User Name:     Password:        Join Us
  • 1
  • 2
  • 3
  • 4
▪ China is to award whistleblowers heavily – foreign companies are more vulnerable t
▪ 130 Chinese headhunters arrested, involving breach of 200 million pieces of person
▪ Corporate Compliance Programs Evaluation Issued by US DOJ (Chinese Translation)
▪ The prospect is promising to commercialize Level-3 autonomous driving in China
▪ Intelligent and digital infrastructures are scheduled to accompany automatic vehic
▪ Will China illegalize VIEs?
▪ You cannot miss the gold rush under China's new Foreign Investment Law
▪ Data must stay in China to get classified protection under Cyber Security Law
▪ China is to fast-track law-making in autonomous driving
▪ What compliance obligations to meet to transfer data from within China?
▪ Chinese government uses digital forensics technology to dig bribery evidence
▪ A Chinese medical device distributor fined CNY 50,000 for bribing with Moutai
▪ How would Chinese E-commerce Law affect you (1)?
▪ Conflict between the culture and the Party’s rules: $70 gift money got a director
▪ "Excessive Pricing" from perspective of Competition Law
▪ Does China prohibit cross-border transfer of scientific data?
▪ Hypermarket Caesar jailed for ten years for giving “reward for go-between”
▪ How is environmental protection tax collected in China?
▪ China Redefined Bribery Anticompetitive in Nature
▪ China is to amend its Constitution
▪ Chinese government vowed to crack down on bribe givers more harshly
▪ China has its own Dodd-Frank; the award for whistleblower could be US$ 80K
▪ Chinese government may LIUZHI a suspect of wrongdoing
▪ Cooking clinical trial data is rampant and now criminally punishable in China
▪ 5th Viadrina Compliance Congress
▪ Does a compliance bird eat nothing?
▪ How Are Drugs Being Sold in China Despite the Anti-Corruption Crusading
▪ Chinese whistle-blower lauded while French boss fled out of China
▪ Life Sentence for Deputy Chief Justice of China
▪ Why Is Chinese Anti-bribery Law a Very Important Compliance Obligation?
▪ The Report on Corporate Compliance Management in China (2016)
▪ Use of "predictive coding" in eDiscovery document review…best friend or job replac
▪ Civil Fraud v. Criminal Fraud: Criminal Proceedings Not a Silver Bullet to Resolve
▪ Corrupt Chinese drug administrators jailed or executed, whose family members ended
▪ Tone from the middle cannot be ignored
▪ Is bribing a Chinese doctor bribing an FCPA governmental official?
▪ Criminal and Administrative Liability under China's Competition Laws
▪ Model Standards for Trade Association Compliance with China's AML
▪ Double Exposure to Legal Risk Under China's Competition Laws: Comments Upon the Ex
▪ New Privacy Standards for New Data
▪ Chinese Police Are Foxhunting Corrupt Officials
▪ Transfer of Personal Data Overseas from Singapore: Recent Enhanced Provisions
▪ New Guidance on Antitrust Notifications in China
▪ China Issued the Standards on the Quality Management of Using Medical Devices (Dra
▪ China Imposes Harsher Liabilities for Environmental Non-Compliance
▪ GSK Faces Two Corruption Fights in East and West
▪ European Court of Justice Abrogates Data Retention and Allows Data Detention
▪ China Is to Adopt Risk-based Supervisory Rules on Medical Devices
▪ China to Set Food & Drug Police
▪ Don't Put All Medical Eggs into One Blacklisted Basket
 
Home > Privacy & Info Safety
New Privacy Standards for New Data
 

Common Data Privacy regulation tends to neglect the fact that personal data are nowadays, in a social media society, usually given away voluntarily and upon contractual agreement (we could refer to such data as new data). When using Google, Amazon, Facebook and others we all agree with these companies´ terms and conditions. So Data Privacy should not only consider mere Data Protection but also contractual principles. And one of the oldest and most fundamental contractual principles is “do ut des” which is Latin and goes back to ancient Roman Law meaning that there is or should be a certain balance between what you give and what you get in return. That would explain why companies like Google or Facebook for whose services the customer does not pay should basically have the right to use his personal data (that would be the balance: data for service). But this is only a first approach. Applied to modern data environment the balance has also to be struck in relation to other relevant parameters when it comes to contractual aspects of data privacy:

  • since data is a contract matter we have to consider what kind of personal data we are dealing with (especially sensitive and non-sensitive data has to be distinguished and treated differently)

  • and since contracts are concluded by mutual consent the extent of such consent also has to be taken into account (has it to be declared explicitly or is accepting terms of use sufficient)


So what I am suggesting is that these three parameters should be balanced. I tried to do so by putting them into a set of privacy rules considering American standards (like the FIP – Fair Information Practices), European standards (Directives and recent draft of Data Protection Act) and International Standards (like OECD Privacy Principles):

Companies in compliance with international data privacy standards commit to

(1) complying with national data protection or privacy law, national contract law and other legal requirements or regulations referring to data privacy

(2) complying with current security standards to protect stored personal data from illegitimate access

(3) implementing an easily perceptible, accessible and comprehensible privacy policy with information on why and which personal data is collected, how this data is used, who will receive this data, how long this data is stored, whether and which data will be deleted upon request 

(4) not using or divulging any customer data (except for statistical analysis and when the customer’s identity remains anonymous) unless the company is obliged to do so by law or the customer agrees to such use or circulation 

(5) in case of a contract between the company and the costumer committing the costumer to pay for services or goods:

- informing the costumer individually and as soon as reasonably possible in case of data breaches with regard to personal data

- informing the customer upon request about which specific data of this costumer is stored and deleting such data upon request unless applicable laws or regulations require the company to continue storing such data

- not using or divulging content-related personal data

- not using or divulging any other personal data without the costumer´s explicit, separate and individual consent

(6) in the absence of a contract between the company and the costumer committing the costumer to pay for services or goods:

- informing the costumer as soon as reasonably possible in case of data breaches with regard to sensitive data (referring to, e.g., sexual, financial, medical, political or ethnic issues)

- informing the customer upon request what type of sensitive data of this costumer is stored and deleting such data upon request when such data is outdated unless applicable laws or regulations require the company to continue storing such data

- not using or divulging sensitive data without the costumer´s explicit, separate and individual consent

The author, Wolfgang Zankl (zankl@e-center.eu), is a Law Professor at the University of Vienna, Founder/Director of the European Center for E-commerce and Internet Law (www.e-center.eu)



Tweet Like Email LinkedIn
There are no comments for this journal entry. To create a new comment, use the form below.
    Enter your information below to add a new comment.
Author:   
Email:    (optional)
URL:    (optional)
Content:  
Code: *
    
  Comment Moderation Enabled
Your comment will not appear until it has been cleared by a website editor.
The Compliance Reviews COPYRIGHT © 2013-19 All Rights Reserved. Supported by International Risk and Compliance Association and International Risk and Compliance Institute Limited. 沪ICP备10034943号-8

31010502002477