Advertisement
by Maowi » Thu Dec 05, 2019 12:50 pm
by Kenmoria » Thu Dec 05, 2019 2:11 pm
by Marxist Germany » Fri Dec 06, 2019 9:29 am
by Marxist Germany » Wed Dec 11, 2019 1:53 am
by Araraukar » Sun Dec 15, 2019 9:54 am
Apologies for absences, non-COVID health issues leave me with very little energy at times.Giovenith wrote:And sorry hun, if you were looking for a forum site where nobody argued, you've come to wrong one.
by Marxist Germany » Sun Dec 15, 2019 11:41 am
Araraukar wrote:OOC: It's in queue.
by Araraukar » Sun Dec 15, 2019 12:16 pm
Apologies for absences, non-COVID health issues leave me with very little energy at times.Giovenith wrote:And sorry hun, if you were looking for a forum site where nobody argued, you've come to wrong one.
by Marxist Germany » Sun Dec 15, 2019 12:58 pm
by Morover » Sat Dec 21, 2019 6:01 pm
Against for a few reasons.
- The definition of "organisation" allows foreign governments (including non-member-nation governments) to create organisations which do not have to follow the provisions laid out by the proposal. It would be fine if it said something along the lines of ", not run by the government of the nation from which the individual whom the entity collects information from;", but I cannot support it in its current state.
- Under the definition of "minor", is not the entirety of childhood a transitional period into adulthood?
- 2(a) has a few problems. One huge thing that may have been overlooked (or perhaps I'm misreading it) is that it says "and it is not in the best interests of the minor to do so", when it probably should be when it is in the best interest of the minor to do so. I'm going to proceed with these issues assuming that that section of the clause has its intended effect. Another issue I have with it is similar to the definition of "organisation" - it is a very broad statement to say "national governments", without specifying which national government. At the wording of the proposal, so long as any nation says it's in the best interest of the minor (which, frankly, is not reputable if the government itself does not have the best interest of the minor in mind), the business can go ahead and proceed with collecting and storing the minor's information. Additionally, it is an unreasonable burden to put on a government to have them be the approval factor of this, considering that what ould be in the best interest of the minor would have to be judged from a case-to-case basis, and for nations of a billion people or more, this is completely unreasonable. Finally, the last part of this clause, that a nation would need to be unable to verify the age of the user nullifies the rest of the clause - how would a nation be able to confirm that the storing or collecting of a minors data would benefit them, if its impossible to verify the status of the "minor," anyways? Would the nation itself not be able to confirm that for the business, thus making the exceptions provided by the clause useless (considering the use of "and" as opposed to "or" in the clause)?
- 2(e) prevents the sharing of data from within the organisation itself, which is an unreasonable demand.
- 2(f) doesn't cover non-member-states. It should be worded in a way that prevents corporations/organisations which harbor information about the residents/citizens of a member-state from sharing the information with the government of any nation, notwithstanding the provisions granted by the clause. I don't know how close this would be to legislating on non-member-states, but its unreasonable to allow non-member-states to have free reign over the information of residents of member-states, especially when said non-member-states have no restrictions as to how they use the information. At this rate, an ultra-authoritarian member-state may very well create a proxy state, not under the jurisdiction of the World Assembly, to buy the information off of Organisations, and then sell that information back to the member-state. It's just speculation, but I could definitely see that happening.
- 3(a) leads to long-winded terms of use and privacy conditions being written, making users less likely to read said conditions. While they still consented for the purposes of the proposal (which also affects several subclauses of 2, but I figured I'd just sum it up here), they don't really know what they're getting into. I find it unreasonable to assume that the average citizen would read a long-winded explanation of privacy conditions that would inevitably result from this proposal.
- 3(c) ("That collect or store personal data remove it from their database") makes no sense to me. Maybe I had a stroke, though. Who knows?
- 3(e) makes it so that if an organisation is aware of a users death through some means, but is never explicitly told about it, they don't have to remove the data.
- I dislike that 3(f) makes it so that users can directly edit the information, as that could definitely tamper with law enforcement, or even just census information. I would've made it so that users can request a change, though I don't know exactly how to enforce it reasonably. Still, how it is now needs improvement.
- Under 3(g), who is authorized? The CEO? Anybody who the organisation decides is? It's too vague.
- It's probably due to my lack of knowledge on the subject as a whole, but I have no idea what 3(h) means.
- Clause 4 clarifying "or if the user provides falsified personal data" seems a bit odd to me. I'm not strictly opposed to it, but it just is a weird thing to clarify.
by Marxist Germany » Sun Dec 22, 2019 6:47 am
Morover wrote:
- The definition of "organisation" allows foreign governments (including non-member-nation governments) to create organisations which do not have to follow the provisions laid out by the proposal. It would be fine if it said something along the lines of ", not run by the government of the nation from which the individual whom the entity collects information from;", but I cannot support it in its current state.
Under the definition of "minor", is not the entirety of childhood a transitional period into adulthood?
2(a) has a few problems. One huge thing that may have been overlooked (or perhaps I'm misreading it) is that it says "and it is not in the best interests of the minor to do so", when it probably should be when it is in the best interest of the minor to do so. I'm going to proceed with these issues assuming that that section of the clause has its intended effect.
Another issue I have with it is similar to the definition of "organisation" - it is a very broad statement to say "national governments", without specifying which national government. At the wording of the proposal, so long as any nation says it's in the best interest of the minor (which, frankly, is not reputable if the government itself does not have the best interest of the minor in mind), the business can go ahead and proceed with collecting and storing the minor's information. Additionally, it is an unreasonable burden to put on a government to have them be the approval factor of this, considering that what ould be in the best interest of the minor would have to be judged from a case-to-case basis, and for nations of a billion people or more, this is completely unreasonable.
Finally, the last part of this clause, that a nation would need to be unable to verify the age of the user nullifies the rest of the clause - how would a nation be able to confirm that the storing or collecting of a minors data would benefit them, if its impossible to verify the status of the "minor," anyways? Would the nation itself not be able to confirm that for the business, thus making the exceptions provided by the clause useless (considering the use of "and" as opposed to "or" in the clause)?
2(e) prevents the sharing of data from within the organisation itself, which is an unreasonable demand.
2(f) doesn't cover non-member-states. It should be worded in a way that prevents corporations/organisations which harbor information about the residents/citizens of a member-state from sharing the information with the government of any nation, notwithstanding the provisions granted by the clause. I don't know how close this would be to legislating on non-member-states, but its unreasonable to allow non-member-states to have free reign over the information of residents of member-states, especially when said non-member-states have no restrictions as to how they use the information. At this rate, an ultra-authoritarian member-state may very well create a proxy state, not under the jurisdiction of the World Assembly, to buy the information off of Organisations, and then sell that information back to the member-state. It's just speculation, but I could definitely see that happening.
3(a) leads to long-winded terms of use and privacy conditions being written, making users less likely to read said conditions. While they still consented for the purposes of the proposal (which also affects several subclauses of 2, but I figured I'd just sum it up here), they don't really know what they're getting into. I find it unreasonable to assume that the average citizen would read a long-winded explanation of privacy conditions that would inevitably result from this proposal.
3(c) ("That collect or store personal data remove it from their database") makes no sense to me. Maybe I had a stroke, though. Who knows?
3(e) makes it so that if an organisation is aware of a users death through some means, but is never explicitly told about it, they don't have to remove the data.
I dislike that 3(f) makes it so that users can directly edit the information, as that could definitely tamper with law enforcement, or even just census information. I would've made it so that users can request a change, though I don't know exactly how to enforce it reasonably. Still, how it is now needs improvement.
Under 3(g), who is authorized? The CEO? Anybody who the organisation decides is? It's too vague.
It's probably due to my lack of knowledge on the subject as a whole, but I have no idea what 3(h) means.
Clause 4 clarifying "or if the user provides falsified personal data" seems a bit odd to me. I'm not strictly opposed to it, but it just is a weird thing to clarify.
by Morover » Sun Dec 22, 2019 8:25 am
Morover wrote:
- The definition of "organisation" allows foreign governments (including non-member-nation governments) to create organisations which do not have to follow the provisions laid out by the proposal. It would be fine if it said something along the lines of ", not run by the government of the nation from which the individual whom the entity collects information from;", but I cannot support it in its current state.
The current form says "a government", which means it cannot be controlled by any government, I will change it to "any" if you wish.
Under the definition of "minor", is not the entirety of childhood a transitional period into adulthood?
This one was tricky to tackle, which is why I will ad "as defined by national governments", as is the case for the definition of "adolescent".
2(a) has a few problems. One huge thing that may have been overlooked (or perhaps I'm misreading it) is that it says "and it is not in the best interests of the minor to do so", when it probably should be when it is in the best interest of the minor to do so. I'm going to proceed with these issues assuming that that section of the clause has its intended effect.
Oh no, that means if it is not in the best interest of the minor to contact the guardian.
Finally, the last part of this clause, that a nation would need to be unable to verify the age of the user nullifies the rest of the clause - how would a nation be able to confirm that the storing or collecting of a minors data would benefit them, if its impossible to verify the status of the "minor," anyways? Would the nation itself not be able to confirm that for the business, thus making the exceptions provided by the clause useless (considering the use of "and" as opposed to "or" in the clause)?
That was indeed an error I forgot to rectify that was brought up by Kenmoria previously. I was going to remove the proposal from queue for that reason and you just happened to post these helpful criticisms.
2(e) prevents the sharing of data from within the organisation itself, which is an unreasonable demand.
I am not sure how I can fix this issue, I will ask Kenmoria about this.
2(f) doesn't cover non-member-states. It should be worded in a way that prevents corporations/organisations which harbor information about the residents/citizens of a member-state from sharing the information with the government of any nation, notwithstanding the provisions granted by the clause. I don't know how close this would be to legislating on non-member-states, but its unreasonable to allow non-member-states to have free reign over the information of residents of member-states, especially when said non-member-states have no restrictions as to how they use the information. At this rate, an ultra-authoritarian member-state may very well create a proxy state, not under the jurisdiction of the World Assembly, to buy the information off of Organisations, and then sell that information back to the member-state. It's just speculation, but I could definitely see that happening.
This is a reasonable criticism, however, I think it would fall under metagaming due to legislating on non member states. I will ask for Gensec opinion.
3(a) leads to long-winded terms of use and privacy conditions being written, making users less likely to read said conditions. While they still consented for the purposes of the proposal (which also affects several subclauses of 2, but I figured I'd just sum it up here), they don't really know what they're getting into. I find it unreasonable to assume that the average citizen would read a long-winded explanation of privacy conditions that would inevitably result from this proposal.
This is the case IRL, its not the business' fault that users dont read ToS or the contract.
3(c) ("That collect or store personal data remove it from their database") makes no sense to me. Maybe I had a stroke, though. Who knows?
It's supposed to go "Mandates that organisations ... that collect or store personal data..."
Clause 4 clarifying "or if the user provides falsified personal data" seems a bit odd to me. I'm not strictly opposed to it, but it just is a weird thing to clarify.
Ehh, doesn't hurt, I might remove it if I overstep the character limit by a long shot.
by Kenmoria » Sun Dec 22, 2019 9:19 am
Marxist Germany wrote:[*]2(e) prevents the sharing of data from within the organisation itself, which is an unreasonable demand.
I am not sure how I can fix this issue, I will ask Kenmoria about this.
[*]Clause 4 clarifying "or if the user provides falsified personal data" seems a bit odd to me. I'm not strictly opposed to it, but it just is a weird thing to clarify.[/list]
Ehh, doesn't hurt, I might remove it if I overstep the character limit by a long shot.
by Marxist Germany » Sun Dec 22, 2019 9:49 am
Kenmoria wrote:Marxist Germany wrote:I am not sure how I can fix this issue, I will ask Kenmoria about this.
(OOC: Append ‘excluding internal transference of data inside the organisation’, or wording to that effect to the end of the clause.Ehh, doesn't hurt, I might remove it if I overstep the character limit by a long shot.
I recommend not removing it, but you could reduce the character count by using ‘untrue’ instead of ‘falsified’.)
by Marxist Germany » Mon Dec 30, 2019 6:45 am
by Maowi » Mon Dec 30, 2019 8:38 am
Marxist Germany wrote:Lauding the previous efforts of this assembly to protect privacy rights through previous legislation such as GA #213 Privacy Protection Act,
[*]Defines the following for the purpose of this resolution:
[*]An "organisation" as an entity that collects data from its users, and is not run by the government of the nation from which the individual whom the entity collects data is from;
[*]A "user" as an adult, or a person under the age of majority going through a transitional period into adulthood, as determined by the home member-state of the user; who uses or has used the services of, or is a member or has been a member of, an organisation;
[*]Organisations from collecting or storing personal data from any individual without their explicit consent except for crime prevention, such as CCTV cameras, unless the individual cannot consent and the personal data is required for an emergency, or unless the data is used exclusively for journalistic purposes;
[*]Organisations from storing received personal data from other organisations without the prior explicit consent of the user the data belongs to;
[*]Organisations from sharing the personal data of a user without their prior explicit consent, excluding internal transference of data inside the organisation;
[*]Governments of member states from viewing the personal data of a user without explicit prior consent from both the organisation in possession of the personal data and the user to which the data belongs, unless the user has consented to their personal data being shared with authorities as necessary, as a condition to use the services of the organisation and the personal data collected was for crime prevention, or a judicial order has been issued;
[*]Mandates that organisatons:[list=a]
[*]Provide fully detailed information on how they will use or share a user's personal data to the user explicitly when they interact with the organisation for this first time and when a major change to the data collection or usage policy has been made;
Which collect or store personal data remove it from their database if the data is no longer relevant to the services used by the user, or if the user ceases to use the services of or ceases to be a member of, the organisation; (replace that semicolon with a comma) unless the user, consents to that explicitly and clearly, or unless there is a clear and compelling safety or disciplinary reason to do otherwise such as loans, transactions, or disciplinary records;
[*]Allow individuals to request the removal of their personal data, and act upon these requests, unless it falls under an exception mentioned in clause 3c above;
[*]Remove personal data of a user if the organisation is aware of the user's death, subject to exceptions in clause 3c;
[*]Allow users to request that data stored on them by the organisation be edited, and act upon these requests, if the data stored is incorrect;
[*]Take reasonable measures to ensure the personal data being stored by the organisation is not accessed by unauthorised persons, such as persons not working in the organisation or persons inside the organisation but are unauthorised to access the data;
[*]Take reasonable measures to ensure the transfer of personal data to another organisation under a user's request is performed in a reasonable time frame, subject to national legislation;
[*]Declares that an organisation can prohibit a person from using the services of or joining the organisation if the individual does not consent to the personal data collection policy of the organisation, or if the user provides falsified personal data.
by Quirinum » Tue Dec 31, 2019 1:46 am
by Marxist Germany » Tue Dec 31, 2019 2:32 pm
by Maowi » Tue Dec 31, 2019 8:04 pm
by Marxist Germany » Tue Dec 31, 2019 9:06 pm
Maowi wrote:OOC: 3.a. - "Provide fully detailed information on how they will use or share a user or minor's personal data to the user or their guardian explicitly when they interact with the organisation for this first time and when a major change to the data collection or usage policy has been made, except when the organisation has no means of communicating with the user or guardian", I think
by Kenmoria » Wed Jan 08, 2020 12:37 am
by Marxist Germany » Wed Jan 08, 2020 2:27 am
Kenmoria wrote:(OOC: This has been re-submitted, hopefully for the last time.)
by Candlewhisper Archive » Fri Jan 10, 2020 10:41 am
"personal data" as data that can be used to identify an individual;
Prohibits:
Organisations from collecting or storing the personal data of any minor without the explicit consent of their guardian
by Marxist Germany » Fri Jan 10, 2020 11:26 am
Candlewhisper Archive wrote:I note that this legislation makes it illegal for a teacher to keep a class register without the explicit permission of the student's parents. Likewise, if a parent were to write down a Christmas card list formed of the names of each student in their kids' class, they'd be unable to do this without the explicit permission of each student's parents.
The ridiculousness here comes from sloppy language."personal data" as data that can be used to identify an individual;
...could include a child's names, or initials, or a verbal description of their appearance.
Prohibits:
Organisations from collecting or storing the personal data of any minor without the explicit consent of their guardian
...is a ridiculous level of bureaucracy to impose in situations where implied consent is more than adequate.
If you enrol a child in a school, there is implied consent that they will need to exist on various paper and electronic databases. If you book a theatre ticket in a child's name, there is implied consent that the theatre can track the ticket number as being associated with a child. If a child signs a book of condolences at a funeral, there is implied consent for that name to be in there.
What is not needed is explicit consent.
Sensible data protection is sensible. Reasonable use of information is reasonable. Information governance demands the exercise of common sense and reason, and measured use of documentation.
Blanket prohibitions with no sense of nuance or subtlety are bureaucratic nonsense.
I urge you all to vote against this resolution.
by Kenmoria » Fri Jan 10, 2020 11:39 am
Quirinum wrote:Privacy is a very decadent opinion felt by "enlightenment" states. The descendants of the ancient world see no privacy. Society and the state are one. The public thing ought to have no limitation in evaluating the rights of its public figures. How can one determine the fitness of a politician but by looking to how they treat their neighbours? And there are no citizens who are not public figures: those who are not public figures are idiotes who refuse to do their duty. They forfeit any claim to privacy by clinging to selfishness.
by WayNeacTia » Sat Jan 11, 2020 3:49 am
RiderSyl wrote:You'd really think that defenders would communicate with each other about this. I know they're not a hivemind, but at least some level of PR skill would keep Quebecshire and Quebecshire from publically contradicting eac
wait
Advertisement
Users browsing this forum: No registered users
Advertisement