wanted the best…
From September 1, it will be prohibited in Russia to extort personal data of consumers under the threat of refusal to conclude an agreement. That is, almost nothing will change.
The State Duma not only contributes to the development of dramatic clowning, but also does something useful – it approves the bills developed by the Government. One of the last (today) good deeds was the adoption in the third reading of the bill
“On Amendments to Article 16 of the Law of the Russian Federation “On the Protection of Consumer Rights” (in terms of inadmissible terms of the contract that infringe on the rights of the consumer)”
. More to come
approval in the Federation Council and signing by the President, but given who the author is, these are formalities.
The bill is simply replete with wishes that everything would be fine for everyone, and the following passage warmed my soul personally (given in the edition for the third reading):
To amend Article 16 of the Law of the Russian Federation of February 7, 1992 No. 2300-I “On the Protection of Consumer Rights” <...> amended to read as follows:
The seller (executor, owner of the aggregator) is not entitled to refuse the consumer to conclude, execute, change or terminate the contract with the consumer in connection with the consumer’s refusal to provide personal data, unless the obligation to provide such data is provided for by the legislation of the Russian Federation or is directly related to the execution of the contract with the consumer.
Here the legislator (and this, as we remember, is the Government, not the State Duma) tried to express
in legal language, the following excellent idea: if the subject of the transaction is, for example, the sale and purchase of a loaf of bread, then the bakery does not have the right to require the buyer to provide his personal data.
A simple (and quite reasonable) idea, right? Now let’s try to complicate it: if the subject of the transaction is, for example, banking services or the provision of telephone services (where you want or don’t want personal data, but you have to provide it), the service provider does not have the right to require their consumer to agree to the use of his personal data for mailing
advertising spam and other indecency. It was on this complication that the lawmaker stumbled, dragging the legislator with him.
To start rememberwhat
butter oil the authorized body for the protection of the rights of subjects of personal data is the federal executive body that exercises the functions of control and supervision over the compliance of the processing of personal data with the requirements of the legislation of the Russian Federation in the field of personal data. And this body is not for a second Rospotrebnadzor, whose diocese includes supervision over the implementation of the law “On Protection of Consumer Rights”, but even Roskomnadzor.
This is written in the law “On Personal Data”, as well as what “personal data” and what is “providing personal data”. And this, by the way, is interesting: actions aimed at disclosing personal data to a certain person or a certain circle of persons.
Now let’s read the amendment to the Consumer Protection Act again, taking into account the knowledge gained about the essence of the process: the seller (executor, owner of the aggregator) is not entitled to refuse the consumer to conclude, execute, change or terminate the contract with the consumer in connection with the refusal of the consumer
provide disclose personal data <…>
For those who have not yet caught the catch, I explain: it is forbidden to require the consumer to provide (disclose, communicate, transfer, voice, enter into the contract – underline as necessary) their personal data for purposes not related to the execution of the contract, but
use handle existing from the seller (executor, owner of the aggregator) the personal data of the consumer for sending him spam and other obscenities – unrestricted before September 1 and after.
What can (and should) be done? Replace just a couple of words in the bill, for example, like this:
The seller (executor, owner of the aggregator) is not entitled to refuse the consumer to conclude, execute, amend or terminate the contract with the consumer in connection with the consumer’s refusal to provide consent to processing their personal data, except in cases where the obligation to provide such consent provided for by the legislation of the Russian Federation or directly related to the execution of the contract with the consumer.
What changes from this? Everything: the seller (executor, owner of the aggregator, bald devil) can have the consumer’s personal data as much as he likes, but if he does not have consent to use them for certain purposes –
it makes no sense
it will only be necessary to provide the consumer with the services for which he pays, and in no way “monetize” redundant information about the consumer. Oh grief, let’s cry (no) about the heavy share of unscrupulous businessmen and say thanks to our native government and parliament (also not).
If you think that above I was crucifying about a purely speculative situation, then here’s an example from life. I had a contract (and still have it) for the provision of mobile services with
“Beeline” PJSC “VimpelCom” (the crooks are still the same). I use it, pay bills, periodically go to my personal account – check that paid services are not “accidentally” connected, and suddenly, when I try to log in again, I am met offer ultimatum: agree to receive spam or access to the personal account will be closed. A similar ultimatum awaits Sberbank customers if they want see information in your personal account on the status of the investment account.
I already have an agreement with the contractor, the contractor already has my PD, I have already given him consent to process them, but only in order to fulfill the contract for the provision of communication services, and he also wants to send me spam, requiring my consent, otherwise – turn off
gas OK. Amendments to the law “On Protection of Consumer Rights” should have protected from such blackmail and extortion by unscrupulous businessmen, but …
But the scheme of blackmail and extortion from September 1 will become a little more complicated:
1. Crooks (that is, a little less than the entire domestic business) enter into an agreement with the consumer that does not require consent, for example, to receive spam.
2. Literally on the same day, crooks roll out an “offer” to the consumer (additional agreement, annex to the contract), where they require consent to
use of PD for marketing purposes receiving spam, or else…
3. The consumer is faced with a choice: agree to receive spam or be without the services he needs.
????? Nobody demanded provide PD, how can you?
Well, where was I, so smart, before, while the bill was still being discussed? And I paid attention profile committees of the State Duma and its Legal Department on a small problem in the terminology of the bill, which can lead to big problems in its implementation. And you know what? All in a drum, no one even answered: thank you, I took note. Remember this when Roskomnadzor and Rospotrebnadzor are parted with their hands tied.