Online entrepreneurs know very well-
THE BUSINESS IN THE INTERNET IS RELATED TO MORE OBLIGATIONS AND LIABILITIES THAN IN THE OFFLINE REALITY.
Legislative requirements towards e-business are growing exponentially over the main, growing menace in Internet called data security. The confidentiality of personal data and the control over the access and disclosure are key issues for both consumers and vendors of e-services and online sales. Every online entrepreneur must know that consumers are very sensitive in all matters affecting their personal data – who and for what purpose it collects, how provides technical and organizational measures against unauthorized access, is there a risk the personal information of the user profiles fall into the hands of other companies and organizations, etc.
This brief review aims to outline the main points of the rules on the personal data which site owners collect from their users.
The name and the importance of the document
– Registration in the Commission for Personal Data Protection (CPDP)
The lawful collection, processing and storage of personal data by automatic means is regulated by the Bulgarian Law on Personal Data Protection, the Law on Electronic Communications and Regulation № 1 of 30 January 2013 on the minimum level of technical and organizational measures and admissible type of personal data. These regulations are harmonized with the main European directives concerning the requirements for providers of services with regard to the protection of consumer privacy. Under the Law on Personal Data Protection, anyone who processes personal data of individuals must submit an application to the Commission for Protection of personal registration as a data controller. The certificate obtained by the Commission may be indicated in PP, which clearly means that the provider has met the first essential requirement in the processing of PD – a registration as a data controller in the CPDP.
– The purposes of collecting PD
Essential element of the content of PP are purposes for which the data is collected from users. Usually there is one main purpose and that is the purpose of the site – to provide certain services, for online sales of goods and others. Additional objectives that can be listed in PP usually are related to the main purpose of the site and can be associated with the creation of user profiles for receiving orders, for online payments, for delivery to address the user, for participating in games, quizzes for reservations, for receiving newsletters, etc.
– How and for what term the data is stored
Commonly PD are collected and stored until the user delete its profile. After the actions of the user for deleting the whole profile, its personal data must be deleted and storage discontinued. In some cases, explicitly listed in the Electronic Communications Act and other acts, service providers are obliged to store identifying information of users for a certain period of time, even when the user has stopped using the website or has deleted completely its profile.
The lawful storage of PD require the provider to undertake certain organizational and technical measures in line with those listed in the Law, as well as with the modern technological tools for data security.
The national legislation and the European regulations put in the focus of the PD collection the consent of user. Under the provisions of Article 17 of Directive 2002/58/EC concerning the processing of personal data and the protection of the right of privacy in the electronic communications sector –
„Consent may be given by any appropriate method enabling a freely given specific and informed indication of the user’s wishes, including by ticking a box when visiting an Internet website.”
PP must be accepted unconditionally and unequivocally by the user before providing their personal data.
Well written PP with the language of the ordinary person without superfluous legal terminology and endless sentences, in which clarity of thought is lost, can be another solid stone in the castle called “confidence.” It’s always reassuring when written that someone cares for our peace and security. In many of the websites of large companies well known in the market with quality services, in the section on Privacy may encounter similar text: