The protection of customer personal data as an element of entrepreneurs’ ethical conduct
DOI:
https://doi.org/10.18778/1899-2226.21.7.02Słowa kluczowe:
personal data protection, rights of data subjects, right to information, duties of personal data controller, GDPR, administrative fines, criminal liability, compensation for a violation of the right to personal data protectionAbstrakt
The right to the protection of personal data, which is part of the right to privacy, is a fundamental human right. Thus, its guarantees were included in the high-level regulations of the European Union as well as the legal norms of the EU Member States. The first Polish law regulating the protection of personal data was adopted in 1997 as the implementation of EU Directive 95/46. The law imposed a number of obligations on public and private entities which process personal data in order to protect the rights of data subjects and, in particular, to guarantee them the ability to control the correctness of processing of their personal data. Therefore, the law obliged data controllers to process data only on the basis of the premises indicated in the legislation, to adequately secure data, and to comply with the disclosure obligation concerning data subjects, including their right to correct false or outdated data or to request removal of data processed in violation of the law. However, as complaints directed by citizens to the supervisory body—the Inspector General for Personal Data Protection—showed, personal data controllers, especially those operating in the private sector, did not comply with the law, acting in a manner that violated their customers’ rights. In the hitherto existing unfair business practices of entrepreneurs, the violations of the data protection provisions that were the most burdensome for customers were related to preventing them from exercising their rights, including the right to control the processing of data, as well as the failure to provide the controller’s business address, which made it impossible for subjects whose data were used in violation of the law or for the inspecting authorities to contact the company, a lack of data security and a failure to follow the procedures required by law, the failure to secure documents containing personal data or their abandonment, a lack of updating customer data, the use of unverified data sets and sending marketing offers to deceased people or incorrect target recipients, and excessive amounts of data requested by controllers. The violations of the rights of data subjects recorded in Poland and other EU Member States—among other arguments—provided inspiration for the preparation of a new legal act in the form of the EU General Data Protection Regulation (GDPR) (which entered into force on 25 May 2018). The extension of the rights of people whose data are processed was combined in the GDPR with the introduction of new legal instruments disciplining data controllers. Instruments in the form of administrative fines and the strongly emphasised possibility to demand compensation for a violation of the right to data protection were directed in particular against economic entities violating the law.
Bibliografia
Act of 10 May 2018 on the Protection of Personal Data, Journal of Laws 2018, item 1000 [Ustawa z dnia 10 maja 2018 r. o ochronie danych osobowych, Dz.U. 2018, poz. 1000].
Google Scholar
Act of 29 August, 1997 on the Protection of Personal Data, Journal of Laws 2016, item 922 as amended [Ustawa z dnia 29 sierpnia 1997 r. o ochronie danych osobowych, Dz.U. z 2016 r., poz. 922 ze zm.].
Google Scholar
Barcz, J., Górka, M., & Wyrozumska, A. (2015). Instytucje i prawo Unii Europejskiej. Podręcznik dla kierunków prawa, zarządzania i administracji. Warszawa: Walters Kluwer.
Google Scholar
Barta, P., & Kawecki, M. (2018). Rozporządzenie UE w sprawie ochrony osób fizycznych w związku z przetwarzaniem danych osobowych i swobodnym przepływem takich danych. Komentarz (P. Litwiński, Ed.). Warszawa: C.H. Beck.
Google Scholar
Bielak-Jomaa, E., & Lubasz, D. (Eds.) (2018). RODO. Ogólne rozporządzenie o ochronie danych. Komentarz. Warszawa: Walters Kluwer.
Google Scholar
Bojanowski, M. (2009, July 23). Ucywilizować łowców nieszczęść. Gazeta Wyborcza, 171.
Google Scholar
Directive of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A31995L0046
Google Scholar
Generalny Inspektor Ochrony Danych Osobowych. (2000). Sprawozdanie z działalności Generalnego Inspektora Ochrony Danych Osobowych za okres 01.01.1999 r. – 31.12.1999 r. Warszawa: GIODO.
Google Scholar
Generalny Inspektor Ochrony Danych Osobowych. (2005). Sprawozdanie Generalnego Inspektora Ochrony Danych Osobowych z działalności za rok 2004. https://giodo.gov.pl/data/filemanager_pl/727.pdf
Google Scholar
Generalny Inspektor Ochrony Danych Osobowych. (2007). Sprawozdanie z działalności Generalnego Inspektora Ochrony Danych Osobowych w roku 2006. https://giodo.gov.pl/data/filemanager_pl/1051.pdf
Google Scholar
Kulesza, E. (2010). Ochrona danych osobowych klientów jako element działania etycznego przedsiębiorcy. Annales. Ethics in Economic Life, 13(1), 97–105.
Google Scholar
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L 119, vol. 59. https://eur-lex.europa.eu/ legal-content/EN/TXT/?uri=CELEX%3A32016R0679
Google Scholar
Pobrania
Opublikowane
Jak cytować
Numer
Dział
Licencja
Prawa autorskie (c) 2018 Annales. Etyka w Życiu Gospodarczym
Utwór dostępny jest na licencji Creative Commons Uznanie autorstwa – Użycie niekomercyjne – Bez utworów zależnych 4.0 Międzynarodowe.