[DEFEATED] Protecting Personal Privacy

[Christian Democrats]

We have voted against this proposal.

The proposed ban on data collection from minors is overbroad. It would impose an unacceptable and costly administrative burden on websites. On the internet, it is not readily apparent who is and who is not a minor.

[Kenmoria]

We have voted against this proposal.

The proposed ban on data collection from minors is overbroad. It would impose an unacceptable and costly administrative burden on websites. On the internet, it is not readily apparent who is and who is not a minor.

(OOC: If there is not sufficient data to ascertain whether or not somebody is a minor, there is most likely not sufficient data to contact the minor’s legal guardian, so the clause does not apply.)

[Christian Democrats]

We have voted against this proposal.

The proposed ban on data collection from minors is overbroad. It would impose an unacceptable and costly administrative burden on websites. On the internet, it is not readily apparent who is and who is not a minor.

(OOC: If there is not sufficient data to ascertain whether or not somebody is a minor, there is most likely not sufficient data to contact the minor’s legal guardian, so the clause does not apply.)

Or minors would have to disclose that they're minors, thus compromising the very privacy that this proposal seeks to protect.

[Kenmoria]

(OOC: If there is not sufficient data to ascertain whether or not somebody is a minor, there is most likely not sufficient data to contact the minor’s legal guardian, so the clause does not apply.)

Or minors would have to disclose that they're minors, thus compromising the very privacy that this proposal seeks to protect.

(OOC: Alternatively, just use the Facebook strategy of making people confirm that they are over a certain age before allowing use, by ticking a box.)

[Araraukar]

(OOC: Alternatively, just use the Facebook strategy of making people confirm that they are over a certain age before allowing use, by ticking a box.)

OOC: Facebook is a latecomer to that strategy; pretty much every site ever that had some need for age limits, has used that or clicking "yes I am 18 or older". In such a case, it's the minor's fault for flaunting laws, not the organization's.

[Immund]

This resolution was bad the first time it came up and is still bad now.
This is not an issue that needs WA legislation.
A right to privacy is not unreasonable.
This resolution is.

Besides the obvious unresolved issues involving usage of internet services by those under age of majority;
There is not a clear enough line drawn between an 'organisation' and a 'user', anyone who uses any internet service is just as much an entity collecting and processing data as anyone providing any such service.
This resolution as presently worded would represent a categorical ban on any data collection from internet services by users while allowing an explicit exemption for government.
This would be a death knell to any independent software development, as well as any independent efforts to retain and ultimately preserve information from the internet.

We have voted against this resolution.

[Marxist Germany]

This resolution was bad the first time it came up and is still bad now.
This is not an issue that needs WA legislation.
A right to privacy is not unreasonable.
This resolution is.

Besides the obvious unresolved issues involving usage of internet services by those under age of majority;
There is not a clear enough line drawn between an 'organisation' and a 'user', anyone who uses any internet service is just as much an entity collecting and processing data as anyone providing any such service.
This resolution as presently worded would represent a categorical ban on any data collection from internet services by users while allowing an explicit exemption for government.
This would be a death knell to any independent software development, as well as any independent efforts to retain and ultimately preserve information from the internet.

We have voted against this resolution.

"Ambassador, are you sure you read this proposal?"

[Lichpocalypsis]

The heads of Law Committee (Head Attorney of Empire and Chief Prosecutor), leaders of law enforcement and Empire's HQ says this:
"This proposal is full of holes and flaws. It cannot be accepted in this state!"

The AIS

[Youssath]

The Youssathian Ambassador reads the proposed legislation carefully, eyes darting around to catch any horrified expressions made by other WA ambassadors upon reviewing this bill. He walks towards his assistant and the regional (North Pacific) WA delegates, asking for their advice and recommendations on this matter. After a few minutes, he gives an acknowledgement of nod towards the delegates and begins drafting a speech later. After rounds of denunciations towards the Protecting Personal Privacy resolution made by other ambassadors, the Youssathian Ambassador walks towards the podium and makes the following address:

"Ambassador, as much as we agree that more legislation will be appreciated under the international stage, I cannot help but feel upset over the lack of clarity and overly specific definitions on the Protecting Personal Privacy resolution. While Youssath is in support of greater privacy measures against malicious use by organizations, this resolution shouts statements that make me uncomfortable at best."

"On the subject of this resolution, we feel that this proposal fails to address the storage and usage of personal data such as emergency healthcare. If the stated individual encounters an unfortunate incident and is unable to give his or her consent towards the use of personal data as he or she is unconscious, how can our own emergency services be able to render effective services towards the injured if we are unable to determine pre-existing medical conditions, drug allergies or even basic blood type? GAR #213: Privacy Protection Act provides some leeway towards basic privacy issues, but this resolution you are proposing to the General Assembly makes a direct threat towards fundamental and basic services provided by the state. This is supported by the fact that the usage of personal data without the explicit prior consent can only be justified in civil, criminal and subpoena cases, not for medical grounds."

"Furthermore, we would like to note on the use of ambiguous terms in the resolution and the lack thereof in addressing ambiguous agreements made by organizations. In Clause 5a, the resolution calls for WA member states to make a "private right of action" against delinquent organizations. May I ask whether the responsibility of the plaintiff in this civil case rests upon the private individual or the WA member state to pursue the matter? Furthermore, with regards to Clause 3a, is there any litigation against organizations who uses broadly specific and ambiguous terms such as 'would', 'may', 'should' in their user agreements with first-time users?"

"I do sincerely hope that these concerns are not insulting towards you, but they are legitimate concerns regarding our everyday transactions in this modern world. We would definitely support a clarification towards the issues raised tonight and hope that your valid contributions towards privacy can make a significant impact on international law."

The Youssathian Ambassador ends his speech. Before returning back to his seat, he passes the German Ambassador a final note on the subject of this resolution, detailing Youssath's full explanations and inquiries.

[Marxist Germany]

The Youssathian Ambassador reads the proposed legislation carefully, eyes darting around to catch any horrified expressions made by other WA ambassadors upon reviewing this bill. He walks towards his assistant and the regional (North Pacific) WA delegates, asking for their advice and recommendations on this matter. After a few minutes, he gives an acknowledgement of nod towards the delegates and begins drafting a speech later. After rounds of denunciations towards the Protecting Personal Privacy resolution made by other ambassadors, the Youssathian Ambassador walks towards the podium and makes the following address:

"Ambassador, as much as we agree that more legislation will be appreciated under the international stage, I cannot help but feel upset over the lack of clarity and overly specific definitions on the Protecting Personal Privacy resolution. While Youssath is in support of greater privacy measures against malicious use by organizations, this resolution shouts statements that make me uncomfortable at best."

"On the subject of this resolution, we feel that this proposal fails to address the storage and usage of personal data such as emergency healthcare. If the stated individual encounters an unfortunate incident and is unable to give his or her consent towards the use of personal data as he or she is unconscious, how can our own emergency services be able to render effective services towards the injured if we are unable to determine pre-existing medical conditions, drug allergies or even basic blood type? GAR #213: Privacy Protection Act provides some leeway towards basic privacy issues, but this resolution you are proposing to the General Assembly makes a direct threat towards fundamental and basic services provided by the state. This is supported by the fact that the usage of personal data without the explicit prior consent can only be justified in civil, criminal and subpoena cases, not for medical grounds."

"Furthermore, we would like to note on the use of ambiguous terms in the resolution and the lack thereof in addressing ambiguous agreements made by organizations. In Clause 5a, the resolution calls for WA member states to make a "private right of action" against delinquent organizations. May I ask whether the responsibility of the plaintiff in this civil case rests upon the private individual or the WA member state to pursue the matter? Furthermore, with regards to Clause 3a, is there any litigation against organizations who uses broadly specific and ambiguous terms such as 'would', 'may', 'should' in their user agreements with first-time users?"

"I do sincerely hope that these concerns are not insulting towards you, but they are legitimate concerns regarding our everyday transactions in this modern world. We would definitely support a clarification towards the issues raised tonight and hope that your valid contributions towards privacy can make a significant impact on international law."

The Youssathian Ambassador ends his speech. Before returning back to his seat, he passes the German Ambassador a final note on the subject of this resolution, detailing Youssath's full explanations and inquiries.

"I appreciate your feedback, ambassador; however, it would have been more helpful if the feedback was given during the 4 month drafting process, some glaring issues have been brought to my attention that I was not aware of."

[Youssath]

"I appreciate your feedback, ambassador; however, it would have been more helpful if the feedback was given during the 4 month drafting process, some glaring issues have been brought to my attention that I was not aware of."

"We were previously in favour of this resolution and have no prior objections to any articles in your resolution. However, after consultation with my regional delegates on the subject of your resolution along with the possible implications that may happen, we have decided to bring this to your attention should your proposal fail to pass. Not to worry Ambassador, we are not diplomatic brutes who simply call on the "holes and flaws" of your resolution without giving reasoning behind it. Although I must add, we do sincerely apologize for the lack of any contributions towards this resolution from the past four months."

"We will draft this into law however, should this resolution pass the General Assembly."

[West Carlisten]

After much scrutiny and careful thought, the Free and Federal Republic of West Carlisten has decided that the concerns raised by this proposal, in particular Section 3 Clause 4, are too grave to be outweighed by the potential benefits.
We believe that the way Section 3 Clause 4 is currently worded may prevent necessary data retention and enable criminals. We believe that the current phrasing may enable criminals to actively and legally conceal the flow of money and goods; if the criminals abuse the rights granted in this resolution, it would be effectively illegal for members to enforce laws against money laundering and similar crimes.
I believe that a resolution to protect privacy is necessary but not this one. The faults greatly outweigh the benefits, especially for nations that have already enacted privacy laws.

[Fulford]

I have stated before that at Fulford we believe how a company handles your data is the companies responsibility and the users that have signed up to use that company. As long as it has a status within the terms and conditions addressing user privacy then it is a companies divine right to be allowed to be allowed the use of the users data as long as they have agreed to the terms and conditions and end user licence agreement.

[Marxist Germany]

After much scrutiny and careful thought, the Free and Federal Republic of West Carlisten has decided that the concerns raised by this proposal, in particular Section 3 Clause 4, are too grave to be outweighed by the potential benefits.
We believe that the way Section 3 Clause 4 is currently worded may prevent necessary data retention and enable criminals. We believe that the current phrasing may enable criminals to actively and legally conceal the flow of money and goods; if the criminals abuse the rights granted in this resolution, it would be effectively illegal for members to enforce laws against money laundering and similar crimes.
I believe that a resolution to protect privacy is necessary but not this one. The faults greatly outweigh the benefits, especially for nations that have already enacted privacy laws.

"Ambassador, there are exceptions in section d of clause 4 which include transactions and criminal records."

[Kenmoria]

I have stated before that at Fulford we believe how a company handles your data is the companies responsibility and the users that have signed up to use that company. As long as it has a status within the terms and conditions addressing user privacy then it is a companies divine right to be allowed to be allowed the use of the users data as long as they have agreed to the terms and conditions and end user licence agreement.

(OOC: For the most part, this proposal agrees with you. Lots of the clauses are about ensuring consent and proper ability to consent, which would be in the terms and conditions anyway, specially the agreeing thereto. The only exception from this are clauses about allowing data viewing, which should be transparent from the terms and conditions in any case, and data deletion, which ought to be allowed by any fair license agreement.)

[West Carlisten]

After much scrutiny and careful thought, the Free and Federal Republic of West Carlisten has decided that the concerns raised by this proposal, in particular Section 3 Clause 4, are too grave to be outweighed by the potential benefits.
We believe that the way Section 3 Clause 4 is currently worded may prevent necessary data retention and enable criminals. We believe that the current phrasing may enable criminals to actively and legally conceal the flow of money and goods; if the criminals abuse the rights granted in this resolution, it would be effectively illegal for members to enforce laws against money laundering and similar crimes.
I believe that a resolution to protect privacy is necessary but not this one. The faults greatly outweigh the benefits, especially for nations that have already enacted privacy laws.

"Ambassador, there are exceptions in section d of clause 4 which include transactions and criminal records."

It says loans which is not the same thing.
And "criminal record" usually refers to the record of convictions, rather than criminal activity.
The phrasing is either insufficient or too unclear. We still believe that our concerns are valid and regrettably cannot endorse this proposal.

[Wallenburg]

"Ambassador, there are exceptions in section d of clause 4 which include transactions and criminal records."

It says loans which is not the same thing.
And "criminal record" usually refers to the record of convictions, rather than criminal activity.
The phrasing is either insufficient or too unclear. We still believe that our concerns are valid and regrettably cannot endorse this proposal.

The two examples provided are clearly not exhaustive. The exception exists for all cases in which a "clear and compelling safety or disciplinary reason" exists to retain the data.

[Reformed Cheriouff Synapogre]

Quick question: Why would anyone vote against this? It seems reasonable enough, anyone care to give their reasoning?

[Kenmoria]

Quick question: Why would anyone vote against this? It seems reasonable enough, anyone care to give their reasoning?

(OOC: The lemming effect, people voting with the majority, always has an effect. However, the main actual criticism of the proposal was explained by Youssath a few posts above.)

[West Carlisten]

It says loans which is not the same thing.
And "criminal record" usually refers to the record of convictions, rather than criminal activity.
The phrasing is either insufficient or too unclear. We still believe that our concerns are valid and regrettably cannot endorse this proposal.

The two examples provided are clearly not exhaustive. The exception exists for all cases in which a "clear and compelling safety or disciplinary reason" exists to retain the data.

While these examples are not exhaustive, we do not believe that the current phrasing is sufficient. It is the view of West Carlisten that your interpretation of this exception is too loose and non-literal and will not hold up before an impartial court.
Furthermore if your loose and non-literal manner of interpretation was applied to rest of the proposal, the existing exceptions could be interpreted in a way that would render the entire proposal almost meaningless:

If the entire proposal is interpreted loosely, an organisation may claim to collect data for the purpose of "crime prevention" (Clause 2, Section 2) which is not defined, may store it almost indefinitely for that purpose, then use that data for other purposes (which is not forbidden in the proposal) and further refuse to reveal that it has collected that data to avert harm from individuals associated with the organisation (Section 3 Clause 2).
Furthermore, since data collection for the purpose of crime prevention does not require user consent (Section 2 Clause 2) and is treated as exception, organisations would likely not be required to explicitly declare which data it collects for the purpose of crime prevention.
Also, organisations are only required to tell users about their usage of data when the user first interacts with the organisation or when the data collection policy changes (Clause 3 Section 1). There is no mention of the possibility that the organisation's policy on data usage may change nor is there a requirement to notify the user or a requirement that the user must consent to such changes.
Furthermore it is not clear how this proposal and its badly worded exceptions may affect better national privacy laws since the proposal does not address this.

This proposl is very badly worded with unclear scope which will at best create legal uncertainty and be unenforceable and at worst undermine existing national data protection laws and law enforcement.
West Carlisten cannot vote for a proposal that is more likely to harm existing privacy laws than actually provide for protection of data.

[Marxist Germany]

The two examples provided are clearly not exhaustive. The exception exists for all cases in which a "clear and compelling safety or disciplinary reason" exists to retain the data.

While these examples are not exhaustive, we do not believe that the current phrasing is sufficient. It is the view of West Carlisten that your interpretation of this exception is too loose and non-literal and will not hold up before an impartial court.
Furthermore if your loose and non-literal manner of interpretation was applied to rest of the proposal, the existing exceptions could be interpreted in a way that would render the entire proposal almost meaningless:

If the entire proposal is interpreted loosely, an organisation may claim to collect data for the purpose of "crime prevention" (Clause 2, Section 2) which is not defined, may store it almost indefinitely for that purpose, then use that data for other purposes (which is not forbidden in the proposal) and further refuse to reveal that it has collected that data to avert harm from individuals associated with the organisation (Section 3 Clause 2).
Furthermore, since data collection for the purpose of crime prevention does not require user consent (Section 2 Clause 2) and is treated as exception, organisations would likely not be required to explicitly declare which data it collects for the purpose of crime prevention.
Also, organisations are only required to tell users about their usage of data when the user first interacts with the organisation or when the data collection policy changes (Clause 3 Section 1). There is no mention of the possibility that the organisation's policy on data usage may change nor is there a requirement to notify the user or a requirement that the user must consent to such changes.
Furthermore it is not clear how this proposal and its badly worded exceptions may affect better national privacy laws since the proposal does not address this.

This proposl is very badly worded with unclear scope which will at best create legal uncertainty and be unenforceable and at worst undermine existing national data protection laws and law enforcement.
West Carlisten cannot vote for a proposal that is more likely to harm existing privacy laws than actually provide for protection of data.

"Ambassador, the examples that you provided all constitute bad faith interpretation, which is illegal under GA#2."

[West Carlisten]

"Ambassador, the examples that you provided all constitute bad faith interpretation, which is illegal under GA#2."

The member states have to carry these out in good in faith - this does not apply to private organisations. And the current text is simply unenforceable.

Also, it is the opinion of West Carlisten that inlcuding exceptions not provided for in the actual text of the proposal does not constitute good faith.

[Separatist Peoples]

"Ambassador, the examples that you provided all constitute bad faith interpretation, which is illegal under GA#2."

The member states have to carry these out in good in faith - this does not apply to private organisations. And the current text is simply unenforceable.

Also, it is the opinion of West Carlisten that inlcuding exceptions not provided for in the actual text of the proposal does not constitute good faith.

"Member states must regulate non-state actors when directed to do so by WA law."

[Youssath]

The member states have to carry these out in good in faith - this does not apply to private organisations. And the current text is simply unenforceable.

Also, it is the opinion of West Carlisten that inlcuding exceptions not provided for in the actual text of the proposal does not constitute good faith.

The Youssathian Ambassador turns to speak with the Carlistenian Ambassador after his speech regarding the resolution,

"Ambassador, as much as you are entitled to your own opinions and interpretations of this bill, I must disagree with your final take of this resolution as a whole. Frankly, what you've just said seems wrong to me, and we would like to remind you that GAR #213: Privacy Protection Act should also be considered as we speak of this matter."

"From your claim that 'organisations may claim to collect data for the purpose of crime prevention', I highly doubt that individuals will be caught unaware that their data is being held by private companies indefinitely or so. According to clause 3a, 'organisations must provide information on how they will use a user's data to the user explicitly' and that if they were to use that personal data 'for other purposes' as you say, they will be in breach of clause 3a in its entirely and will face punishment in accordance with clause 5a. That, of course, doesn't mean this resolution is perfect, as I have previously told the German ambassador in this very chamber that the use of broad ambiguous terms (to comply with section 3a) and the responsibility of the plaintiff (clause 5a) is more of a serious threat compared to what you've just said."

"Furthermore, to add on into this, most organizations who deal with crime prevention are mostly government or state-owned in the country. Very rarely do you see your local policeman being hired by private organizations - which I would call mercenaries at this point - and I will express concern on your country if law enforcement is being run by private organizations."

"With regards to your next statement that 'there is no mention of the possibility that the organisation's policy on data usage may change nor is there a requirement to notify the user or consent', I must say that you have misinterpreted the statement fully. Clause 3a states that 'organisations provide information on how they will use a user's data to the user explicitly ... when a major change to the data collection policy has been made'. That means that if there is a major data policy change that influences how the organization uses personal data and information, organizations are required to disclose their usage of personal data explicitly (which means, in express terms) that directly convey the meaning towards the individual."

"I also won't say that it is very badly worded. The German Ambassador surprises me with his great mastery of the English language in this proposal, although I must add I am a bit dismayed as I did not come in sooner to provide critique towards his work. Regardless, I think it's a positive step forward for sure!"

The Youssathian Ambassador then passes a similar note to the Carlistenian Ambassador. Hopefully, he might be able to change his mind with that.

[West Carlisten]

"From your claim that 'organisations may claim to collect data for the purpose of crime prevention', I highly doubt that individuals will be caught unaware that their data is being held by private companies indefinitely or so. According to clause 3a, 'organisations must provide information on how they will use a user's data to the user explicitly' and that if they were to use that personal data 'for other purposes' as you say, they will be in breach of clause 3a in its entirely and will face punishment in accordance with clause 5a. That, of course, doesn't mean this resolution is perfect, as I have previously told the German ambassador in this very chamber that the use of broad ambiguous terms (to comply with section 3a) and the responsibility of the plaintiff (clause 5a) is more of a serious threat compared to what you've just said."

"Furthermore, to add on into this, most organizations who deal with crime prevention are mostly government or state-owned in the country. Very rarely do you see your local policeman being hired by private organizations - which I would call mercenaries at this point - and I will express concern on your country if law enforcement is being run by private organizations."

"With regards to your next statement that 'there is no mention of the possibility that the organisation's policy on data usage may change nor is there a requirement to notify the user or consent', I must say that you have misinterpreted the statement fully. Clause 3a states that 'organisations provide information on how they will use a user's data to the user explicitly ... when a major change to the data collection policy has been made'. That means that if there is a major data policy change that influences how the organization uses personal data and information, organizations are required to disclose their usage of personal data explicitly (which means, in express terms) that directly convey the meaning towards the individual."

"I also won't say that it is very badly worded. The German Ambassador surprises me with his great mastery of the English language in this proposal, although I must add I am a bit dismayed as I did not come in sooner to provide critique towards his work. Regardless, I think it's a positive step forward for sure!"

First, I would privately like to thank you for your praise of my language skills.
Now we, West Carlisten, are aware of these other concerns and share them however they have been raised by others before us which is why we have chosen to focus on our own private reservations. We would like to thank you for reminding us of this previous resolution, however we do not believe that it resolves the concerns we have raised regarding this proposal since it only addresses governments, not private organisations and individuals.

We still believe that there is a significant difference between a data collection policy and a data usage policy. Therefore we believe that Clause 3 Section 1 does not actually require organisations to notify users of changes to the latter and certainly do not require their consent as Clase 2 Section 2 only requires consent for data collection.
One of the fundamental principles of our justice system is nulla poena sine lege (no penalty without law), which means that we can only enforce criminal sanctions, fines or damages for acts that violate the actual letter of the law. We cannot, in good faith, sanction individuals or organisations for violating the spirit but not the letter of a badly phrased assembly resolution. Therefore we continue to believe that Clause 3 Section 1 is in most cases effectively unenforceable.

We would like to note that crime prevention and law enforcement are not the same thing. Law enforcement, with narrow exceptions for acute crimes, is indeed the responsibility of the government and not private organisations. However crime prevention may carried out by any person. The common definition of crime prevention includes acts crried out by private individuals and organisations such as:

• attempting to prevent the use of private premises or an online platform for criminal purposes;
• attempting to prevent theft;
• attempting to prevent the illegal mass distribution of copyrighted materials;
• attempting to prevent fraud;
• reporting suspected criminals or suspected crimes to the police;

For these purposes, organisations and individuals have traditionally used a variety of means and collected a variety of data. Among these are private surveillance devices, such as cameras, the collection of various personal data, including financial history, names, birth dates, things such as social security or tax numbers, addresses, phone numbers and bank accounts and finally the comparison/evaluation of statements to discover inconsistencies and lies indicative of fraud or other crimes or criminal intent.
The fact that this clause includes such an extremely vague phrase and then explicitly states that user consent is not required for data collected under this vague and broad exception is of grave concern. We are still currently analysing our own laws and the possible scope of this vague phrase but we believe that West Carlisten might be forced to repeal some of our existing privacy protections to comply with this terribly worded clause.

Furthermore, since "crime prevention" is generally considered a positive goal and a primary purpose of government, Assembly members interpreting the exception in Clause 2 Section 2 in the broadest possible manner should not be considered to be in violation of good faith. This means that nations may choose to effectively allow almost any data collection without user consent.

Finally we would like to reiterate that West Carlisten considers this proposal to be full of bad or unclear phrasing and holes and that it would nt be possible for us to enforce the well-intentioned spirit of this proposal without violating its letter and the principle of nulla poena sine lege and thus good faith.
We regret that we must consider this proposal to be an obstacle in our desire to extend and hormanise privacy protections internationally.