The Protection of Customer Personal Data as an Element of Entrepreneurs' Ethical Conduct

• Autorzy: Ewa Kulesza
• Języki publikacji: EN

Abstrakty

EN

The right to the protection of personal data, which is part of the right to privacy, is a fundamental human right. Thus, its guarantees were included in the high-level regulations of the European Union as well as the legal norms of the EU Member States. The first Polish law regulating the protection of personal data was adopted in 1997 as the implementation of EU Directive 95/46. The law imposed a number of obligations on public and private entities which process personal data in order to protect the rights of data subjects and, in particular, to guarantee them the ability to control the correctness of processing of their personal data. Therefore, the law obliged data controllers to process data only on the basis of the premises indicated in the legislation, to adequately secure data, and to comply with the disclosure obligation concerning data subjects, including their right to correct false or outdated data or to request removal of data processed in violation of the law. However, as complaints directed by citizens to the supervisory body-the Inspector General for Personal Data Protection-showed, personal data controllers, especially those operating in the private sector, did not comply with the law, acting in a manner that violated their customers' rights. In the hitherto existing unfair business practices of entrepreneurs, the violations of the data protection provisions that were the most burdensome for customers were related to preventing them from exercising their rights, including the right to control the processing of data, as well as the failure to provide the controller's business address, which made it impossible for subjects whose data were used in violation of the law or for the inspecting authorities to contact the company, a lack of data security and a failure to follow the procedures required by law, the failure to secure documents containing personal data or their abandonment, a lack of updating customer data, the use of unverified data sets and sending marketing offers to deceased people or incorrect target recipients, and excessive amounts of data requested by controllers. The violations of the rights of data subjects recorded in Poland and other EU Member States-among other arguments-provided inspiration for the preparation of a new legal act in the form of the EU General Data Protection Regulation (GDPR) (which entered into force on 25 May 2018). The extension of the rights of people whose data are processed was combined in the GDPR with the introduction of new legal instruments disciplining data controllers. Instruments in the form of administrative fines and the strongly emphasised possibility to demand compensation for a violation of the right to data protection were directed in partic-ular against economic entities violating the law. (original abstract)

Słowa kluczowe

EN

Personal data protection; Business activity ethics; Protection of privacy; Right to privacy

PL

Ochrona danych osobowych; Etyka działalności gospodarczej; Ochrona prywatności; Prawo do prywatności

• Czasopismo: Annales : etyka w życiu gospodarczym
• Rocznik: 2018
• Tom: 21
• Numer: nr 7
• Strony: 27--44

Twórcy

autor

Ewa Kulesza

• University of Lodz

Bibliografia

• Act of 10 May 2018 on the Protection of Personal Data, Journal of Laws 2018, item 1000 [Ustawa z dnia 10 maja 2018 r. o ochronie danych osobowych, Dz.U. 2018, poz. 1000].
• Act of 29 August, 1997 on the Protection of Personal Data, Journal of Laws 2016, item 922 as amended [Ustawa z dnia 29 sierpnia 1997 r. o ochronie danych osobowych, Dz.U. z 2016 r., poz. 922 ze zm.].
• Barcz, J., Górka, M., & Wyrozumska, A. (2015). Instytucje i prawo Unii Europejskiej. Podręcznik dla kierunków prawa, zarządzania i administracji. Warszawa: Walters Kluwer.
• Barta, P., & Kawecki, M. (2018). Rozporządzenie UE w sprawie ochrony osób fizycznych w związku z przetwarzaniem danych osobowych i swobodnym przepływem takich danych. Komentarz (P. Litwiński, Ed.). Warszawa: C.H. Beck.
• Bielak-Jomaa, E., & Lubasz, D. (Eds.) (2018). RODO. Ogólne rozporządzenie o ochronie danych. Komentarz. Warszawa: Walters Kluwer.
• Bojanowski, M. (2009, July 23). Ucywilizować łowców nieszczęść. Gazeta Wyborcza, 171.
• Directive of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. https://eur-lex.europa.eu/legal-content/en/TXT/? uri=CELEX:31995L0046
• Generalny Inspektor Ochrony Danych Osobowych. (2000). Sprawozdanie z działalności Generalnego Inspektora Ochrony Danych Osobowych za okres 01.01.1999 r. - 31.12.1999 r. Warszawa: GIODO.
• Generalny Inspektor Ochrony Danych Osobowych. (2005). Sprawozdanie Generalnego Inspektora Ochrony Danych Osobowych z działalności za rok 2004. https://giodo. gov.pl/data/filemanager_pl/727.pdf
• Generalny Inspektor Ochrony Danych Osobowych. (2007). Sprawozdanie z działalności Generalnego Inspektora Ochrony Danych Osobowych w roku 2006. https://giodo. gov.pl/data/filemanager_pl/1051.pdf
• Kulesza, E. (2010). Ochrona danych osobowych klientów jako element działania etycznego przedsiębiorcy. Annales. Ethics in Economic Life, 13(1), 97-105.
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L 119, vol. 59. https://eur-lex.europa.eu/ legal-content/EN/TXT/?uri=CELEX:32016R0679

Identyfikatory

DOI

10.18778/1899-2226.21.7.02