[GA - Passed] Data Protection Accord

Status
Not open for further replies.

Gorundu

I finished my Chinese homework
-
-
Pronouns
he/him
TNP Nation
Gorundu
Discord
an_dr_ew

ga.jpg

Data Protection Accord
Category: Regulation | Area of Effect: Consumer Protection
Proposed by: Marxist Germany | Onsite Topic

The World Assembly,

Lauding the efforts of this assembly to protect privacy rights through previous legislation such as GA #213 Privacy Protection Act,

Recognising every individual's right to reasonable privacy,

Believing that collecting essential data without consent is a violation of the right to privacy,

Noting that most minors are not fully capable of comprehending the risks associated with decisions made on matters of privacy,

Hereby,

  1. Defines the following for the purpose of this resolution:
    1. An "organisation" as an entity that collects data from its users, and and is not run by the government of the nation which the individual whose data the entity collects is from;

    2. A "minor" as a person under the age of majority not going through a transitional period into adulthood, as determined by the home member-state of the minor;

    3. A "guardian" as an individual legally responsible for the protection and care of a minor;

    4. "personal data" as data that can be used to identify an individual;

    5. A "user" an individual who is not a minor; who uses or has used the services of, or is a member or has been a member of, an organisation;




  2. Prohibits:
    1. Organisations from collecting or storing the personal data of any minor without the explicit consent of their guardian except when the guardian cannot be contacted and it is not in the best interests of the minor to do so, such as cases of child abuse, or unless the business is unable to verify the age of the user;

    2. Organisations from collecting or storing personal data of any non-minor individual without their explicit consent except for crime prevention, such as CCTV cameras, unless the individual cannot consent and the personal data is required for an emergency, or unless the data is used exclusively for journalistic purposes;

    3. Organisations from using personal data collected from any individual to intentionally and maliciously cause harm or severe distress to the individual the data belongs to;

    4. Governments of member states from viewing the personal data of a minor, or user without explicit prior consent from both the organisation in possession of the personal data and the guardian of the minor, or user to which the data belongs, unless the user has consented to their personal data being shared with authorities as necessary, as a condition to use the services of the organisation and the personal data collected was for crime prevention, or a judicial order has been issued;




  3. Mandates that organisatons:
    1. Provide fully detailed information on how they will use or share a user or minor's personal data to the user or their guardian explicitly when they interact with the organisation for this first time and when a major change to the data collection or usage policy has been made, except when the organisation has no means of communicating with the user or guardian;

    2. Enable individuals to view the personal data that the organisation holds on them unless the release of the personal data would compromise the privacy or well-being of others;

    3. Remove personal data from their database if the personal data is no longer relevant to the services used by the user or minor, or if the user or minor ceases to use the services of or ceases to be a member of the organisation, unless the user, or the minor's guardian, consents to that explicitly and clearly, or unless there is a clear and compelling safety or disciplinary reason to do otherwise such as loans, transactions, or disciplinary records;

    4. Allow users or guardians to request the removal of their personal data, or their minors' personal data, and act upon these requests, unless it falls under an exception mentioned in clause 3c above;

    5. Remove personal data of a user or minor if the organisation is aware of the user or minor's death, subject to exceptions in clause 3c;

    6. Allow users or guardians to request that data stored on them or their minor by the organisation be edited, and act upon these requests, if the data stored is incorrect;

    7. Take reasonable measures to ensure the personal data being stored by the organisation is not accessed by unauthorised persons, such as persons not working in the organisation or persons inside the organisation but are unauthorised to access the data;

    8. Take reasonable measures to ensure the transfer of personal data to another organisation under a user's, or guardian's request is performed in a reasonable time frame, subject to national legislation;




  4. Declares that an organisation can prohibit an individual from using the services of or joining the organisation if the individual or their guardian does not consent to the personal data collection policy of the organisation, or if the individual provides falsified personal data.


Co-authored by Kenmoria
Voting Instructions:
  • Vote For if you want the Delegate to vote For the resolution.
  • Vote Against if you want the Delegate to vote Against the resolution.
  • Vote Abstain if you want the Delegate to abstain from voting on this resolution.
  • Vote Present if you are personally abstaining from this vote.
Detailed opinions with your vote are appreciated and encouraged!
 
Status
Not open for further replies.
Back
Top