Processing of personal data? No, not to us. Elegant solution from Golos
This time - the article is not so big, but very relevant.
Surely they have already read, heard, seen or just know that personal data (they are also PD) is the holy grail of law No. 152 of July 27, 2006 (so as not to disturb the peace of a number of Habrozhiteley relatively non-continuous numbering).
At the same time, not so long ago an interesting, for me personally, blockchain project - Golos.io. Among other things, it differs in the approach to the processing of PD.
')
The uniqueness lies in the fact that G.io does not process PD at all .
I will not talk about the service: the site has a lot of links, posts and comments in this area, I’ll just mention the confidentiality agreement , which I, as a lawyer, interested me.
Literally in the first section we see this:
The agreement is absolutely tiny.
And I remembered about him for two reasons:
It is significant that Golos has a legal entity with an interesting name Graciola Systems Inc. Registered in Belize: jurisdiction is quite loved by Roskomnadzor and Rosfinmonitoring, by the way.
The user agreement is completely correlated with the privacy policy and establishes, in particular, that “when creating an account on the Site, the Service generates and stores a cryptographic pair of a secret key — the public key” (Section 4.1). In addition, as explained below (clause 4.2.): "The secret key is uniquely the same as the User Account Information . " And further - a logical conclusion that "the Service does not store Account Credentials, as well as secret keys."
Like many other "controversial" -to-perspective projects, the Voice with the growth of the audience may well fall into the stop-lists of the above-mentioned state bodies:
And in this section, a similar life hack regarding the processing of PD seems very interesting and even, oddly enough, promising: art. 1 of the Federal Law No. 152 says that “this Federal Law regulates relations connected with the processing of personal data ...” and if there are no relations as such, then the LA itself does not apply?
True, there is another article in this law that is referred to more often - art. 2: “The purpose of this Federal Law is to ensure the protection of the rights and freedoms of a person and a citizen in the processing of his personal data , including the protection of the rights to privacy, personal and family secrets”.
For now, I will not evaluate the approach of the Golos team, which, by the way, started from Kaliningrad , i.e. the territory of the Russian Federation.
I know that there are quite a few people on Habré who are afraid / do not want / do not know how to work on the territory of the Russian Federation if “the project is incomprehensible or may cause doubts” (read, also applies to categories of “borderline”, such as vpn services; or to the “incomprehensible in principle”, this is certainly the overwhelming part of blockchain startups), so you can look at the rules of the Voice and rework them for your own needs.
The option is not perfect , but it is much better for many than the position “to do nothing as long as possible”. In the comments, perhaps, someone will add such life tricks (successful / unsuccessful implementation attempts) and as a result - you can make a completely legitimate list of technical approaches to (not) processing PD . Of course, it will be useful in the light of recent events.
PS It is interesting that such a struggle of “armor and shell” can be seen on the example of various services that provide services for the aggregation of payments and have not become on the unstable rails of the law “On the National Payment System”. Or taxi services. Or in the future - in the field of commodity aggregators. Not always it will be PD, but always - an attempt to read the law by its letter. Or spirit?
Surely they have already read, heard, seen or just know that personal data (they are also PD) is the holy grail of law No. 152 of July 27, 2006 (so as not to disturb the peace of a number of Habrozhiteley relatively non-continuous numbering).
At the same time, not so long ago an interesting, for me personally, blockchain project - Golos.io. Among other things, it differs in the approach to the processing of PD.
')
The uniqueness lies in the fact that G.io does not process PD at all .
I will not talk about the service: the site has a lot of links, posts and comments in this area, I’ll just mention the confidentiality agreement , which I, as a lawyer, interested me.
Literally in the first section we see this:
- Technical information (I will write further - TI for short) is not personal data (clause 1.2);
- The user provides the Service with an email address and login (clause 1.4). The information provided is not personal data ;
- At the same time, users understand that the transfer of TI can be including cross-border ;
- It is interesting that “the Service does not sell and does not transmit information about the Users separately” (clause 3.3);
- Fraudsters and dishonest citizens cannot be at the same time (paragraphs 4.2 and 4.3);
The agreement is absolutely tiny.
And I remembered about him for two reasons:
- The first one is called Airbnb and is that now LLC has no such service in the Russian Federation;
- The second is Linkedin , which was closed due to the “problems” with the Federal Law No. 152;
- In fact, there is a third one - this is the Ministry of Finance with their abrupt change of position regarding cryptocurrency (I’ll come back to this in the next posts).
It is significant that Golos has a legal entity with an interesting name Graciola Systems Inc. Registered in Belize: jurisdiction is quite loved by Roskomnadzor and Rosfinmonitoring, by the way.
The user agreement is completely correlated with the privacy policy and establishes, in particular, that “when creating an account on the Site, the Service generates and stores a cryptographic pair of a secret key — the public key” (Section 4.1). In addition, as explained below (clause 4.2.): "The secret key is uniquely the same as the User Account Information . " And further - a logical conclusion that "the Service does not store Account Credentials, as well as secret keys."
Like many other "controversial" -to-perspective projects, the Voice with the growth of the audience may well fall into the stop-lists of the above-mentioned state bodies:
- for the distribution of "wrong" content;
- for “Voice” tokens, which are no less - no less ... are intangible digital assets "(cf. the concept of" digital money "from the Central Bank of the Russian Federation),
- for other reasons .
And in this section, a similar life hack regarding the processing of PD seems very interesting and even, oddly enough, promising: art. 1 of the Federal Law No. 152 says that “this Federal Law regulates relations connected with the processing of personal data ...” and if there are no relations as such, then the LA itself does not apply?
True, there is another article in this law that is referred to more often - art. 2: “The purpose of this Federal Law is to ensure the protection of the rights and freedoms of a person and a citizen in the processing of his personal data , including the protection of the rights to privacy, personal and family secrets”.
For now, I will not evaluate the approach of the Golos team, which, by the way, started from Kaliningrad , i.e. the territory of the Russian Federation.
I know that there are quite a few people on Habré who are afraid / do not want / do not know how to work on the territory of the Russian Federation if “the project is incomprehensible or may cause doubts” (read, also applies to categories of “borderline”, such as vpn services; or to the “incomprehensible in principle”, this is certainly the overwhelming part of blockchain startups), so you can look at the rules of the Voice and rework them for your own needs.
The option is not perfect , but it is much better for many than the position “to do nothing as long as possible”. In the comments, perhaps, someone will add such life tricks (successful / unsuccessful implementation attempts) and as a result - you can make a completely legitimate list of technical approaches to (not) processing PD . Of course, it will be useful in the light of recent events.
PS It is interesting that such a struggle of “armor and shell” can be seen on the example of various services that provide services for the aggregation of payments and have not become on the unstable rails of the law “On the National Payment System”. Or taxi services. Or in the future - in the field of commodity aggregators. Not always it will be PD, but always - an attempt to read the law by its letter. Or spirit?
Source: https://habr.com/ru/post/326652/
All Articles