28.11.2024 17:32:00
Дата публикации
At the plenary session of the Majilis, the deputy of the AMANAT faction Ekaterina Smyshlyaeva raised the issue of violations in the use of personal data of citizens in the financial sector.
In her deputy inquiry to the Chairman of the Agency for Regulation and Development of the Financial Market, she emphasized that the existing practice of collecting consents not only violates the law, but also contributes to the growth of fraudulent schemes.
Smyshlyaeva noted that many consents to data processing signed by clients are essentially “creative” documents that allow the use of data for any purpose.
The procedure is often also compulsory:
“What if there is no [consent]? And if not, then access to the service is closed. Thus, the second scenario is simply not worked out.”
She also drew attention to the lack of choice: citizens are forced to give consent to all types of processing at once, including advertising and marketing purposes, and consents are often formulated in such a way that they allow data processing for unspecified purposes. Smyshlyaeva added: "It turns out that a consumer of services, like Gerasim, agrees to everything."
All the requirements listed above are taken into account in the law "On personal data and their protection", but are systematically violated.
Among the key problems, the deputy highlighted:
- The compulsory nature of consents.
- The absence of a clear list of third parties to whom data can be transferred.
- Unreasonably long periods of consent, up to and including perpetual ones.
- The impossibility of revoking consent in practice: links and instructions for this are simply missing in the applications.
To solve the problem, the "AMANAT" faction proposed:
1. Conduct an audit of compliance with the legislation on the protection of personal data in the banking sector.
2. Review the exceptions for banking organizations in terms of information security control.
3. Develop uniform forms of industry consents for the use of personal data.
4. Introduce standards of accessibility, procedures for obtaining and revoking consent.
5. Create an algorithm of actions for situations where the subject has not given consent to the processing of data.
Earlier, Ekaterina Smyshlyaeva supported human rights activists and public figures who oppose the transfer of the functions of public service centers to private companies, which also violates the legislation on personal data.
This position was voiced by many experts, including Teaching professor at the Maqsut Narikbayev University Higher School of Law and academic advisor at the Eurasian Digital Foundation Dana Utegen.
(the text was translated automatically)
In her deputy inquiry to the Chairman of the Agency for Regulation and Development of the Financial Market, she emphasized that the existing practice of collecting consents not only violates the law, but also contributes to the growth of fraudulent schemes.
Smyshlyaeva noted that many consents to data processing signed by clients are essentially “creative” documents that allow the use of data for any purpose.
The procedure is often also compulsory:
“What if there is no [consent]? And if not, then access to the service is closed. Thus, the second scenario is simply not worked out.”
She also drew attention to the lack of choice: citizens are forced to give consent to all types of processing at once, including advertising and marketing purposes, and consents are often formulated in such a way that they allow data processing for unspecified purposes. Smyshlyaeva added: "It turns out that a consumer of services, like Gerasim, agrees to everything."
All the requirements listed above are taken into account in the law "On personal data and their protection", but are systematically violated.
Among the key problems, the deputy highlighted:
- The compulsory nature of consents.
- The absence of a clear list of third parties to whom data can be transferred.
- Unreasonably long periods of consent, up to and including perpetual ones.
- The impossibility of revoking consent in practice: links and instructions for this are simply missing in the applications.
To solve the problem, the "AMANAT" faction proposed:
1. Conduct an audit of compliance with the legislation on the protection of personal data in the banking sector.
2. Review the exceptions for banking organizations in terms of information security control.
3. Develop uniform forms of industry consents for the use of personal data.
4. Introduce standards of accessibility, procedures for obtaining and revoking consent.
5. Create an algorithm of actions for situations where the subject has not given consent to the processing of data.
Earlier, Ekaterina Smyshlyaeva supported human rights activists and public figures who oppose the transfer of the functions of public service centers to private companies, which also violates the legislation on personal data.
This position was voiced by many experts, including Teaching professor at the Maqsut Narikbayev University Higher School of Law and academic advisor at the Eurasian Digital Foundation Dana Utegen.
