EBU6008 Information and Privacy Law Coursework
“FriendChina.cn采取一切措施?；び沒У男畔?。當用戶通過網站提交敏感信息時，您的信息在線和離線?；?。我們使用業內最好的加密軟件 - SSL。 FriendChina.cn致力于?；つ峁└頤塹氖蒞踩?，并會采取合理的預防措施來?；つ男畔⒚饈芏?，誤用或篡改。“
On April 14, 2016, the European Parliament voted to General Data Protection Regulation (GDPR), which will take effect on May 25, 2018. The adoption of the GDPR means that the EU has achieved unprecedented heights in the protection of personal information and its supervision, making it the most stringent data protection act in history. GDPR is of great significance to the compliance operations of companies in China whose business scope involves the territory of EU member states and their citizens, avoiding high penalties, as well as the legal research related to data in China. The GDPR stipulates that "personal data" refers to any information that points to a recognized or identifiable natural person ("data subject"). The identifiable natural person can be directly or indirectly identified, in particular by referring to such an identifier as a name, identity card number, location data, online identification, or by referring to one or more physical, physiological, Elements of genetic, psychological, economic, cultural or social identity. "Processing" refers to any one or a series of operations that target the collection of personal data or personal data, such as collecting, recording, organizing, constructing, storing, adapting or modifying, retrieving, consulting, using, disclosing, disseminating, whether or not this operation is automated.
In this case, Anyone who wants to join friendchina.cn can sign up for a free account. To open an account, individuals must provide their first (given) name, gender, date of birth, and the name of the city in which they live. They were also asked to express their interest by checking selected items from a list of styles including music and movies. These personal information conform to the definition of "personal data" in GDPR.
Controllers should implement appropriate technical and organizational measures, such as anonymity, in order to implement data protection principles, such as data minimization, in an effective manner, while identifying means of processing and processing.Controllers should implement necessary safeguards to meet legal requirements and protect the rights of data subjects.As a result, the hackers used SQL injection attacks on friendchina.cn to install common hacking programs on their corporate networks. Hackers are used to find sensitive personal information stored on corporate networks and transmit it over the Internet to computers outside the network. As a result, hackers gained unauthorized access to thousands of users' information, Forged bank accounts and took out loans in their name, which caused personal information to be stolen by hackers and caused huge losses to users. According to the obligations of the GDPR, the website did not implement appropriate technical measures, resulting in data theft. The web site should be held accountable.
Article 83, paragraph 5 of the GDPR provides for specific serious violations: first, violation of the basic principles and conditions of data processing. Data processing should follow six principles, namely, legality, legitimacy and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality. Data processing shall conform to the corresponding legal conditions. In the second category, the rights of consent, access, correction, oblivion, data portability, rejection and relief are violated
Generally speaking, GDPR as a solution to data protection, although currently only effective in Europe, but its impact is global. Based on the model of the entire Internet industry driven by gathering personal information and privacy, the impact will be inevitable, because even if other countries do not copy the EU, the protection of personal privacy information has become a general trend.
The Privacy Directive stipulates that cookies stored on a user's terminal device must be changed from opt-out to opt-in. Member states shall ensure that only allows to store information in the user terminal device or obtain information already stored, but the condition is: the user has agreed to according to the instruction from the 95th article 46 / ec, and has been provides a clear and comprehensive information, especially about dealing with the purpose of processing. In this case, the system also uses cookie, not only to keep users logged in FriendChina.cn, but also to track all websites visited by users. The website has not provided comprehensive information and without the user's consent, which is in violation of the Privacy Directive obligations.