[GA - Withdrawn] Data Protection Accord

Status
Not open for further replies.

Gorundu

I finished my Chinese homework
-
-
-
Pronouns
he/him
TNP Nation
Gorundu
Discord
an_dr_ew

ga.jpg

Data Protection Accord
Category: Regulation | Area of Effect: Consumer Protection
Proposed by: Marxist Germany | Onsite Topic

The World Assembly,

Lauding the previous efforts of this assembly to protect privacy rights through previous legislation such as GA #213 Privacy Protection Act,

Recognising every individual's right to reasonable privacy,

Believing that collecting essential data without consent is a violation of the right to privacy,

Noting that most minors are not fully capable of comprehending the risks associated with decisions made on matters of privacy,

Seeking to introduce more restrictions regarding the ability of non-governmental organisations to collect data from their customers without consent,

Hereby,
  1. Defines the following for the purpose of this resolution:
    1. An "organisation" as an entity that collects data from its users, and isn't primarily run by a government;

    2. A "minor" as a person under the age of majority not going through a transitional period into adulthood;

    3. A "guardian" as an individual legally responsible for the protection and care of a minor;

    4. "personal data" as data that can be used to identify an individual;

    5. A "user" as an adult, or a person under the age of majority going through a transitional period into adulthood, as determined by national governments; who uses or has used the services of, or is a member or has been a member of, an organisation;
  2. Prohibits:
    1. Organisations from collecting or storing the personal data of any minor without the explicit consent of their guardian except when the guardian cannot be contacted and it is not in the best interests of the minor to do so, as determined by national governments, and the business is unable to verify the age of the user;

    2. Organisations from collecting or storing personal data from any individual without their explicit consent except for crime prevention, such as CCTV cameras, unless the individual cannot consent and the personal data is required for an emergency, or unless the data is used exclusively for journalistic purposes;

    3. Organisations from using personal data collected from any individual to intentionally and maliciously cause harm or severe distress to the individual the data belongs to;

    4. Organisations from storing received personal data from other organisations without the prior explicit consent of the user the data belongs to;

    5. Organisations from sharing the personal data of a user without their prior explicit consent;

    6. Governments of member states from viewing the personal data of a user without explicit prior consent from both the organisation in possession of the personal data and the user to which the data belongs, unless the user has consented to their personal data being shared with authorities as necessary, as a condition to use the services of the organisation and the personal data collected was for crime prevention, or a judicial order has been issued;
  3. Mandates that organisatons:
    1. Provide fully detailed information on how they will use or share a user's personal data to the user explicitly when they interact with the organisation for this first time, and when a major change to the data collection or usage policy has been made;

    2. Enable individuals to view the personal data that the organisation holds on them unless the release of the personal data would compromise the privacy or well-being of others;

    3. That collect or store personal data remove it from their database if the data is no longer relevant to the services used by the user, or if the user ceases to use the services of or ceases to be a member of, the organisation; unless the user, consents to that explicitly and clearly, or unless there is a clear and compelling safety or disciplinary reason to do otherwise such as loans, transactions, or disciplinary records;

    4. Allow individuals to request the removal of their personal data, and act upon these requests, unless it falls under an exception mentioned in clause 3c;

    5. Remove personal data of a user if the organisation is informed of the user's death, subject to exceptions in clause 3c;

    6. Allow users to edit data stored on them by the organisation if the data stored is incorrect;

    7. Take reasonable measures to ensure the personal data being stored by the organisation is not accessed by unauthorised persons;

    8. Take reasonable measures to ensure the transfer of personal data under a user's request is performed in a reasonable time frame, subject to national legislation;
  4. Declares that an organisation can prohibit a person from using the services of or joining the organisation if the individual does not consent to the personal data collection policy of the organisation, or if the user provides falsified personal data.
Co-authored by Kenmoria
Voting Instructions:
  • Vote For if you want the Delegate to vote For the resolution.
  • Vote Against if you want the Delegate to vote Against the resolution.
  • Vote Abstain if you want the Delegate to abstain from voting on this resolution.
  • Vote Present if you are personally abstaining from this vote.
Detailed opinions with your vote are appreciated and encouraged!
 
@(Marxist) Germany I can't quite figure out what this clause is supposed to mean:
Organisations from collecting or storing the personal data of any minor without the explicit consent of their guardian except when the guardian cannot be contacted and it is not in the best interests of the minor to do so, as determined by national governments, and the business is unable to verify the age of the user;
 
@(Marxist) Germany I can't quite figure out what this clause is supposed to mean:
I have already answered this question on discord, so here is the answer I gave:

Organisations cannot collect data from any minor, unless the guardian consents, except when the guardian cannot be contacted (to be regulated by member-states), and when it is not safe for a minor (child abuse services for example).

Oxford comma before the last clause in the sentence means that it is separate,so it goes:

[Prohibits] Organisations from collecting or storing the personal data of any minor without the explicit consent of their guardian except when .... the business is unable to verify the age of the user;
its very wordy as is most of the proposal and It takes a bit of work to understand.
 
Last edited:
For -- this is a well-considered and productive proposal. I would like to see stronger protections against unnecessary or intrusive collection of data, especially when it is not absolutely essential to the operation of the organization, and therefore more provisions for users who elect not to consent to data collection besides simple denial of service. After all, coerced consent to data collection, especially when it comes to ubiquitous service providers such as search engines which may have few viable, privacy-conscious competitors, should hardly be considered a good faith waiver of privacy rights. However, the proposal as it stands is more than a step in the right direction.
 
Status
Not open for further replies.
Back
Top