Analysis of the Requirements for User Data Security on Service Provider Platforms

Document Type : Original Article

Authors

1 Assistant Professor, National Research Institute for Science Policy, Tehran, Iran

2 Ph.D. student in Private Law, Univeristy of Shiraz, Shiraz, Iran.

Abstract

One of the most crucial issues in information security is the protection of user data from unauthorized access. In this regard, the privacy policy of almost every platform asserts that the company's protocol, server, security layers, and data management techniques will ensure data security. However, the precise mechanism and criteria for implementing security measures remain unspecified. Existing laws, except for the e-commerce law, fail to provide guidance on securing user data in electronic commerce, resulting in a significant gap in regulatory oversight. This article uses descriptive and analytical methods within Iranian law to examine the requirements for securing users' data. Data processors must consider the type of data, implementation costs, processing nature, geographical location, subject and purposes of processing, potential risks, and their impact on individuals' rights to ensure adequate security. Therefore, data processors must adopt appropriate technical and organizational measures to ensure the security of users' data at an adequate level. Periodic review and assessment and reporting of the level of consumer data protection on platforms and providing a regulatory artery have been regarded as data protection requirements. The Supreme Commission for the Regulation of Cyberspace has obliged all service providers to encrypt the data that leads to the identification of users within two months, through the amendment of their privacy policies, and to recognize the "right to delete" information for users. The result is that due to the shortcomings of the directive, including generalities, the lack of identification of the special platform for compensation, and the ambiguity and silence of the provisions of the directive in some cases, as well as the reliance of the implementation guarantee on civil and criminal liability, the approval of the law on the protection of personal data, along with encouraging The self-regulating system of the platforms seems to be a practical solution.

Keywords

Main Subjects

References

[1] Ahmadvand B., & Jahanshahi, A. (2023). Comparative Studying the Personal Data in the European Union and Iranian Legal System. CLR, 27 (1) :105-132
[2] Buresh, D. L. (2019). A Comparison between the European and the American Approaches to PrivacyIndon. J. Int'l & Comp. L.6, 257.
[3] Riedy, M. K., & Hanus, B. (2016). Yes, Your Personal Data Is at Risk: Get over ItSMU Sci. & Tech. L. Rev.19, 3.
[4] https://twitter.com/snappfood?lang=en
[5] Ansari, B. (2007). Privacy Law. Tehran: Samt Publication{In Persian}
[6] Latifzadeh, M., Qabuli Dorafshan, S. M. M., Mohseni, S., & Abedi, M. (2023). The Obligations of the Personal Data Processor in the European Union and the Feasibility of Its Acceptance in Iranian Law. Civil Jurisprudence Doctrines15(27), 245-286. Https://doi.org/10.30513/cjd.2022.3094.1541 {In Persian}
[7] Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022). Cyber risk and cybersecurity: a systematic review of data availabilityThe Geneva Papers on risk and insurance-Issues and practice47(3), 698-736. https://doi.org/10.1057/s41288-022-00266-6
[8] Freeha, K., K.J. Hwan, M. Lars, and M. Robin. 2021. Data breach management: An integrated risk modelInformation & Management, 58(1): 103392. https://doi.org/10.1016/j.im.2020.103392.
[9] Yee, C. K., & Zolkipli, M. F. (2021). Review on Confidentiality, Integrity, and Availability in Information Security. Journal of ICT in Education, 8(2), 34–42. https://doi.org/10.37134/jictie.vol8.2.4.2021
[10] Nisha Dhanraj Dewani, Zubair Ahmed Khan, Agarwal, A., Sharma, M., & Shaharyar Asaf Khan. (2022). Handbook of research on cyber law, data protection, and privacy. Information Science Reference. An Imprint Of Igi Global.
[11] Lambert, P. (2020). A User’s Guide to Data Protection: Law and Policy. In Library Genesis. Bloomsbury Professional.
[12] Badini, H., & Karami, H. (2021). Comparative study of responsibility of the processing Applicant institution, the controller, and the Processor under gdpr and the Bill “Preservation and protection Personal Data"Legal Research Quarterly24(95), 137-158. https://doi.org/10.29252/jlr.2021.184069.1396 {In Persian}
[13] https://snappfood.ir/privacy-policy
[14] Taghavifard, M. T., Taghva, M., Faghihi, M., & Jamshidi, M. (2017). A Comparative Study on Information Privacy Protection Acts in Iran and Selected Countries. Majlis and Rahbord24(89), 301-333. {In Persian}
[15] Badini, H., & Kandsari, H. S. (2018). A Comparative Analysis of the Foundations of Civil Responsibility of Service Suppliers in Islamic, Iranian and French LawJ. Compar. L.5, 177. https://doi.org/10.22096/law.2019.34496
[16] Ghanad, F., & Aligholi, A. (2020). The Notion and Importance of Personal Data and Privacy and Their Various Protections in Cyber SpaceModernTechnologies Law1(1), 297-322. https://doi.org/10.22133/clj.2020.243290.1016.{In Persian}
[17] Latifzadeh, M., Qabuli Dorafshan, S. M. M., Mohseni, S., & Abedi, M. (2023). Protection of Personal Data in EU Law and its Feasibility in the Iranian Legal SystemPublic Law Studies Quarterly53(2), 981-1005. Https://doi.org/10.22059/jplsq.2021.324694.2786 {In Persian}
[18] Li, Y., & SaxunovÃ, D. (2020). A perspective on categorizing Personal and Sensitive Data and the analysis of practical protection regulationsProcedia Computer Science170, 1110-1115. https://doi.org/10.1016/j.procs.2020.03.060
[19] Smedinghoff, T. J. (2015). An Overview of Data Security Legal Requirements for All Business Sectors. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.2671323
[20] Stam, A., & Kleiner, B. (2020). Data anonymisation: legal, ethical, and strategic considerations. Swiss Centre of Expertise in the Social Sciences, 1-15 https://doi.org/10.24449/FG-2020-00011
[21] Koo, J., Kang, G., & Kim, Y.-G. (2020). Security and Privacy in Big Data Life Cycle: A Survey and Open Challenges. Sustainability, 12(24), 10571. MDPI. https://doi.org/10.3390/su122410571
[22] Cheng, L., Liu, F., & Yao, D. D. (2017). Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5), e1211. Wiley. https://doi.org/10.1002/widm.1211
[23] Lambert, P. (2016). The Data Protection Officer. CRC Press.
[24] Šidlauskas, A. (2021). The Role and Significance of the Data Protection Officer in the Organization. Socialiniai Tyrimai, 44(1), 8–28. https://doi.org/10.15388/soctyr.44.1.1
[25] Zamani, S. G., & Attar, S. (2017). Human Rights and the Right to Be Forgotten in the Age of New Information. Technologies. International Law Review33(55), 81-108. doi: 10.22066/cilamag.2016.23525 {In Persian}
[26] European Union Agency for Fundamental Rights and Council of Europe. (2018). Handbook on European data protection law. Luxembourg, Publications Office of the European Union
[27] Ansari, B. (2023). Rights of Virtual Space Users. Tehran: Sahami Enteshar Co.
[28] Giurgiu, A., & Larsen, T. A. (2016). Roles and Powers of National Data Protection Authorities: Moving from Directive 95/46/EC to the GDPR: Stronger and More'European'DPAs as Guardians of Consistency?Eur. Data Prot. L. Rev.2, 342.
 
 
 

Files

Share

How to cite

Statistics