Analysis of the Requirements for User Data Security on Service Provider Platforms

One of the most crucial issues in information security is the protection of user data from unauthorized access. In this regard, the privacy policy of almost every platform asserts that the company's protocol, server, security layers, and data management techniques will ensure data security. However, the precise mechanism and criteria for implementing security measures remain unspecified. Existing laws, except for the e-commerce law, fail to provide guidance on securing user data in electronic commerce, resulting in a significant gap in regulatory oversight. This article uses descriptive and analytical methods within Iranian law to examine the requirements for securing users' data. Data processors must consider the type of data, implementation costs, processing nature, geographical location, subject and purposes of processing, potential risks, and their impact on individuals' rights to ensure adequate security. Therefore, data processors must adopt appropriate technical and organizational measures to ensure the security of users' data at an adequate level. Periodic review and assessment and reporting of the level of consumer data protection on platforms and providing a regulatory artery have been regarded as data protection requirements. The Supreme Commission for the Regulation of Cyberspace has obliged all service providers to encrypt the data that leads to the identification of users within two months, through the amendment of their privacy policies, and to recognize the "right to delete" information for users. The result is that due to the shortcomings of the directive, including generalities, the lack of identification of the special platform for compensation, and the ambiguity and silence of the provisions of the directive in some cases, as well as the reliance of the implementation guarantee on civil and criminal liability, the approval of the law on the protection of personal data, along with encouraging The self-regulating system of the platforms seems to be a practical solution.