نوع مقاله : مقاله پژوهشی

نویسندگان

• حسین خانلری بهنمیری ¹
• محمد حسین تقی پور درزی نقیبی ²
• حامد آقا امینی فشمی ³

¹ استادیار گروه حقوق، دانشکدۀ علوم انسانی، دانشگاه دامغان، دامغان، ایران.

² استادیار گروه حقوق خصوصی، دانشکدۀ حقوق و علوم سیاسی، دانشگاه مازندران، بابلسر، ایران.

³ دانشجوی دکتری حقوق خصوصی، دانشکدۀ حقوق و علوم سیاسی، دانشگاه مازندران، بابلسر، ایران.

چکیده

حفظ حریم خصوصی مربوط به ابرداده‌ها، یکی از نگرانی‌های مهم اشخاص موضوع داده محسوب می‌شود، که نیازمند حمایت‌های قانونی است. در جوامع امروزی که حریم خصوصی افراد با مسئلۀ فناوری اطلاعات، به‌ویژه داده‌ها ارتباط تنگاتنگی دارد، حفظ حریم خصوصی افراد اهمیت دو‌چندانی می‌یابد. روش تحقیق در این مقاله به شکل تحلیلی-تطبیقی است. یافته‌ها نشان می‌دهد، اتحادیۀ اروپا به‌طور خاص با تصویب مقررات عمومی حفاظت از داده‌ها (GDPR)، از سه رویکرد خدمات محور، داده‌محور و ارزش‌محور بهره گرفته و باتوجه به اصول حاکم بر این رویکردها مانند اصل شفاف‌سازی، اصل حداقل دسترسی، حاکمیت ابرداده‌ها، در پی قانونمند ساختن حوزۀ ابرداده و میزان‌سازی جایگاه حریم خصوصی بوده است، درحالی‌که حقوق داخلی در زمینۀ ابرداده و حریم خصوصی، به‌جز یک دستورالعمل که با رویکرد خدمات‌محور وضع شده است، فاقد قانون خاص و جامع در این حوزه است. ازاین‌رو، پیشنهاد می‌شود قانونی خاص و جامع با بهره‌گیری از رویکرد‌های مذکور در قوانین اتحادیۀ اروپا خصوصاً مقررات عمومی حفاظت از داده‌ها و اصول حاکم بر آن‌ها، که متضمن حقوق اشخاص موضوع داده هستند، تدوین و تصویب شود.

کلیدواژه‌ها

• ابرداده
• اتحادیۀ اروپا
• حریم خصوصی
• حقوق ایران
• نهاد نظارتی

موضوعات

• حقوق خصوصی

عنوان مقاله [English]

The Attitude of Iranian Law and European Union Law towards Metadata and the Place of Privacy in It

نویسندگان [English]

• Hossein Khanlari Bahnamiri ¹
• Mohammad Hossein TAGHIPOUR, ²
• , Hamed Aghaaminifashmi, ³

¹ Department of Law, Faculty of Humanities, University of Damghan, Damghan, Iran.

² Department of Private Law, Faculty of Law and Political Science, University of Mazandaran, Babolsar, Iran.

³ PhD student, Department of Private Law, Faculty of Law and Political Science, University of Mazandaran, Babolsar, Iran

چکیده [English]

One of the current concerns of humanity is the protection of privacy related to metadata. Data is not secure even when processed by the most advanced and powerful companies with financial resources, which makes it more necessary to pay attention to data and metadata in the new era. Metadata is data about data that is created by individuals to achieve a specific goal or function. In fact, metadata is a systematic way that makes information resources accessible and understandable to users. Metadata, such as smartphone metadata, is one of the most important privacy concerns. The concern for citizens of society alike is that metadata, much like data, can reveal sensitive and personal information of a user. In line with the advancement of technology and information technology, the European Union has taken very useful and effective measures to protect the privacy of data and metadata and has pursued the issue of metadata and privacy seriously and in a disciplined manner since 2018, while in Iran this discussion has not been examined in detail and comprehensively; of course, perhaps the risks of violating this privacy have not yet been taken seriously. Therefore, the main question of the research is whether privacy in the field of metadata, as protected in the legal system of the European Union, has been examined in the legal system of Iran? The research method in this article is analytical-comparative, and library resources and online articles and books have been used. The findings show that by examining all Iranian laws regarding the protection of privacy and data, it can be claimed that the discussion of metadata has not been included in these laws at all, and some of the related laws have only addressed data in cyberspace and the importance of privacy. In this regard, although the E-Commerce Law is the best law in providing protection on data privacy issues in Iran, it falls short in respecting important principles of data privacy protection. In fact, the E-Commerce Law, which contains some provisions on data messages, is insufficient in protecting electronic consumers. Iran needs a specific law on the protection of personal data and, of course, metadata. The provisions in the E-Commerce Law do not generally meet some prominent principles of data privacy. For example, it does not fully protect individuals’ personal information and only identifies sensitive personal data such as medical and health data. E-business websites collect information online, but most of them do not have any policy/privacy statement, or at least this policy is not available online, such as the online store Digi Kala. The E-Commerce Law constitutes the primary law in Iran that contains some provisions (Articles 59-61) on the protection of personal data. However, for such a law, the protection of personal data is limited to a specific context, namely, in the context of electronic consumers who deal with online commerce, and there is no mention or attempt to frame the rules on metadata and privacy in this law, which is the most relevant law in Iran in the field of data and privacy. However, regarding privacy and metadata in the European Union, it can be said that the e-Privacy and Communications Regulation is located alongside the European Union Data Protection Law, which are two relatively separate and, of course, complementary laws in the field of metadata and privacy. In fact, the e-Privacy and Communications Regulation implements a European directive, also known as the “e-Privacy Directive”. This institution recognizes that widespread public access to mobile digital networks and the Internet creates new opportunities for businesses and users, but also new risks to their privacy. The European Union is replacing the current Privacy Act with a new Privacy Regulation to align with the EU version of the Data Protection Act. Among the features of this directive are: ensuring the security of electronic communications services, ensuring the confidentiality of communications regarding traffic data, requiring the anonymity of traffic data, requiring full billing by Internet service providers, requiring consent for the processing of users’ static data, and other such matters. As a result, in EU law, electronic communications and metadata privacy laws have a very advanced, comprehensive and enforceable framework, and are being developed with three approaches: (1) service-oriented, (2) data-oriented, and (3) value-oriented, and with respect to the principles governing these approaches such as the principles of transparency, trust, non-discrimination, ownership and control, security, minimum access, informed consent, which create the right of access, the right to rectification, the right to be forgotten (deleted), the right to restriction of processing, the right to data portability, and the right to object for individuals. Although each approach has its strengths and weaknesses, the focus of all three approaches has been on protecting citizens' privacy from metadata. This issue has been clearly addressed in European Union law, but the Iranian legal system, apart from the issuance of an executive directive to improve the protection of user privacy and the method of collecting, processing, and maintaining user information in open space systems and platforms, which was developed with a service-oriented approach, has not addressed much about the importance of metadata and privacy in the new era, and the existing laws are still in their early stages and lack executive details and a supervisory Institution. Therefore, it is recommended to develop a comprehensive law similar to the GDPR, establish an independent supervisory body, or require companies to be transparent in their privacy policies, or enact a specific and comprehensive law using the approaches mentioned in European Union laws, especially the General Data Protection Regulation, which guarantees the rights of data subjects.

کلیدواژه‌ها [English]

• Metadata
• European Union
• privacy
• Iranian law
• supervisory institution