Draft Resolution
Draft Resolution
Noting with deep concern that here is a lack of legal and institutional frameworks, processes,
and infrastructure to support the protection of data and privacy rights,
Bears in mind disastrous consequences of a data breach and the need for timely response in
case of such accident,
Emphasizing the need to conduct pragmatic actions towards tackling online privacy invasion,
Encouraging agencies of the UN bodies to collaborate closely with other Member States to
bring out the optimum resolutions,
Calling upon collaboration with national and international organizations for possible ideas on
introducing effective data protection policies,
1. Strongly urges to reinforce stricter regulations for preventing the online privacy
infringements of technology companies:
a. Requiring technology companies to have transparent commitments with
internet users about the using of their personal data, including but not limited
to:
i. No arbitrary usage of collected information, without the users’ consent,
such as selling the data to a third party for financial purposes,
ii No retention of personal information for longer than reasonably
necessary,
iii. No abuse of sensitive personal information such as but not limited to
precise geolocation, race, ethnicity, religion, private communication, sexual
orientation, health information…,
b. Encouraging the governments to strengthen their policies on managing
technology companies by:
i. Executing stricter punishment for violations. The forms of punishment
should include but not limited to fines, suspending the businesses and
criminal penalties,
ii. Establishing a framework for controlling and processing personal data.
The framework should outline specific responsibilities and privacy protection
standards for data controllers and processors,
c. Issuing a code of conduct to:
i. Incorporating all the conditions for the lawful processing of personal
information or set out obligations that provide a functional equivalent of all
the obligations set out in those conditions,
ii. Prescribing how the conditions for the lawful processing of personal
information are to be applied, or are to be complied with, given the
particular features of the sector or sectors of society in which the relevant
responsible parties are operating,
iii. Specifying appropriate measures for information matching programmes
if such programmes are used within a specific sector; or for protecting the
legitimate interests of data subjects insofar as automated decision making;
2. Urges member states to exercise efforts into enhancing public perception and educating
people to protect their online privacy:
a. Informing people about the disastrous consequences of data violation:
i. The loss of privacy can lead to an increased risk of harm from identity theft,
fraud, or other injury,
ii. Elevating a person's stress and anxiety levels and causing them to shudder
with fear,
iii. Resulting in a violation of personal boundaries and a loss of trust, not only
in the invader but often with the victim's own ability to set up and maintain
boundaries to protect their privacy,
iv. Causing people to expend time and money to prevent future fraud, such as
signing up for credit monitoring, contacting credit reporting agencies and
placing fraud alerts on their accounts, and so on,
b. Emphasizing human rights on privacy protection:
i. Redefining the importance of personal information. Clarify that personal
information is not just a kind of data, but rather a kind of property which
belongs to its owner,
ii. No organization, internet services provider or even the government has the
rights to freely use or exploit the user’s information for wrong purposes,
iii. The owners are the ones who have control over their information. Any
single action with the information requires the user’s permission,
c. Suggesting tools people can use to protect their online information:
i. Using a strong password, encryption, or security to hide wireless networks
from outsiders,
ii. Installing antivirus software to prevent hackers from accessing personal and
financial information, and tracking one’s location,
iii. Limiting the personal information shared on social media,
vi. Restricting access to sensitive data;