything this would. Furthermore poor regard was given to the government inclusion which would basically require you to fill our a user agreement for every website you visit. And then approve searches for data collection and non criminal offenses that don't warrant the use of a warrant (yay puns)
 
I think that the case of disaggregation of personal data is not mentioned, nor of its use by the entities that guard it or its transmission to third parties for its use.

In my opinion, there should be someone responsible for the custody of the data, not the businesses/entity/company in general. The way it's written, the responsibility is diluted.

Leave the legislation in the hands of the states within the limits of the proposal. There is no mention of the case in which it's more restrictive, being able to establish notable differences between states that are more permissive than others.

In my opinion, the proposition seems well-intentioned, but I think it's a bit superficial in something so complex.

Against.

WA: Sunto
 
I find the terms of the proposal pretty comprehensive and fair. It balances the responsibility of the state and the business alike. It could be considered a little anti Nat Sov but I think this issue can overlook that given this is the Internet we are talking about.
 
Not a WA in TNP as usual.

I find the proposal rather full of loopholes, particularly in that the entire second section can easily be dealt with by having a terms of use disclaimer 50 pages long that no one will ever read authorizing everything in there and more.

Hell, a rl video game maker stuck a clause with customers handing over their immortal souls for an April Fools day joke.

Against.
 
Against. Complete fearmongering and wholly inadequate for a number of reasons, including these: https://forum.nationstates.net/viewtopic.php?f=9&t=462971

Also, the author expressed a desire to vote for that repeal.

Also to note, Irl I work in a political fundraising firm, where I collect data using individual's past contributions and create lists, which are then used to solicit donations for current candidates. It is completely unclear how my, or really any other fundraising firm, would operate under the provisions of this law.
 
Status
Not open for further replies.
Back
Top