NationStates

2. Prohibits:
d. Governments of member states from viewing the personal data of a minor, or user without explicit prior consent from both the organisation in possession of the personal data and the guardian of the minor, or user to which the data belongs, unless the user has consented to their personal data being shared with authorities as necessary, as a condition to use the services of the organisation and the personal data collected was for crime prevention, or a judicial order has been issued;

"the personal data collected was for crime prevention" is overly broad and therefore opens up absolutely everything to abuse and defeats the entire purpose of the resolution.

Rondebosch wrote:

2. Prohibits:
d. Governments of member states from viewing the personal data of a minor, or user without explicit prior consent from both the organisation in possession of the personal data and the guardian of the minor, or user to which the data belongs, unless the user has consented to their personal data being shared with authorities as necessary, as a condition to use the services of the organisation and the personal data collected was for crime prevention, or a judicial order has been issued;

"the personal data collected was for crime prevention" is overly broad and therefore opens up absolutely everything to abuse and defeats the entire purpose of the resolution.

(OOC: Note that it is ‘unless the user has consented to their personal data being shared’ and ‘the personal data collected was for crime prevention’. Consent must always be attained, unless a judicial order has been issued.)

It doesn't say that anywhere and various sections contradict that, including

2. Prohibits:

a. Organisations from collecting or storing the personal data of any minor without the explicit consent of their guardian except when the guardian cannot be contacted and it is not in the best interests of the minor to do so, such as cases of child abuse, or unless the business is unable to verify the age of the user;

b. Organisations from collecting or storing personal data of any non-minor individual without their explicit consent except for crime prevention, such as CCTV cameras, unless the individual cannot consent and the personal data is required for an emergency, or unless the data is used exclusively for journalistic purposes;

These terms are all too broad and not properly defined. I agree with the spirit of the resolution but the language isn't nearly tight enough to prevent almost everything in it from being circumvented.

Vote against Data Protection Accord
Intent of the resolution is good.
However, in real life this just creates expenses for internet service providers, such as:
1. They need to actually start identifying their users, <- this decreases the privacy.
2. They need to start verifying their users age.
It creates problems for all kinds of organizations:
3. They have to create system that allows persons to request their data
4. They have to track all kind of legislation differences in all countries of world (specifically clause 1.b - what is definition of minor ).
5. They have to implement data removal schemes and procedures.
Only actual real-life result is:
a. New cast of layers is created that make a good living on suing (or defending) companies that had essentially done nothing wrong. << this is most important effect
b. Small companies of any sort are very disproportionally affected by costs of the system. Because cost is generally per business, not per user. Big companies can use this (through proxies) as ways to deter competition.
c. Everyone secretly understands that it is impossible to fully comply, so basically only choice is to do it formally and swallow the litigation costs.

Real life examples that suffer from real life GDPR are following. I specially selected ones that is in line with the nationstates resolution.
1. Your local small retail loyalty card programme. Lets say for children toys retailer. While they technically always had data on you, before they had no technical way to actually pull all the data on a specific individual. To comply they had to create that system.
2. Your local children library.
3. Municipality’s public bus service provider that provides children discounts.
4. Hobby website, such as this one. How do you know I am not a minor, hmm? (I am adult actually)

Make no mistake, the likes of Facebook, Google or "Cambridge Data Mining company" does not suffer at all.
Good luck even for small foreign country government to get a penny out of Facebook!

On a side note to explain the previous post :
Please notice that your local Facebook Ltd is completely different legal entity probably named “YourRegion Advertisment Guru” and only sells advertisements and services ( collects the money) as any other advertisement agency. It has nothing to do with that internet site. It pays the interest on the loan to your local Luxemburg Facebook offices, that are also named completely different without having Facebook in the name, and are separate legal entity. Only your Fecebook Ireland is independent legal entity that finally happens to pay everything it gets as huge royalties to Facebook AG (you know, for that valuable IP of course). I will leave it to your own imagination to figure out the exact way how money is transferred from Luxemburg Facebook offices to Fecebook Ireland.
As you understand all those legal entities have no profit all. You must understand - they are basically charities. (Idea: they must apply for such specific status. Sad thought: some of them may already have applied ).
And neither of them will pay for any data breach. Nor the Facebook website will do, because, you know, the website generates no business in your country. But you know that already, don’t you.

(Please correct the company names for your real life region yourself)

"We cannot believe this deeply misguided regulation of our corporate citizens have been proposed in this assembly." Jennifer shouts as she slams her hands on the table.

"There's even a typo in the clause defining what an Organisation is, with double ands! Clearly, one of the many editors in Aranoff were not contracted with to help evaluate the editing of this scenario.

"Data is a vital currency in all our lives, and these platforms are free to use because we provide data as payment. Aranoff's marketers and social media sites work in partnership to help drive so many products from member nations, that this resolution threatens, not only OUR GDP growth and profitability, but also of many members of this body. It is a shame that this will pass, forcing companies to put clauses into their services that no one will read, and click on, and require horrific legal consequences for all those interpreting this over-extended regulation.

"'and and'" Jennifer quotes from the proposal in disgust, waving her hands above her to bat away reporters as she storms out of the assembly room.

Rondebosch wrote:It doesn't say that anywhere and various sections contradict that, including

2. Prohibits:

a. Organisations from collecting or storing the personal data of any minor without the explicit consent of their guardian except when the guardian cannot be contacted and it is not in the best interests of the minor to do so, such as cases of child abuse, or unless the business is unable to verify the age of the user;

b. Organisations from collecting or storing personal data of any non-minor individual without their explicit consent except for crime prevention, such as CCTV cameras, unless the individual cannot consent and the personal data is required for an emergency, or unless the data is used exclusively for journalistic purposes;

These terms are all too broad and not properly defined. I agree with the spirit of the resolution but the language isn't nearly tight enough to prevent almost everything in it from being circumvented.

OOC: If you cannot understand what "Journalistic Purposes" means, then I do not know how I am supposed to help you, and an emergency is quite obvious; keep in mind nations have to comply in good faith under GA#2.

Aranoff wrote:"We cannot believe this deeply misguided regulation of our corporate citizens have been proposed in this assembly." Jennifer shouts as she slams her hands on the table.

"There's even a typo in the clause defining what an Organisation is, with double ands! Clearly, one of the many editors in Aranoff were not contracted with to help evaluate the editing of this scenario.

"Data is a vital currency in all our lives, and these platforms are free to use because we provide data as payment. Aranoff's marketers and social media sites work in partnership to help drive so many products from member nations, that this resolution threatens, not only OUR GDP growth and profitability, but also of many members of this body. It is a shame that this will pass, forcing companies to put clauses into their services that no one will read, and click on, and require horrific legal consequences for all those interpreting this over-extended regulation.

"'and and'" Jennifer quotes from the proposal in disgust, waving her hands above her to bat away reporters as she storms out of the assembly room.

"Well, clearly a typo is not the end of the world, and besides, you had over 9 months to make that comment and decided to do it now. Methinks that maybe you should not be so condescending."

Rondebosch wrote:It doesn't say that anywhere and various sections contradict that, including

2. Prohibits:

a. Organisations from collecting or storing the personal data of any minor without the explicit consent of their guardian except when the guardian cannot be contacted and it is not in the best interests of the minor to do so, such as cases of child abuse, or unless the business is unable to verify the age of the user;

b. Organisations from collecting or storing personal data of any non-minor individual without their explicit consent except for crime prevention, such as CCTV cameras, unless the individual cannot consent and the personal data is required for an emergency, or unless the data is used exclusively for journalistic purposes;

These terms are all too broad and not properly defined. I agree with the spirit of the resolution but the language isn't nearly tight enough to prevent almost everything in it from being circumvented.

(OOC: Your original comment was about governments, whereas those clauses are about organisations. To echo what Marxist Germany said, ‘crime prevention’, ‘emergency’ and ‘journalistic purposes’ are all quite simple terms. Proposals shouldn’t define terms unless there are multiple plausible meanings or they are technical ones.)

Marxist Germany wrote:-snip-
Hereby,

1. Defines the following for the purpose of this resolution:
   1. An "organisation" as an entity that collects data from its users, and and is not run by the government of the nation which the individual whose data the entity collects is from;
   2. A "minor" as a person under the age of majority not going through a transitional period into adulthood, as determined by the home member-state of the minor;
   3. A "guardian" as an individual legally responsible for the protection and care of a minor;
   4. "personal data" as data that can be used to identify an individual;
   5. A "user" an individual who is not a minor; who uses or has used the services of, or is a member or has been a member of, an organisation;
2. Prohibits:
   1. Organisations from collecting or storing the personal data of any minor without the explicit consent of their guardian except when the guardian cannot be contacted and it is not in the best interests of the minor to do so, such as cases of child abuse, or unless the business is unable to verify the age of the user;
   2. Organisations from collecting or storing personal data of any non-minor individual without their explicit consent except for crime prevention, such as CCTV cameras, unless the individual cannot consent and the personal data is required for an emergency, or unless the data is used exclusively for journalistic purposes;
   3. Organisations from using personal data collected from any individual to intentionally and maliciously cause harm or severe distress to the individual the data belongs to;
   4. Governments of member states from viewing the personal data of a minor, or user without explicit prior consent from both the organisation in possession of the personal data and the guardian of the minor, or user to which the data belongs, unless the user has consented to their personal data being shared with authorities as necessary, as a condition to use the services of the organisation and the personal data collected was for crime prevention, or a judicial order has been issued;

I'm sorry, but I have several issues with this. Firstly, see my strikeout in line 1(a) (Yes, I know I'm not the first one to pick up on this).

Secondly, you seem to use the word 'user' in your first prohibition without regard to the meaning you have set; by definition, a 'user' is not a minor. To prevent data collection on a minor because a user's age cannot be verified (keeping in mind that a user cannot be a minor per your definition) makes little sense to me.

Thirdly, wouldn't 'non-minor individual' simply be a user? I can scarcely see a circumstance wherein a 'non-minor individual' whose data is being collected by an organisation does not fit the definition of a 'user'.
Your last prohibition also seems a tad dicey due to the exception made in the definition of 'organisation' for government-run entities, since it seems as though you are attempting to curtail a government's own ability to record its own data. In particular, for a government-run entity (which isn't an organisation), explicit consent from either the user or guardian is still required. It would be practically impossible to enforce, and hugely inconvenient.

The definitions/language used isn't quite right to achieve the aims of the proposal. I like the idea behind it, though.
I didn't find anything objectionable in the mandate section. I am against this proposal, mainly for the reasons outlined above.

OOC: Congrats, MG.

Tinhampton wrote:

Data Protection Accord was passed 11,297 votes to 2,875.

(OOC: Congratulations, MG!)

Morover wrote:OOC: Congrats, MG.

Kenmoria wrote:

Tinhampton wrote:

Data Protection Accord was passed 11,297 votes to 2,875.

(OOC: Congratulations, MG!)

OOC: Thanks!

IC: "Finally, months of tireless nights debating, drafting, and campaigning for this have paid off. I can finally take a break and start focusing on Security Council Resolutions for a bit... or maybe not." He grins as he leaves the debate room.