February 15, 2011 at 01:33As an ordinary user fought for compliance with the law "On personal data"
Today, a curious topic has appeared on the Pravo.ru company’s blog about how companies who are going to open Internet resources who have to work with personal data of customers should behave. Therefore, at the request of the workers , I will lay out my story on the part of the average user, who decided to check his rights in business.
It’s not a secret at all that many technological innovations reach Russia with a fair delay. This applies to almost everything - from mobile gadgets and computer games to cars. The reasons for such delays are very different, but they are expressed not only in the lack of these very new products, but also in the slow reaction of the legislation to changes in technological progress. Regarding the topic of the post, this is expressed in laws governing the processing of user personal data. Abroad, in the countries of Western Europe, North America and a number of other developed countries of the world, laws regulate data processing to varying degrees from the mid-80s and early 90s, but in Russia progress on this issue began only at the turn of the XX-XXI century, what resulted in the adoption of the federal law "On Personal Data". What is its significance for an ordinary citizen? The meaning is that he is able to protect the rights and freedoms of a person in the processing of his personal data.
Now, from general rants I want to move on to a more specific part, namely, the application of the law on the Internet. What benefits does the user know about the law and what troubles can happen to your personal data? It just so happened that a person very often engages in entering his personal data on a huge breakthrough of sites. Here and the registration of mailboxes, and filling pages on social networks, and filling out orders in online stores, and creating accounts on forums, and registration of online services (from banking to booking tickets). You can scatter your personal data by the mass of nodes, which in the end creates a lot of dangers. Are the entered data protected? Yes, on serious resources, such as reputable banks, your data is encrypted, but on some forum, where the request “I forgot my password” in the letter on the soap comes your password, your data is not encrypted at all. And your entered data is potentially at risk of intruders, because the databases can be hacked with a half-kick, and then your e-mail / address of residence indicated on the forum, etc. sent to the pavilions of the markets selling counterfeit disks, or to distribute torrent trackers, where they are pumped out with pleasure by people involved in the promotion of certain services. And then wait, at best, for spam mailboxes and mailing lists that you did not subscribe to. And something else worse, right up to sent to the pavilions of the markets selling counterfeit disks, or to distribute torrent trackers, where they are pumped out with pleasure by people involved in the promotion of certain services. And then wait, at best, for spam mailboxes and mailing lists that you did not subscribe to. And something else worse, right up to sent to the pavilions of the markets selling counterfeit disks, or to distribute torrent trackers, where they are pumped out with pleasure by people involved in the promotion of certain services. And then wait, at best, for spam mailboxes and mailing lists that you did not subscribe to. And something else worse, right up toto blackmail .
A similar situation happened to me. Being a stupid schoolboy, I remember how two or three years ago I fanatically registered at the breakthrough of sites such as online games, forums and the like. The result is predictable - now the spam folder has turned into collapses of incomprehensible letters. If the spam filter does not work, then something enters the regular inbox. Most recently, I received a newsletter promoting new features from Runes of Magic. I don’t know what kind of game, because, it seems, I didn’t play it, but I couldn’t remember the reasons for registration. It was then that it occurred to me to check the work of the legislation, namely, Chapter 3 of the Federal Law No. 152 “On Personal Data”. What I've done?
1). I went to the site and read the current edition of the user agreement, and also checked that you can’t delete your account using regular means.
2). After reading the agreement, he began to delve into the site. The domain is registered and delegated in Russia by the RuCenter. The secure HTTPS version certificate was issued to the company by itself and was not verified by a third party.
3). I checked the reviews on the site on the Web of Trust (WoT) service, where it became clear that users are not very site-friendly and satisfied, as the site has a very dubious reputation, because there is pornography, spam, and aggressive advertising on the site.
Well, to test our capabilities, we stocked up information, now we have left communication with the support service. He made a request, sent it, even not particularly hoping for an answer at that moment.
We must pay tribute to the support service, which did not put a bolt on everything, as often happens.
The answer came very quickly, but was not as rosy as I wanted:
I was stunned somewhat and reopened the user agreement to clarify this issue. Armed with the points of the user agreement, he began to scribble a reply letter:
It must be that the support service did not expect that they would cling to them, and not immediately unfastened, because the guys from the support wrote some enchanting nonsense:
That is, the company has the right to do something, but does not have the technical ability to do it. I had a cognitive dissonance, because it seemed to me that the maxim of the level “we have the right to fly to Pluto, but do not have the technical ability” looks, at least, strange for the user agreement. I expressed my bewilderment in a reply letter:
There was nothing for the company to cover, so the support response was somewhat unintelligible:
Thank you, of course, for the advice, but the trick is that I definitely have not used the service for more than two months, so I could not be an active user, and the newsletters still come. So, no, let's delete my entire account, especially since I have the right to do so. I am writing a very serious answer
Dear habra-people, I don’t know if I was ready to really engage in such “bullshit” (because the cat was crying about my personal details), but I had a couple of familiar lawyers who, for the sake of interest, I could clarify the situation, and she could interest in the quality of an entertaining experience. Nevertheless, thanks to the support, a simple test of strength turned for me into a matter of principle. Therefore, it is quite possible that the matter would have come to filing a lawsuit, since this is not so difficult to do now. But this didn’t come to this, because the support service backed up and sent a laconic message:
Chukchi is cunning, Chukchi is smart, so I climbed to check what's what. I tried to enter the site. I overtook an epic file, began to fill out a password reminder form - an epic file. That is, the technical reasons instantly disappeared, it was only necessary to demonstrate determination and desire to go to the end.
Which conclusion can be drawn from this? And such that this law really allows you to protect your rights and your confidential information. Such situations have several advantages and disadvantages. The
ability to really protect their rights.
If there is a precedent (yes, I understand that we have no case law, but there is a certain practice of making similar decisions), it will be easier to solve such situations in favor of the client.
To make a feasible contribution to the creation of a state based on the rule of law such as it is well received on paper, but bad in practice.
Big investment of time. You will need to know the laws, and read user agreements, and argue in pre-trial proceedings, and litigation, and other abysses of time to waste.
Similar costs of nerves. Not everything goes smoothly, like clockwork.
Possible costs of funds. From banal payment of traffic to compensation payments.
To minimize the effect and consequences of these minuses (there may be more of them than I indicated), we must act as objectively as possible.
1). We play with a potential opponent according to the same rules - according to the legislation of the Russian Federation. User agreements govern only that part which the legislation does not regulate. And if the clauses of the agreement contradict laws and other official legal acts, then you can forget about these conflicting clauses.
2). Give yourself a report - are you suffering enough damage to start defending your rights or is your desire caused only by a desire to have fun? If you have some fun, it’s better to choose a different way to have fun, because this is a game with fire, and the above disadvantages can hit much more than you would like.
3). Do not give in to emotions. In the matter of protecting their rights and working with legislation, emotions are far from the best assistant (for example, in this topic it is shown that emotions were let down by a law enforcement officer who immediately set people against himself). Cold head is the best helper. The clearer and more reasoned your position will be, the better.
And do not be afraid that the support servicehe does not consider you to be a person, threatens you, speaks nonsense or does not want to work . They are the same players in the game of law, like you, so the rights with obligations you have the same.
So on a children's example of communication with the support service of an ordinary MMORPG, decide whether the game is worth the candle, but remember that no one will protect your rights for you for thanks, until you yourself want to protect them. Bulk does not happen much.
Good luck in everything and think what you post on the web! :)
It’s not a secret at all that many technological innovations reach Russia with a fair delay. This applies to almost everything - from mobile gadgets and computer games to cars. The reasons for such delays are very different, but they are expressed not only in the lack of these very new products, but also in the slow reaction of the legislation to changes in technological progress. Regarding the topic of the post, this is expressed in laws governing the processing of user personal data. Abroad, in the countries of Western Europe, North America and a number of other developed countries of the world, laws regulate data processing to varying degrees from the mid-80s and early 90s, but in Russia progress on this issue began only at the turn of the XX-XXI century, what resulted in the adoption of the federal law "On Personal Data". What is its significance for an ordinary citizen? The meaning is that he is able to protect the rights and freedoms of a person in the processing of his personal data.
Now, from general rants I want to move on to a more specific part, namely, the application of the law on the Internet. What benefits does the user know about the law and what troubles can happen to your personal data? It just so happened that a person very often engages in entering his personal data on a huge breakthrough of sites. Here and the registration of mailboxes, and filling pages on social networks, and filling out orders in online stores, and creating accounts on forums, and registration of online services (from banking to booking tickets). You can scatter your personal data by the mass of nodes, which in the end creates a lot of dangers. Are the entered data protected? Yes, on serious resources, such as reputable banks, your data is encrypted, but on some forum, where the request “I forgot my password” in the letter on the soap comes your password, your data is not encrypted at all. And your entered data is potentially at risk of intruders, because the databases can be hacked with a half-kick, and then your e-mail / address of residence indicated on the forum, etc. sent to the pavilions of the markets selling counterfeit disks, or to distribute torrent trackers, where they are pumped out with pleasure by people involved in the promotion of certain services. And then wait, at best, for spam mailboxes and mailing lists that you did not subscribe to. And something else worse, right up to sent to the pavilions of the markets selling counterfeit disks, or to distribute torrent trackers, where they are pumped out with pleasure by people involved in the promotion of certain services. And then wait, at best, for spam mailboxes and mailing lists that you did not subscribe to. And something else worse, right up to sent to the pavilions of the markets selling counterfeit disks, or to distribute torrent trackers, where they are pumped out with pleasure by people involved in the promotion of certain services. And then wait, at best, for spam mailboxes and mailing lists that you did not subscribe to. And something else worse, right up toto blackmail .
A similar situation happened to me. Being a stupid schoolboy, I remember how two or three years ago I fanatically registered at the breakthrough of sites such as online games, forums and the like. The result is predictable - now the spam folder has turned into collapses of incomprehensible letters. If the spam filter does not work, then something enters the regular inbox. Most recently, I received a newsletter promoting new features from Runes of Magic. I don’t know what kind of game, because, it seems, I didn’t play it, but I couldn’t remember the reasons for registration. It was then that it occurred to me to check the work of the legislation, namely, Chapter 3 of the Federal Law No. 152 “On Personal Data”. What I've done?
1). I went to the site and read the current edition of the user agreement, and also checked that you can’t delete your account using regular means.
2). After reading the agreement, he began to delve into the site. The domain is registered and delegated in Russia by the RuCenter. The secure HTTPS version certificate was issued to the company by itself and was not verified by a third party.
3). I checked the reviews on the site on the Web of Trust (WoT) service, where it became clear that users are not very site-friendly and satisfied, as the site has a very dubious reputation, because there is pornography, spam, and aggressive advertising on the site.
Well, to test our capabilities, we stocked up information, now we have left communication with the support service. He made a request, sent it, even not particularly hoping for an answer at that moment.
Hello, I ask you to delete my account and stop processing
personal data, including e-mail, in accordance with Federal Law
of July 27, 2006 N 152-ФЗ “On Personal Data”, and also delete the
email address from the databases mailing lists. Sincerely, <nickname selected for the site>.
We must pay tribute to the support service, which did not put a bolt on everything, as often happens.
The answer came very quickly, but was not as rosy as I wanted:
We will exclude your email address from the newsletters, but account deletion is not possible.
I was stunned somewhat and reopened the user agreement to clarify this issue. Armed with the points of the user agreement, he began to scribble a reply letter:
Hello, thanks for your understanding.
Thank you for excluding my email from the mailing list, but why is it impossible to delete an account if the User Agreement provides such an opportunity:
3.6.If the User has not activated the Account for 2 (two) months in a row, i.e. did not enter the Login and Password on the Website in the appropriate fields, the Company has the right to delete the Account. The User is not entitled to bring any claims to the Company in connection with the deletion of the Account in the manner specified in the Agreement.
6.4. The user has the right to stop using the Game at any time. In cases established by the Agreement, the User must stop using the Game. The date of termination of use of the Game by the User shall be considered the earlier of the following dates:
6.4.1. Date of deletion of the Account;
6.4.2. 2 (Two) months from the date the User last activated the Account, i.e. entered Login and Password on the Website in the corresponding fields, even if the corresponding Account has not been deleted.
Please consider this letter as an official request to delete an account in accordance with clauses 6.4.1 and 8.8 of the User Agreement of the Company, as well as Federal Law of July 27, 2006 N 152-ФЗ “On Personal Data”, article 21, clause 5.
It must be that the support service did not expect that they would cling to them, and not immediately unfastened, because the guys from the support wrote some enchanting nonsense:
You misunderstand item ps 3.6, “Company is entitled” is not the same as
“Company is obligated”. Deleting an account is not possible for technical reasons.
That is, the company has the right to do something, but does not have the technical ability to do it. I had a cognitive dissonance, because it seemed to me that the maxim of the level “we have the right to fly to Pluto, but do not have the technical ability” looks, at least, strange for the user agreement. I expressed my bewilderment in a reply letter:
How are you entitled to delete an account if this is not possible for technical reasons ? Here, I really do not understand anything. Why add clauses to the contract that you cannot fulfill?
Since the domain rmonline.ru is registered and delegated on the territory of the Russian Federation, and you carry out the activities in accordance with the legislation of Russia, then if your contract is not authoritative for you, follow the Federal Law indicated in the previous letter, namely the Federal Law of July 27 2006 N 152-ФЗ “On personal data”, article 21, paragraph 5.
There was nothing for the company to cover, so the support response was somewhat unintelligible:
Once again, we draw your attention to those items ps. where it is indicated that the administration
“may”, this does not mean that the administration is “obligated”. If you do not want to
use an account anymore, then just do not do this.
Thank you, of course, for the advice, but the trick is that I definitely have not used the service for more than two months, so I could not be an active user, and the newsletters still come. So, no, let's delete my entire account, especially since I have the right to do so. I am writing a very serious answer
Nevertheless, I ask you to pay attention that the administration, not being obligated to delete accounts by points of its user agreement, is governed primarily by the legislation of the Russian Federation, which specifically obliges you to delete an account at the request of the client. Please pay attention to the points of the law indicated in previous letters. If you continue to persist, then please do not bother repeating about your inability to do anything, but provide information to resolve the dispute in court (the full name of your organization, legal address, address of actual location, links to regulatory documents governing your organizations in the territory of the Russian Federation).
Dear habra-people, I don’t know if I was ready to really engage in such “bullshit” (because the cat was crying about my personal details), but I had a couple of familiar lawyers who, for the sake of interest, I could clarify the situation, and she could interest in the quality of an entertaining experience. Nevertheless, thanks to the support, a simple test of strength turned for me into a matter of principle. Therefore, it is quite possible that the matter would have come to filing a lawsuit, since this is not so difficult to do now. But this didn’t come to this, because the support service backed up and sent a laconic message:
The account has been deleted.
Chukchi is cunning, Chukchi is smart, so I climbed to check what's what. I tried to enter the site. I overtook an epic file, began to fill out a password reminder form - an epic file. That is, the technical reasons instantly disappeared, it was only necessary to demonstrate determination and desire to go to the end.
Conclusion
Which conclusion can be drawn from this? And such that this law really allows you to protect your rights and your confidential information. Such situations have several advantages and disadvantages. The
ability to really protect their rights. If there is a precedent (yes, I understand that we have no case law, but there is a certain practice of making similar decisions), it will be easier to solve such situations in favor of the client. To make a feasible contribution to the creation of a state based on the rule of law such as it is well received on paper, but bad in practice. Big investment of time. You will need to know the laws, and read user agreements, and argue in pre-trial proceedings, and litigation, and other abysses of time to waste. Similar costs of nerves. Not everything goes smoothly, like clockwork. Possible costs of funds. From banal payment of traffic to compensation payments. To minimize the effect and consequences of these minuses (there may be more of them than I indicated), we must act as objectively as possible.
1). We play with a potential opponent according to the same rules - according to the legislation of the Russian Federation. User agreements govern only that part which the legislation does not regulate. And if the clauses of the agreement contradict laws and other official legal acts, then you can forget about these conflicting clauses.
2). Give yourself a report - are you suffering enough damage to start defending your rights or is your desire caused only by a desire to have fun? If you have some fun, it’s better to choose a different way to have fun, because this is a game with fire, and the above disadvantages can hit much more than you would like.
3). Do not give in to emotions. In the matter of protecting their rights and working with legislation, emotions are far from the best assistant (for example, in this topic it is shown that emotions were let down by a law enforcement officer who immediately set people against himself). Cold head is the best helper. The clearer and more reasoned your position will be, the better.
And do not be afraid that the support servicehe does not consider you to be a person, threatens you, speaks nonsense or does not want to work . They are the same players in the game of law, like you, so the rights with obligations you have the same.
So on a children's example of communication with the support service of an ordinary MMORPG, decide whether the game is worth the candle, but remember that no one will protect your rights for you for thanks, until you yourself want to protect them. Bulk does not happen much.
Good luck in everything and think what you post on the web! :)