[GA - Failed] PPP

The World Assembly,

Disgusted by the lack of legislation regarding the ability of organisations to collect data from their customers without consent;

Discerning every individual's right to privacy;

Deducing that collecting data without consent is violation of the right to privacy;

Describing that most minors are not fully mentally mature and are not capable of comprehending the risks of the decisions they're making on their own without the help of their guardian(s);

Hereby,

1. Defines the following for the purpose of this resolution:
   1. An "organisation" as any entity that collects data from its members or users, and isn't directly run by a government;
      
      
   2. A "minor" as any sapient being under the age of majority;
      
      
   3. An "adolescent" as any minor going through a transitional period into adulthood as defined by a government of a member-state;
      
      
   4. A "guardian" as any legal guardian of a minor, or if none exists, a biological parent;
      
      
   5. "Personal Data" as any data that can be used to identify a sapient individual;
      
      
   6. A "user" as any sapient being who uses or has used the services of, or is a member of, an organisation;
   
   
   
   
   
2. Denies:
   1. Organisations from storing the personal data of any non adolescent minor without the explicit consent of their guardian except when the guardian cannot be contacted or it is not in the best interests of the minor to do so, as determined by national governments;
      
      
   2. Organisations from collecting data from any user, or non-user, without their explicit consent except for crime prevention;
      
      
   3. Organisations from using personal data collected from any individual to intentionally and maliciously cause harm or severe distress to the individual the data belongs to;
      
      
   4. Governments of member states from viewing the data of a user without the explicit prior consent from both the organisation in possession of the data and the user to which the data belongs unless:
      1. The data is subject to a subpoena for litigation discovery to which the user is not a party;
         
         
      2. The data is subject to a valid warrant during criminal investigation, or;
         
         
      3. The user places the data's contents or subject matter at issue as a party in a civil dispute;
   
   
   
   
   
3. Demands that:
   1. Organisations provide information on how they will use a user's data to the user explicitly when they interact with the organisation for this first time or when a major change to the data collection policy has been made;
      
      
   2. Organisations enable users, and non-users, to view the data that the organisation holds on them unless the release of data would compromise the well-being of the individual or others;
      
      
   3. Personal data processed for any purpose is not kept for longer than is necessary for that purpose unless the user, or non-user, consents to that explicitly and clearly;
      
      
   4. Organisations allow users, and non-users to request the removal of their personal data, and act upon these requests unless there is a clear and compelling safety or disciplinary reason to do otherwise such as loans or criminal records;
   
   
   
   
   
4. Declares that an organisation can prohibit a person from using the services of, or joining the organisation if the user does not consent to the data collection policy of the organisation;
   
   
   
   
5. Dictates that member states:
   1. Make a private right of action against organisations that do not follow the provisions established in this resolution;
      
      
   2. Establish statutory damages as remedies if the damages are enough to be dissuasive.

Co-authored with Kenmoria

Click to expand...

Voting Instructions:

• Vote For if you want the Delegate to vote For the resolution.
• Vote Against if you want the Delegate to vote Against the resolution.
• Vote Abstain if you want the Delegate to abstain from voting on this resolution.
• Vote Present if you are personally abstaining from this vote.

Detailed opinions with your vote are appreciated and encouraged!

Protecting Personal Privacy, while well intending, gets caught up in its own over-worded clauses and ultra specific definitions. The proposal denies government the ability to view the data unless specific situations occur, which could cause governments to take larger action than realistically needed in order to view items pertinent to national security and gross crimes before an investigation could be opened. The definition of 'user' is so specific that there is not an easily discernable definition to 'non-user' seeing that it is not defined. This error makes Clause 3, sections 2 and 4 difficult to enforce. Clause 3, section 4 also allows for people to remove evidence of their specific person ever interacting with an organization unless 'there is a clear and compelling safety or disciplinary reason to do otherwise such as loans or criminal records'. This becomes an issue because there is no way to determine if such information could be used in the future for criminal or civil proceedings without those proceedings taking place, thus putting these organizations in a state of limbo. Additionally, Clause 4 allows organizations to prohibit a person from using services if they do not consent to their data being collected, however does not address what happens if a user provides falsified data. Furthermore, Clause 5, section 1 seems unclear if the resolution wants member nations to grant private individuals the ability to go after organizations who do not follow the resolution or if the WA member nation itself must take action against organizations who do not follow the resolution.

In accordance with the reasoning above, the Ministry of World Assembly Affairs recommends a vote against this proposal.

For

For

Sitting against, never been a fan of this concept

Against

Against. (Edited for clarity and this time with sleep)

While I have an issues with the strength of the language, "Disgusted" in particular, section 5 of this proposal directly invades the sovereign jurisdiction of nations to determine and govern their own tort law.

Section 5 of this resolution clearly violates the sovereignty of nations in developing and establishing their own Tort law. I appreciate the authors' efforts to address this issue, but they need to do it in a fashion that doesn't dictate how nations should handle a topic that has traditionally been the distinct purview of the individual nations of this assembly.

Particularly determining what actions deserve to earn damages as part of a judgement worries me, and potentially opens up a floodgate of frivolous lawsuits from people who failed to read the "Terms and Conditions" of using whatever service may be in question. If the authors were to re-submit this proposal without Section 5, I would be willing to vote for it.

Against

I vote For to keep the human rights for all individuals throughout the world.

(OOC: Had read the entire forum conversation with regards to the act. Personally will be Present for the act, considering how the issue of privacy regulations has been an issue which I do not agree with but find necessary. When deciding, do take into account the repealed WA#58 and WA#461, the "predecessor" to this act in some way and also WA#213 which is a basis of this act.)

IC Article:
The Committee of WA Affairs met today to discuss about this resolution. Having met barely 3 hours after the controversial resolution "Restrict Private Prisons" was passed in the WA, the Committee shelved that resolution aside. While the Committee is determined to work with other nations and delegations including members of our regional bloc, TNP, in repealing the Act, the Committee placed that further down the priority list and looked at other resolutions coming up in the WA and the SC.

The resolution entitled "Protecting Personal Privacy" (PPP Resolution) was first on the discussion list. On first read, many members found this to be extremely similar to the Personal Data Protection Act (PDPA) which was recently enacted into law in 2018. However, considering that this was a WA Resolution and not a law of a particular country per se, the Committee went on to further discuss about some of the points of the Resolution.

The Committee noted the existence of WA#213 ("Privacy Protection Act") which could be seen as the backbone to the PPP. In that, it was legislated that member states are prohibited to infringe on the right of privacy, while it also gives an avenue for individuals' privacy rights to be waived with consent.

On further scrutiny of the resolution at hand, the Committee noted the following points of interest:
1. Point 2d prohibits "governments of member states from viewing the data of a user without prior explicit consent", unless "The data is subject to a subpoena for litigation discovery to which the user is not a party; The data is subject to a valid warrant during criminal investigation, or; The user places the data's contents or subject matter at issue as a party in a civil dispute". This however, means that while the actions as described by Point 4c and 4d of WA#213 would be acts that do not infringe the right of privacy, PPP effectively denies governments the right to view data of users that the government sees as threat to national security.
2. Point 5a "dictates" WA nations to "make a private right of action against organisations that do not follow the provisions established in this resolution". While this could be seen as a way to ensure member states properly enforce these rules with some form of punishment, the Committee wonders if there was an error in the proposal, and that it was intended to require member states to come up with an avenue for private users to make a right of action against these organisations that do not follow the provisions. (Though there was an argument over the phrasing, as some members feel that this phrasing is actually what we think it actually means)
3. PPP seems to be overly focused on protecting the data of private users and regulates the collection of data from individual users. The Committee has noted that under PPP, organisations are not required to ensure the protection of the personal data collected. This may create accidental loopholes if the personal data collected by an organisation is to be "stolen" by other organisations, resulting in an unwanted data breach.

While commending the efforts of the proposal in protecting the rights of Personal Data, the Committee, in considering the issues above, has decided that the WA delegation of PotatoFarmers will be vote Against the resolution. The delegation dearly hopes that the above issues can be addressed so that WA would receive a good resolution that adequately ensures that the personal data of individuals can be protected.

The Committee welcomes any discussion with regards to the points raised above, and would be willing to change their mind with regards to the resolution if other TNP nation delegates are able to convince PotatoFarmers otherwise.

~Mr Hadisah Soloman
Minister of Foreign Affairs, PotatoFarmers
On behalf of the Committee of WA Affairs, PotatoFarmers.

For

Against

Against

Against

for

For

Against

"What y'all doing? Get this bill off my very expensive desk."

The Youssath Ambassador has brought forth its stance and will be voting against in this current GA resolution. We would like to encourage all WA member states to follow on TNP's Ministry of World Assembly recommendations as well on this matter.

Reasons for the choice of vote can be found in the dispatch:
https://www.nationstates.net/page=dispatch/id=1238891