Judgment

Judgment

Duties of controllers and processors in preventing security violations of information exchange networks

Document Type : Scientific

Authors
AliAkbar Farahzadi 1
hossein sadeghi 2
Mahdi Naser 3
1 Associate Professor, University of Judicial Sciences and Administrative Services, Tehran, Iran, farahzadi@ujsas.ac.ir
2 Associate Professor, University of Tehran, Tehran, Iran, hosadeghi@ut.ac.ir
3 PhD student in private law, University of Judicial Sciences and Administrative Services, Tehran, Iran, Mn.ujsasac0077@yahoo.com
Abstract
In today's world, preventing security breaches of information exchange networks requires mechanisms to maintain the integrity and security of network implementation. Among the components of the network, individuals are the subject of data and data messages to be exchanged. In this process, managers of information exchange networks and processors of data messages, which are called controllers and processors, have duties. What will the present research look for in answering the duties of the mentioned persons in the field of preventing security violations of information exchange networks. In this way, the present research, by studying the regulations governing the legal system of the European Union and the application of these regulations in the laws of Iran, has determined the duties of these persons in carrying out appropriate measures in the correct and legal implementation of information processing, the duties of notifying the subject persons through a documentary method. His consent to processing, announcing the reasons for rejecting his request, removing restrictions on processing, protective measures in the transnational exchange of information, the rights of the data subject, measures taken in the process of information processing, the existence of risk in processing), other controllers and processors (in announcing the deletion or creating restrictions on processing) and supervisory authorities (in cooperation and notification) has done.
Keywords
Controllers and processors
data exchange networks
data subjects
data
EU law
  1. احمدوند، بهناز، جهانشاهی، آرتین، بررسی تطبیقی مفهوم داده‌های شخصی در نظام حقوقی ایران و اتحادیه اروپا، فصلنامه پژوهش‌های حقوق تطبیقی، دوره 27، شماره 1، بهار 1402، صص 105-132.
  2. خادمی کوشا، محمدعلی، شرط قصد و ابراز صریح آن در قرارداد الکترونیکی از منظر فقه اسلامی، فصلنامه اقتصاد اسلامی، دوره 18، شماره 70، 1397، صص 205-224.
  3. لطیف زاده، مهدیه، قبولی درافشان، سیدمحمد مهدی، محسنی، سعید، عابدی، محمد؛ (2) حمایت از دادۀ شخصی در حقوق اتحادیۀ اروپا و امکان‌سنجی آن در نظام حقوقی ‏ایران، فصلنامه مطالعات حقوق عمومی، دوره 53، شماره 2، 1402، صص 981-1005.
  4. لطیف زاده، مهدیه، قبولی درافشان، سیدمحمد مهدی، محسنی، سعید، عابدی، محمد، تعهدات پردازش کننده داده شخصی در اتحادیه اروپا و امکان‌سنجی پذیرش آن در حقوق ایران، فصلنامه آموزه‌های فقه مدنی، دوره 16، شماره 27، 1402، صص 245-286.
  5. صادقی، حسین، ناصر، مهدی، مطالعه تطبیقی سازوکار شناسایی قانون حاکم بر دعاوی ناشی از نقض مقررات حفاظت از داده های خصوصی و چالش های پیش رو در حقوق ایران و اتحادیه اروپا ، فصلنامه اندیشه‌های حقوق عمومی، دوره 10، شماره 2 پیاپی 19، 1400، صص 45-58.
  6. Accountability, security and breach notification | Personal data breaches and notification, https://www.twobirds.com/-/media/pdfs/gdpr-pdfs/42--guide-to-the-gdpr--personal-data-breaches-and-notification.pdf, Last Visited 28/07/2023.
  7. Clarip, Clarity in privacy, Differences between a GDPR Data Controller Data Processor, https://www.clarip.com/data-privacy/gdpr-data-controller-vs-processor-differences/, Last Visited 24/07/2023.
  8. Cynet, GDPR Data Breach Notifications: Everything You Need to Know, https://www.cynet.com/cynet-for-compliance/gdpr-data-breach-notifications-everything-you-need-to-know/, Last Visited 28/07/2023.
  9. Datatilsynet, Data controller and processor, https://www .datatilsynet.dk/english/fundamental-concepts-/data-controller-and-processor, Last Visited 24/07/2023.
  10. EUR-Lex, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), Official Journal of the European Union, L 119, https://eur-lex.europa.eu/legal content/EN/TXT/PDF /?uri=CELEX:32016R0679&from=EN,2016.
  11. European Commission, What is a data breach and what do we have to do in case of a data breach? https://commission. europa. eu/law/law-topic/data-protection /reform/rules- business -and -organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_en, Last visited 27/07/2023.
  12. Infoseg Insights, What Constitutes a GDPR Data Breach? Definition & Meaning, https://sectigostore.com/blog/what-constitutes-a-gdpr-data-breach-definition-meaning/, Last Visited 28/07/2023
  13. Intersoft Consulting, General Data Protection Regulation (GDPR), https://gdpr-info.eu/art-40-gdpr/, last visited 18/07/2023
  14. Iron Montain, Data Processor vs. Data Controller, https://www.ironmountain.com/resources/general-articles/d/ data-processor-vs-data-controller, Last Visited 24/07/2023
  15. online, How to Demonstrate Compliance With GDPR Article 34, https://www.isms.online/general-data-protection-regulation-gdpr/gdpr-article-34-compliance/, Last visited 27/07/2023.
  16. Mittal, Sandeep, "Old Wine with a New Label: Rights of Data Subjects Under GDPR", SSRN Electronic Journal. https://doi.org/10.2139/ssrn.2992042, 2017, pp 67-71.
  17. Reini, Pasi, GDPR implementation, Case: Headpower Oy, Master’s thesis, University of Transport and Communications,https://www.theseus.fi/bitstream/handle/10024/166514/Reini_k7696_thesis_versio4.1.pdf?sequence=2, 2019.
  18. Van der Sloot, Bart, ‘Do Privacy and Data Protection Rules Apply to Legal Persons and Should They? A Proposal for a Two-tiered System’, Computer Law and Security Review, Volume 13, Issue 8, 2017, pp 18-34.
Judgment
Volume 22, Issue 112
Winter 2022
Pages 71-99

  • Receive Date 16 November 2022
  • Revise Date 06 January 2023
  • Accept Date 21 February 2023