User Name:     Password:        Join Us
  • 1
  • 2
  • 3
  • 4
  • 5
Anti-Bribery & Fraud
Anti-Money Laundering
Anti-Monopoly Law
Audit
Bribery
CyberSecurity
Competition
Compliance
Data Security and Integrity
Environment Protection
Export Control
FCPA
GDPR
Industry Compliance Data
Intellectual Properties
Labor Law
Medical Devices & Pharmaceuticals
National & State Security
Personal Information
Tax & Taxation
UK Bribery Act
▪ China’s Market Regulator Reined in Internet Commercial Ads
▪ Stricter than the GDPR, China’s Privacy Law Provides Prohibitive and Control Oblig
▪ China kicked off the 1st national security review on DiDi
▪ Non-prosecution for compliance under ISO 37301 - Dentons lawyers take the world’s
▪ China’s Data Security Law is anything but frightening
▪ Alibaba fined USD 2.68 billion for abusing dominant market position in China
▪ China’s new “Blocking Statute” and the concerns it raised
▪ Survey result: how is bribery risk managed in China?
▪ China’s Administrative Punishment Law Awards Meaningful Credits for Compliance Eff
▪ Salon | How Would the Sanction on Pompeo and Blocking Measures Impact Foreign Comp
▪ Fees to speakers: academic exchange or commercial bribery
▪ China’s Personal Information Protection Law (2)
▪ China’s Personal Information Protection Law (1)
▪ Reading Into China’s Export Control Law
▪ English Translation of Export Control Law of China
▪ China Issued Its List of Unreliable Entities
▪ Demystify Corporate Social Credit System in China
▪ China is deploying “Operation Skynet” to further “Fox Hunt”
▪ China is to award whistleblowers heavily – foreign companies are more vulnerable t
▪ 130 Chinese headhunters arrested, involving breach of 200 million personal info
▪ Corporate Compliance Programs Evaluation Issued by US DOJ (Chinese Translation)
▪ The prospect is promising to commercialize Level-3 autonomous driving in China
▪ Intelligent and digital infrastructures are scheduled to accompany automatic vehic
▪ Will China illegalize VIEs?
▪ You cannot miss the gold rush under China's new Foreign Investment Law
▪ Classified Protection Under China's Cyber Security Law
▪ China is to fast-track law-making in autonomous driving
▪ What compliance obligations to meet to transfer data from within China?
▪ Chinese government uses digital forensics technology to dig bribery evidence
▪ A Chinese medical device distributor fined CNY 50,000 for bribing with Moutai
▪ How would Chinese E-commerce Law affect you (1)?
▪ Conflict between the culture and the Party’s rules: $70 gift money got a director
▪ "Excessive Pricing" from perspective of Competition Law
▪ Does China prohibit cross-border transfer of scientific data?
▪ Hypermarket Caesar jailed for ten years for giving “reward for go-between”
▪ How is environmental protection tax collected in China?
▪ China Redefined Bribery Anticompetitive in Nature
▪ China is to amend its Constitution
▪ Chinese government vowed to crack down on bribe givers more harshly
▪ China has its own Dodd-Frank; the award for whistleblower could be US$ 80K
▪ Chinese government may LIUZHI a suspect of wrongdoing
▪ Cooking clinical trial data is rampant and now criminally punishable in China
▪ 5th Viadrina Compliance Congress
▪ Does a compliance bird eat nothing?
▪ How Are Drugs Being Sold in China Despite the Anti-Corruption Crusading
▪ Chinese whistle-blower lauded while French boss fled out of China
▪ Life Sentence for Deputy Chief Justice of China
▪ Why Is Chinese Anti-bribery Law a Very Important Compliance Obligation?
▪ The Report on Corporate Compliance Management in China (2016)
▪ Use of "predictive coding" in eDiscovery document review…best friend or job replac
 
Home > Personal Information
New Privacy Standards for New Data
By Wolfgang Zankl | 2014/11/27 21:09:00
 

Common Data Privacy regulation tends to neglect the fact that personal data are nowadays, in a social media society, usually given away voluntarily and upon contractual agreement (we could refer to such data as new data). When using Google, Amazon, Facebook and others we all agree with these companies´ terms and conditions. So Data Privacy should not only consider mere Data Protection but also contractual principles. And one of the oldest and most fundamental contractual principles is “do ut des” which is Latin and goes back to ancient Roman Law meaning that there is or should be a certain balance between what you give and what you get in return. That would explain why companies like Google or Facebook for whose services the customer does not pay should basically have the right to use his personal data (that would be the balance: data for service). But this is only a first approach. Applied to modern data environment the balance has also to be struck in relation to other relevant parameters when it comes to contractual aspects of data privacy:

  • since data is a contract matter we have to consider what kind of personal data we are dealing with (especially sensitive and non-sensitive data has to be distinguished and treated differently)

  • and since contracts are concluded by mutual consent the extent of such consent also has to be taken into account (has it to be declared explicitly or is accepting terms of use sufficient)


So what I am suggesting is that these three parameters should be balanced. I tried to do so by putting them into a set of privacy rules considering American standards (like the FIP – Fair Information Practices), European standards (Directives and recent draft of Data Protection Act) and International Standards (like OECD Privacy Principles):

Companies in compliance with international data privacy standards commit to

(1) complying with national data protection or privacy law, national contract law and other legal requirements or regulations referring to data privacy

(2) complying with current security standards to protect stored personal data from illegitimate access

(3) implementing an easily perceptible, accessible and comprehensible privacy policy with information on why and which personal data is collected, how this data is used, who will receive this data, how long this data is stored, whether and which data will be deleted upon request 

(4) not using or divulging any customer data (except for statistical analysis and when the customer’s identity remains anonymous) unless the company is obliged to do so by law or the customer agrees to such use or circulation 

(5) in case of a contract between the company and the costumer committing the costumer to pay for services or goods:

- informing the costumer individually and as soon as reasonably possible in case of data breaches with regard to personal data

- informing the customer upon request about which specific data of this costumer is stored and deleting such data upon request unless applicable laws or regulations require the company to continue storing such data

- not using or divulging content-related personal data

- not using or divulging any other personal data without the costumer´s explicit, separate and individual consent

(6) in the absence of a contract between the company and the costumer committing the costumer to pay for services or goods:

- informing the costumer as soon as reasonably possible in case of data breaches with regard to sensitive data (referring to, e.g., sexual, financial, medical, political or ethnic issues)

- informing the customer upon request what type of sensitive data of this costumer is stored and deleting such data upon request when such data is outdated unless applicable laws or regulations require the company to continue storing such data

- not using or divulging sensitive data without the costumer´s explicit, separate and individual consent

The author, Wolfgang Zankl (zankl@e-center.eu), is a Law Professor at the University of Vienna, Founder/Director of the European Center for E-commerce and Internet Law (www.e-center.eu)



Tweet Like Email LinkedIn
There are no comments for this journal entry. To create a new comment, use the form below.
    Enter your information below to add a new comment.
Author:   
Email:    (optional)
URL:    (optional)
Content:  
    
  Comment Moderation Enabled
Your comment will not appear until it has been cleared by a website editor.
The Compliance Reviews COPYRIGHT © 2013-19 All Rights Reserved. Supported by International Risk and Compliance Association and International Risk and Compliance Institute Limited. 沪ICP备10034943号-8
沪ICP备19033746号-4
沪公网安备31010502002477号