Deputy Speaker of the State Duma Boris Chernyshov (LDPR) proposed that the head of the Ministry of Digital Development Maksut Shadayev introduce fines for online services for collecting and processing excessive personal data. However, experts point out that the principle of data minimization is already enshrined in the legislation on personal data, and similar provisions are contained in the law on consumer protection. Will duplicating laws help in the fight against data redundancy? RSpectr reports .
The Association of Companies for the Protection and Storage of Personal Data evaluates this initiative positively. "State Duma deputies and the state as a whole have actively addressed issues
content writing service of regulation, the formation of approaches and requirements in the field of personal data protection, as well as issues of their safe storage," said the Chairman of the Association, Alexander Silchenko, in a conversation with RSpectr.
Alexander Silchenko, Association of Companies for the Protection and Storage of Personal Data:
– The main question about this initiative is: how and who will determine the redundancy of personal data. Thus, collecting passport data, phone number, email for registration of a loyalty card may be quite justified for some stores or types of business.
Really,
Federal Law 152 does not contain a separate concept of “redundancy of personal data”
RSpectr was informed by Yulia Rozhkova, co-founder of the Association of Companies for the Protection and Storage of Personal Data. According to her, Article 5 of this law sets forth the principles for processing such information. These include: only personal data (PD) that meet the purposes of their processing are subject to processing; and the volume of processed data must correspond to the stated purposes of processing. The processed PD must not be excessive in relation to the stated purposes of their processing (Part 5, Article 5, Federal Law No. 152).
Yulia Rozhkova, Association of Companies for the Protection and Storage of Personal Data:
– Based on the content of this norm, it is already possible to formulate a definition of excessive personal data: the content and volume of which do not correspond to the purposes of processing or are not necessary to provide access to the service.
發表於 2024-11-7 13:32:23
