数据保护和 Web 2.0 网站

发布于 2024-07-06 18:20:28 字数 1477 浏览 12 评论 0原文

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

伴我老 2024-07-13 18:20:28

Blowdart 的回答很好,尽管我想知道那些本质上与多个个体相关的数据——比如 Facebook 消息或墙贴。 或者甚至是包含多个人姓名的 PDF - 如果其中一个人要求删除该信息怎么办? 我想您将被允许保留这些数据。

无论如何,这不是我的答案。 我的回答是关于“谁负责”的问题。 虽然数据控制者(您的客户)确实根据立法负有责任,但您作为专业顾问可能对他们负有责任。 因此,如果他们被起诉,他们可能会因您提供不完整或错误的建议而要求您赔偿损失。

我建议您让他们了解立法,建议他们聘请律师(周围有很多专门从事信息法的好律师),并将其以书面形式记录下来。 您将为客户提供服务,同时保护自己。

如果您正在托管该应用程序,那么情况可能会略有不同 - 根据数据保护法有一个“局”注册,这可能适合这里,但无论如何您应该自己寻求一些法律建议。

这些都不太可能适用于作为雇员的您,但可能适用于您作为供应商的雇主。

Blowdart's answer is great although I wonder about data which intrinsically relates to more than one individual - like a Facebook message or wall posting. Or even a PDF which contains the names of multiple individuals - what if one of them asked for the information to be deleted? I imagine that you would be allowed to retain that data.

Anyway that's not my answer. My answer is on the question of 'who is responsible'. While the data controller (your client) is indeed responsible under the legislation, you as a professional adviser may have a duty to them. So if they were prosecuted they might pursue you for damages for providing incomplete or wrong advice.

I would recommend that you make them aware of the legislation, advise them to get a lawyer (there are lots of good ones around who specialise in information law), and put it in writing. You'll be doing the client a service and protecting yourself at the same time.

If you are hosting the application then the position may be slightly different - there is a 'bureau' registration under the data protection act which may be appropriate here, but in any case you should probably take a bit of legal advice yourself.

None of this is likely to apply to you as an employee, but it may apply to your employers as a supplier.

梦幻之岛 2024-07-13 18:20:28

声明数据无法删除当然不符合欧盟数据保护法; 我们有权要求删除并要求不共享; 基本上我们可以期望数据得到

  • 公平合法的处理,
    -为特定目的进行处理,且不以任何与这些目的不相符的方式进行处理,
  • 充分、相关且不过分、
  • 准确、
  • 保存时间不超过必要的时间、
  • 根据个人的合法权利进行处理、
  • 安全保存、
  • 转移到欧洲以外的国家经济区,只有个人的权利能够得到保证。

因此,当用户关闭帐户时不删除可以说违反了“保留时间不超过必要的时间”。

责任由数据控制者承担; 收集和处理数据的公司。 如果您没有参与系统的日常运行,如果您将其出售给客户并由他们管理系统,那么这是他们的问题。

你应该减轻一点吗? 嗯,这是主观的; 就我个人而言,在英国,我会考虑这些事情; 因为无论任何商业方面,隐私都很重要。

要解决有关从社交网络应用程序中删除的问题,这根本不重要。 无论应用程序本身如何,都必须删除数据。 现在问题是个人信息,所以您可能会认为这只是姓名、出生日期等; 但是,如果评论泄露了可识别信息怎么办? 这有点像雷区。 最安全的选择就是用核武器摧毁一切。 此外,由于在网络上显示信息意味着它可能/将被转移到欧盟之外,因此您在用户注册时应该获得明确的许可,英国信息专员有 指南

插入标准我不是律师,这不是法律建议免责声明< /em>

Stating that data cannot be deleted is certainly not compliant with EU data protection laws; where we have the right to request deletion and request that it not be shared; basically we can expect that data is

  • fairly and lawfully processed,
    -processed for specified purposes and not in any manner incompatible with those purposes,
  • adequate, relevant and not excessive,
  • accurate,
  • kept for no longer than is necessary,
  • processed in line with the individual’s legal rights,
  • kept securely,
  • transferred to countries outside the European Economic Area, only if the individual’s rights can be assured.

So not deleting when a user closes his account is arguably in breach of "kept for no longer than necessary".

The responsibility lies with the data controller; the company who collects and processes the data. If you have no involvement with day to day running of the system, if you have sold it to clients and they administer the system, then it's their problem.

Should you lighten up? Well that's subjective; personally, being in the UK, I take these things into account; because privacy is important, regardless of any commercial aspect.

To deal with your question about deleting from a social networking application it simply doesn't matter. The data must be deleted regardless of the application itself. Now it's personal information that is the problem, so you may assume that it's just names, dates of birth etc; however what if a comment gives identifiable information away? It's a bit of a minefield. The safest option is simply to nuke everything. In addition because displaying the information on the web means it may/will be transferred outside the EU you should have explicit permission for this when users sign up, the UK Information Commissioner has guidelines

Insert standard I am not a lawyer, this is not legal advice disclaimer here

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文