My name is Alexander Yavtushenko and for 4 years I have been working in the field of IT law. Recently, more and more often the sites and applications that I accompany regarding legal support of their activities begin to think or directly implement various rules and policies related, first of all, to the procedures for collecting, processing and storing personal data. In most cases, this is caused by the terrible word GDPR (English General Data Protection Regulation) - a normative act of the European Union that governs any actions related to the collection, processing, storage and subsequent use of personal data received from EU citizens.
The main problem of IT developers who do not want to attract specialized legal experts in the field of Personal Data protection (hereinafter referred to as PD) and ensure the correct privacy mode is mixing in one document (it is often “called” by the terms of use of the site or user agreement) as the rules governing user behavior (various user groups) on the website or in the application, and the provisions on the processing of personal data.
The second global problem is the fact that the layman, as a rule, does not have an understanding that it is not enough to write any rules, it is important to know perfectly the legal norms and law enforcement practice (both from the regulatory authorities and the judiciary) of the country of registration of the site / application , as well as the norms of other countries, which in certain cases may also apply to you (a vivid example is the same GDPR in the case of working with data from EU citizens).
This is due to the fact that there are two areas in the regulation of PD use :
1. Imperative
, , . , , . , , ( ) .
2.
, , , , , . " , ", /, , .
( ) . , , , , . , , IT .
, , , , / -. , (. ) ( ) «», . , , , - .
( « »)
-, , . — ( ) . , -, , . , (, « »).
, , - — . :
, , - . IT . , ( ) .
, - . . , , , , " " .
, , , , , . :
- , . ( SWIFT ) , , .
- , . , , , . , , . , — .
( )
, , , . , , , ( push- ), , , , . , / / () . GDPR` " ". , , , .
- Facebook, , , , , , . , , , , () , , , .
c
, -, - . , -, - , .
. , . , , , , , , , .
cookie. , . , .
cookie , , ( ).
"" ( ), ( ). , , , .
— "" , cookie. .
, IT , , ( ), cookie ( ).
It is worth remembering that the formation of such documents is a rather complicated and painstaking process, which requires a deep knowledge of the peremptory norms of the legislation of both the country in which the company owning the rights to the product is registered and international or pan-European legal rules. Any project requires an analysis of processes to prevent possible risks in the future. The value of a qualified lawyer is to find these risks and develop individual preventive mechanisms to prevent future problems.