Post by Asairia on Apr 14, 2019 15:32:17 GMT
WORLD ASSEMBLY GENERAL ASSEMBLY
PROTECTING PERSONAL DATA
DELEGATE IS VOTING: FOR ✓
FINAL RESULTS:
9,867 (60.5%) FOR
6,438 (39.5%) AGAINST
Overview
Protecting Personal Data is a proposal that seeks to, "Protect customers from exploitation by businesses."
About the Proposal
The author, Marxist Germany of The United Federations, has proposed a new version of their Protecting Personal Data proposal:
Appalled by the lack of a resolution regarding data protection;
Recognising the individuals' right to privacy;
Believing that businesses should not be able to collect data from a customer without the explicit consent of that customer as this is clearly a violation of the right to privacy;
Noting that minors are not fully mentally mature and are not capable of taking decisions on their own without the help of their guardians;
Seeking to protect customers from exploitation by businesses;
Hereby,
1. Defines the following for the purpose of this resolution:
A. A "Minor" as any sapient being under the age of majority;
B. A "Guardian" as any legal guardian of a minor, or if none exist, the biological parent;
C. "Personal Data" as any data that can be used to identify a sapient individual;
D. A "User" as any sapient being who uses or has used the services of a business;
2. Prohibits:
A. Businesses from storing the personal data of any minor without the explicit consent of their guardian except when the business cannot identify the user's age;
B. Businesses from using personal data collected from any individual to cause harm or severe distress to the individual the data belongs to;
C. Governments of member states from viewing the data of a user without the explicit prior consent from both the business holding the data and the user that the data belongs to, except when the information is needed for a criminal investigation or trial and a search warrant has been issued;
3. Mandates that:
A. Businesses provide explicit information on how they will use a user's data in their terms of service;
B. Businesses enable users to view the data that the aforementioned business holds on them unless the release of data would compromise the well-being of the user or others;
C. Personal data processed for any purpose is not kept for longer than is necessary for that purpose unless the user consents to that explicitly and clearly;
D. Businesses allow users to request the removal of their personal data, and act upon these requests unless there is a clear and very compelling safety or disciplinary reason to do otherwise;
4. Requires that member states make a private right of action against businesses that don't follow the boundaries established in this resolution;
5. Encourages member states to enact stricter laws to protect their citizens' privacy from businesses.
Recognising the individuals' right to privacy;
Believing that businesses should not be able to collect data from a customer without the explicit consent of that customer as this is clearly a violation of the right to privacy;
Noting that minors are not fully mentally mature and are not capable of taking decisions on their own without the help of their guardians;
Seeking to protect customers from exploitation by businesses;
Hereby,
1. Defines the following for the purpose of this resolution:
A. A "Minor" as any sapient being under the age of majority;
B. A "Guardian" as any legal guardian of a minor, or if none exist, the biological parent;
C. "Personal Data" as any data that can be used to identify a sapient individual;
D. A "User" as any sapient being who uses or has used the services of a business;
2. Prohibits:
A. Businesses from storing the personal data of any minor without the explicit consent of their guardian except when the business cannot identify the user's age;
B. Businesses from using personal data collected from any individual to cause harm or severe distress to the individual the data belongs to;
C. Governments of member states from viewing the data of a user without the explicit prior consent from both the business holding the data and the user that the data belongs to, except when the information is needed for a criminal investigation or trial and a search warrant has been issued;
3. Mandates that:
A. Businesses provide explicit information on how they will use a user's data in their terms of service;
B. Businesses enable users to view the data that the aforementioned business holds on them unless the release of data would compromise the well-being of the user or others;
C. Personal data processed for any purpose is not kept for longer than is necessary for that purpose unless the user consents to that explicitly and clearly;
D. Businesses allow users to request the removal of their personal data, and act upon these requests unless there is a clear and very compelling safety or disciplinary reason to do otherwise;
4. Requires that member states make a private right of action against businesses that don't follow the boundaries established in this resolution;
5. Encourages member states to enact stricter laws to protect their citizens' privacy from businesses.
My Decision
I applaud the author for attempting to legislate a solution to the problem of user data misappropriation and targeting. My affirmative vote is being cast with some reservations, though.
First, the author, like many of this proposal's supporters, fail to recognize or willingly overlook that fact that user data collection is more complex and far-reaching than simply putting the blame squarely on businesses. This apparent lack of understanding is further revealed by Clause 2(A), which prohibits, "Businesses from storing the personal data of any minor without the explicit consent of their guardian except when the business cannot identify the user's age." Unless the business in question is a toy store or other age-specific establishment, there is no way a business can tell how old its visitors are unless they fill out information or register an account, and even then, the latter may not ask for registrants' birthdays. In more cases than not, businesses will invoke the exception to this rule and collect data anyways. Additionally, I am unsure if this clause can ever truly be enforced to full effect. When you visit a website, your IP connects to their domain, showing you visited the website. Under the provided definition of 'personal data', IP addresses qualify as a means to identify an individual. If adopted, this resolution will likely face judicial scrutiny unless every minor's IP address is scrambled through the use of a VPN or another method of online anonymity. IP address collection is one type of data that is very hard not to collect. I wish there was more to this clause; the author could have easily added a solution to this problem by mandating the frequent deletion of IP addresses. The way it is now, every business that operates a website will be in violation of this clause and subject to legal action, which, in turn, opens up this resolution to legal scrutiny by mandating something that may be impossible to comply with.
My next two criticisms are relatively minor but noteworthy nonetheless. Clause 2(C) indirectly prevents the government from viewing the data of those that visit government-owned websites. This can be remedied by a popup asking for permission to view a visitors' data, but who enjoys popups? My third issue surrounds the definitions provided as they feel sloppy (examples: when trying to define a word, don't use said word as a key part of the definition; secondly, restricting the definition of 'minors' to the age of the majority is likely to conflict with nations who define and recognize minors differently).
Despite these shortcomings, the first of which bothers me the most, this proposal does attempt to protect those that desperately need it the most. I can best explain my reasoning by citing my response to Repeal: Debtor Voting Rights:
"I understand the ... desire to have a one-bill-fits-all solution to these issues, but without such a bill having enough support to reach the voting floor, is it really worth disenfranchising those that this bill does protect for an uncertain amount of time? ... While [this resolution] may not be ideal, it does provide partial protection, and while it isn't full protection, partial protection is better than no protection in cases where there are no viable alternatives capable of being considered at this time."
As such, I have cast my vote in favor of this resolution.
Current Delegate support at time of publication.