Processing of Members’ and Users/Licensees’ data
Particular issues concerning processing Data between Collective Management Organisations, their members & Users of their services
Members and Users/Licensees provide CMOs with personal and sometimes confidential or commercially sensitive information. A CMO should treat such personal or sensitive data carefully, and always in compliance with the applicable Kenyan rules on the protection of privacy, personal data, and trade secrets. The applicable rules on data protection vary from country to country, but it is good practice to ensure that personal data is only kept and used for the purpose for which it was originally collected, and that consent is sought for any further processing of data. If it is necessary to transfer personal data about a member abroad, a CMO should point out to the Member, when obtaining his/her consent, that some foreign countries might have weaker data protection laws, or no data protection laws at all.
HOW THE EU HAS DEALT WITH DATA PROCESSING
The European Union provides that “It is important for collective management organisations to respect the rights to private life and personal data protection of any right holder, member, user and other individual whose personal data they process. Directive 95/46/EC governs the processing of personal data carried out in the Member States in the context of that Directive and under the supervision of the Member States’ competent authorities, in particular the public independent authorities designated by the Member States. Rightsholders should be given appropriate information about the processing of their data, the recipients of those data, time limits for the retention of such data in any database, and the way in which rightsholders can exercise their rights to access, correct or delete their personal data concerning them in accordance with Directive 95/46/EC. In particular, unique identifiers which allow for the indirect identification of a person should be treated as personal data within the meaning of that Directive.” Recital 52, EU Directive 2014/26/EU
PROVISIONS OF THE BILL IN REGARD TO RELATIONSHIP BETWEEN CMOs & MUSIC USERS.
1. A CMO should use its reasonable endeavors to ensure that each of its directors and employees does not disclose to third parties any information they have obtained in the course of their employment or performance of their duties without an objectively justifiable reason or an order by the Data Commissioner or a competent authority.
2. A CMO should keep and regularly update records of each Rightsholder it represents so that such Rights holder can be accurately identified and located.
3. A CMO should respect the fundamental principles of privacy and the protection of personal data. It should also comply with its obligations under relevant laws relating to protection of privacy and personal data.
4. A CMO should inform (where possible electronically) a Rightsholder or a Licensee about the personal data it holds on such Rightsholder or Licensee/User
Participate by sending us your thoughts, ideas & or comments.