NAFSA' Privacy Policy
Ngày đăng 06/06/2020, 20:10

NAFSA' Privacy Policy
[https://www.nafsa.org/legal-information/privacy-policy]

The extracts and comments are below for your easy reference:

1. "that help protect the privacy of our customer and user data. This Privacy Policy covers all information collected by NAFSA"

When we think to develop a policy, what is the first top of mind in our policy?

If we might agree together, the same like Nafsa commits with EU that human rights are fundamental and essential with NON-NEGOTIABLE, as human must be the first to be protected in all kind of technology, in all apps or in any commercial/non-commercial transaction, no matter what/where they might execute, either in offline or online; how to reflect this principle into the Human Privacy Policy?

As if we all fully aware that Nafsa' Human Privacy Policy to help protect the privacy of our customer and user data, what does it mean for "customer" and 'user data" here; especially “user data” if understand correctly with English-American grammar and wordings, seems Nafsa put customers (I understand that they are human) at the same level, the same treatment with “user data”, that just the numbers, the systems or processing for numbers/information and some other behavior analysis from the auto-generated systems that you insert into any website or link that connect with the users/customers. Accordingly, how do we say Nafsa commits with EU'GDPR regulation for fundamental human rights? Or above that, the UN' Universal Declaration of Human Rights and the huge international relevant documents for governing the human rights’ matters over the world?

As I recommended UN-OCHA regarding their Draft of Guideline for Humanitarian Data Management Process, might I send you enclosed herewith their document with my comments for reference, to get the insights, how we might think "who is the human" and how to protect them online and offline, incl. their privacy rights, in our current online/digital society.

2. " NAFSA reserves the right, at any time, to modify this Privacy Policy. "

As I experienced more than 30 years with laws and enforcement in Vietnam, Asia and US, I must thank to get the sense that we talk a lot about 'democracy", "human rights", and "equality", but still, "inequality in global scale", and the example from the term like this “reserves the right, at any time, to modify this Privacy Policy” reflected exactly what we call in Texas, US as "one-side agreement". If I say every agreement from public services or even private areas, esp. from organizations who might dominate their services to their users/customers, often corporates get their rights over than customers/users and clients, even they are the human and they are helping companies and organizations to be rich, richer and more powerful. Any agreement shall be legally bounded by 2 or all parties involved; but it is often said that Companies/Orgs have the right to "modify" at any time, at any term and condition showing that Companies/Orgs don't care for the other side' parties.

How do Nafsa’ members (more than 20,000 people as international educators) learn that they are not in the fair and just membership with Nafsa - their professional organization, according to clauses/terms of Privacy Policy?

I understand that this is just a standard clause, not only at Nafsa' Policy, but we might face the same clause at most of every deal, every transaction with corporate/organizations and public services provided by the Gov (one-way communication/transaction/agreement); and it proved clearly that we are NOT having the human rights at all! Further, we officially recognize and encourage all People to keep silence for the unfair, unjust clause that just giving the conformity for the ones who manage the policy or contract, and quite often, they are the Gov, orgs and corporate, NOT the ones representing for 99% of "others".

How to change this clause and the culture of "one-side agreement"?

3. "By visiting this Platform, you are freely accepting and consenting to the practices in this Privacy Policy.

You may withdraw your consent at any time and for any reason with effect to future data processing by contacting us at the address listed below in the Section titled "Communications."

The definition of Platform is quite convenient for Nafsa' management, but not for users/customers or anyone who love to work with Nafsa.

"Visiting": what does it mean? and why do we, just by passing, or have a look at Nafsa’ website/Platform, have been forced to be freely consent with all terms and conditions in Privacy Policy; although they might not have enough time to read any word in the Policy?

Again, the "one-side agreement" shown and repeated when Nafsa allow their rights over the other rights, when we ask all others to withdraw the consent by contacting Nafsa, while just by visiting Nafsa' Platform, they are (their personal data/info) freely give their consent to us?

From my understanding of EU' GDPR, I dont think the auto-consent is given for auto-generated systems. For protecting the users/customers, every time when we do some specific activities and for specific purposes, we must ask the consent for clear and transparent transactions.

4. Without your consent, NAFSA will use personal information, only insofar as such processing is permitted by applicable law (e.g., for the performance of a contract or agreement between NAFSA and you) or where such processing is necessary for compliance with a legal obligation to which NAFSA is subject."

Kindly advise "applicable law"; and "legal obligation to which Nafsa is subject"?

We fully aware that we are all connected and we are all relying on the different laws and governing authorities. When Nafsa works for international education, how to define the applicable laws? especially when the transactions for international education is for cross-borders and for humans, such as students, teachers and more than that, copyrighted and intellectual property matters in the globalization?

Assuming that one guy with one name, or many different names as the practice in the US, the names and his photo and his profile recorded and stored at Nafsa with headquarter in US, shall be applied by which laws?, when such guy works for the whole US' states and overseas, when the state laws in US are different to each other?
The key here is not only about the laws, as we know clearly that US Congress try hardly but has not yet regulate the laws for privacy rights over whole 50 states; and for protection of human database, this is still a question when OPM' American officials database was under attack by "un-disclosed" people/Gov.

How do we might think to foresee and develop a term in the situations if the laws keep silence/conflicts? or the law has been yet enforced enough to protect the end-users/customers/clients who dont know much about their rights or their privacy rights, in US and in the world, when they are new international students and just coming to the new country?

If my memory is correct, Clinton and many leaders in US often proudly said "We, Americans, will lead the world by our good examples" Please, kindly help to protect the right of rights, for human first and help the world to learn from our America.

Collection of Personal Information

5. "personal information,” which is information that identifies an individual or relates to an identified individual.
---> please kindly advise how to define "non-identified individual"?

From National Security, or from US' national interest, or from which terms and conditions that we might think/classify any individual shall be NOT identified? Especially when Nafsa are devoting for international education/students?

Non-personal information means information that does not directly identify an individual. ---> might I ask the same question for this, "non-personal information”? The reason I must ask clearly here is that the warning for "auto-person"; "auto-human brains" in the age of surveillance capitalism written by S. Zuboff is a good alarm for ALL Americans and the world to know that, the crime for automating humanity and People for "totalitarianism" has been coming; the same like we faced with many "Revolutions" within the last century, from 1920 till now.

We collect both types of information about you. [?] àif Nafsa cannot clarify the “non-personal information” when at the end, all information from personal information and from visitors/members/others must go along with “human person”, how to define ‘Nafsa collect both….”?

6. Demographic Information: personal information, such as photo or location

---> I fully aware that when Nafsa/service providers know our photo and location, they might help to provide services better to align with personal needs. Unfortunately, the more they know, the more they illegally interfere into the privacy rights of our daily life. From the tech and apps we must "use" every day, we dont have any other choice, except the case the apps in the system has been set for "Dont allow to show the photo or location"; but all settings do not belong to the right of users/customers/members/visitors of Nafsa’ Platform, they belong to the systems' owners or developers. They might show to us that "we dont share your photo or location" to any other; but in reality and their stores, they record all automatically, without our consent and knowledge. This is the very dirty side of technology; and regretfully, the most excellent minded guys just think how to store (and in other words, put all in their prisons) our humans and People in their data systems for enriching their big data and commercial purposes, but not for People.

The most dirty challenge for the users/members and others in the internet nowadays is not only about "data" and "privacy rights"; but the exploring "the shadow text" that technology "extracted" from the real experiences, real humans to do biz! And this is, from Zuboff, an American crime, done by Top 5 Tech Companies that we - Nafsa and all other non-profit orgs, should spend time to work out, how to stop the crimes.

7. Digital Fingerprinting:

"use digital fingerprinting technologies in an effort to protect and ensure the integrity of our Platform.

In general, digital fingerprinting technologies assign a unique identifier or “Machine-ID” to a user’s computer to identify and track the computer’s survey activity. "
"The technology will analyze publicly available information and data obtained from the computer’s web browser and from other publicly available data points, including without limitation the technical settings of the computer, the characteristics of the computer, and the computer’s Internet Protocol (IP) address, to create a unique identifier assigned to the computer.

The unique identifiers are typically alpha-numeric IDs and after creating the unique identifier, NAFSA does not retain the information analyzed by the technology to create the unique identifier."

---> In February 2019, Harvard Kennedy organized a series of discussion "Big Tech and Democracy", but no one asked key question: under the US Declaration on Independence and under the God, we were born equally as all men, why some big tech might have the rights to 'supervise" all activities at all time and for their benefits only?

We call as "digital fingerprinting", but in fact, they are all settings they put around our life, our activities when we connect with internet for "asking us to spending more time, responding more to their intangible inquiry; and for selling their services and advs only". But the most benefits they gain is not only about "monetary"; they know everything about People; and not stopping about knowing, they are changing our Humanity; changing our thinking and behaviour; that is NOT human society’ life and NOT the ethics for human conduct any more.

Digital fingerprinting is clearly infringing the human rights, the privacy rights, and UN/UNESCO' Statistics recorded through their own studies in 2001 for "big data is the big concern for human rights".

When we explore "tech" and People just like "computing systems", the same treatment, the same governing laws, how do we develop a Mission of Nafsa, "Connecting the World"? for Human World or for Computing World?

Whenever we do Policy, I get the sense after more than 5 years volunteering at Nafsa' annual meetings, that we must care for human first; and that Policy is for serving People, not making money fast and big.

8. Geo-Location Information: location-tracking technologies.

"NAFSA may capture proximity and duration information for providing personalized products and services, demographic analysis, or behavioral analysis. Such information, and any derived information, may be shared with third parties that have a relationship with NAFSA." ----> Again, the question for tracking technologies.

In US practice, FBI and authorities shall have the tracking rights when they get the courts' approval for specific purposes/situations. After 9/11, huge laws on the privacy rights and human protection have been over passed to claim that "under the national security"; someone from authorities might do tracking without consents either from Court or from related People.

I dont understand, how do US and Nafsa will balance between US national security and human rights, privacy rights, with UN-Universal Declaration of human rights’ standards? The current clause of location-tracking tech is showing to Nafsa’ members and to the international education that “We dont care much about human rights, we care security first”; and because, under US security claims, they might over their rights to infringe the human rights.

International Education Professional like Nafsa organization, when we apply the tracking tech, what do we think, if not only American students, but international students feel about the ways they are tracked in every minute?

E-mail Interconnectivity

9. Employment: collecting “your Social Security Number or tax identification number"

---> from US laws and practices, we dont need to provide SSI and TIN for employment purpose. As soon as the employment is confirmed and for internal record for payment of salary and declaring the taxes for CIT and PIT, then, the employees shall work out with specific authorized department/person for sharing their SSI. Accordingly, if Nafsa put the SSI and TIN into the collecting personal data for employment, it seems not necessary when the process has not yet confirmed by both parties.

10. Market Research Studies:  The information you provide is used for research analysis and we analyze the answers in aggregate. Information you provide in response to or in connection with a market research study is and will be provided to our clients or other entities or the public as part of cumulative market research information or statistical data in the ordinary course, but without identifying you individually, directly or indirectly.

This clause: the market research studies within the context and request under the commercial/non-commercial views, including the biz ethical and human ethical terms, request all of people involved in the studies and market research need to think so much of the following key issues:

10.1 Nafsa has been well-known for non-profit activities; devoting for international education in US and many other areas in the world.
Kindly advise
---> who might know the beneficiaries of market research studies, esp. when NAFSA is claimed they reserve for "non-profit" purposes? And how to identify that market research studies are for non-profits/profits, and how to make clear for everyone involving in the research studies that they are working for NAFSA, non-profit org for international education? And everything shall be governed, by not only US laws, but international laws and treaties that covered by the world? Including the human rights for all, privacy of personal and data...?

10.2 As far as I know, the annual meeting of Nafsa is quite expensive for students’ budgets, especially for special training programs. The key here is that how to look at market research studies when Nafsa might explore members/visitors' information, for contacting, for asking the survey, for collecting market information, quite often in the practice is provided by them with free of charge, but in return, the market research' result is serving for making much benefits for groups of corporates that might be of Nafsa' 3rd parties or resources of incomes to develop Nafsa and Nafsa' vendors. How to review this matter, market research studies, for clearing the matter between Nafsa' membership and benefits under their memberships; and the business that Nafsa takes for their own and/or 3rd parties benefits, and by exploring their membership' database as well as their sharing knowledge and market information free of charge?

10.3 As in the Nafsa' Privacy Policy, you mention clearly about the 3rd parties and many others that might get the users/customers' database; and it attached to the Nafsa' subjects; Nafsa applicable laws, that all of these are not disclosed to the Nafsa members as well as users/ customers. Please kindly advise how do we clarify this point to all members and users/customers based on fair and 2 sides - agreement? And there is not "the just" for Nafsa to share users/customers/database for any 3rd party without prior permission or acknowledgement of Nafsa' members? Accordingly, the clause for "By visiting the Nafsa' Platform, you are freely given the consent..." should be deleted, for unfair and unjust for anyone who just visit your website and they might not have any chance to read and review your Privacy Policy to understand what shall be binding them into the legal terms and obligations, even they also do not use any service/product with Nafsa.

10.4 In the books of "Predictive Analytical: The Power to Predict who will click, buy, lie and die", and "Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are"; together with the recent book written by Harvard Professor - S. Zuboff, "The Age of Surveillance Capitalism", the key matters of how AI and big data influence over our daily human life, changing our thinking and behaving by "certainty new business" led by big giant global corporates and countries, by hacking human brains and re-arranging the human intellectual knowledge to very few "Powers" under the campaign of "We change the world" to "the totalitarianism" and "instrumentarianlism". The question for new "priesthood" and division of learning of societies by "just few gets the truth and quality of knowledge"; and the rest shall get the content or the 2nd text of "content" through "AI" and "algorithms" controlled by very few tech and powerful people to decide.

I am very sure that Nafsa and all of humans at the 21st century must work hard to clarify how to deal with this matter, and more than that, it is the "hard choice" for the powerful and giant corporates and countries to identify, they devote for "human world" or for "AI and tech world" when they are coming to "destroy the humanity in our surveillance capitalism" as confirmed by Zuboff after more than decades of research and study of smart machine; learning machine, and the fight for future humans that put America and Americans at the first to answer to the world, who they will serve?

If Nafsa and international educators believe that we shall devote for human future, including the young generations, please kindly advise how to do the best Privacy Policy for their parent, their grandparent and for Nafsa' members first. If we are now NOT free with big data and the prisons that managed by tech and many other beneficiary' corporates, how do we think to be free for others, including our children?

As I experienced with Boston children when devoting for Christ church at Harvard, they learned quickly that we are NOT free even we are Americans, and their parents are in the same situation.

Saying about the market research studies, although it is said that Nafsa do not identify "You" as individual person or non-individual person; but we all know that, at the end, that comes to the "personal information"; personal database that are explored over commercially and no rules or no laws or no enforcement, either in the US or in anywhere in the world to confirm that "We are the People, not numbers/data"!

Might be it is a little far with the legal term of "Market Research Studies" at Nafsa' Privacy Policy, but let me remind Nafsa and all of us that, in 1970s, Derek Bok warned that our higher education system has been commercializing over the students and society, and we also conducted the experimental trials, with the human testing, at some low/developing countries without the relevant research/biz conduct code [Universities at the marketplace: The Commercialization of Higher Education]

How do Nafsa and America, and international organizations, handle this matter? Especially when we are now saying at every corner about AI, machine learning, and edu-tech, but the dark and secret sides of human rights and human testing without the proper management under the ethical conducts, who might think further for the future of learning and also, the market research in these "dark and secret" tech areas? And by infringing human rights and privacy rights for collecting big data?

10.5 "Fake news" and "Virtual Reality" life developed and tested on real human brains and human life: as I lived more than 5 years in the US (back and forth US – Vietnam); and more than 20 years around the world for learning, doing biz and walking around street corners with local people, till now, my question for how do we protect our international students and People in general, when we travel to the new country; to the new learning environment, when the fake news and VR developing the "news", no matter from the newspapers, or by technology, via social media or by any high-tech that I am not sure it is a right ethical tech, such as "human-brain connections social networking"? As if the fake news like "Harvard up to 4.30AM for studying" has extending over the world by the wrong information, for some personal purposes developed by someone/some organizations/corporate, and now, walk around the world via human social networking, how do we stop it?

Furthermore, "Virtual Reality" promoted officially via games like many online programs has been negatively influenced the reality, the truths around the students and People. I dont want to say, but in Vietnam, Senior Officers at Minister of Internal Affairs "protected" an "online international gambling", with more than 45 million of Vietnamese people and excluding millions around the world.

How do we think as if the market research to be done like this, without proper conduct; without ethical management; and without the right People to control the powers from the technology: Tech People and Companies and behind them, if saying in Vietnam, they claim "under the national security", but in reality, all are groups of private benefits and some "big fishes" of bureaucracy which I believe that a book "Secrets of empire, How the American Political Class Hides Corruption and Enriches Family and Friends" publicized in US shared some truths.

How to protect the People involving in the market research studies/survey with the above realities? When human - People become the instruments of few others to explore without proper permissions; by the human private life and changing their behaviour to develop for new economy of certainty to maximize their benefits only.

Might I share with you my own experiences on my studies and being "tested" in US and Vietnam for "hacking brain" and controlling "thinking" and the question to you in 2015/2019 and further, to UN/UN - Human Right Committee and others, who will treat international students and all of us as humans in the internet and offline?
The official letters are enclosed herewith for your reference, one was submitted to UN [http://newasiagloballearning.com/tin-tuc/quyen-con-nguoi-trong-the-gioi-internet-va-nen-kinh-te-chia-xe.html]; and other was submitted to US Congress and related Committees and authorized offices.

11. Surveys/Partner Promotion: If the survey is provided by a third-party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information.---> this is the key concern from my case and from the experiences of hacking, not only personal data, but the human life, when they build up "fake and VR" around, including the very important online questionnaire for political campaigns and exploring all human personal data for other purposes? The case of Facebook is quite clear to US Congress, but till now, seems that everything is still going nowhere, because the authorized people dont want to solve completely under the laws and enforcement.

When Nafsa refer to 3rd party, when they just commit with EU' GDPR for rules and regulations, please kindly advise how' about other areas of the world? When US and EU also take many networking and personal data from all others, esp. in Asia and Africa, the 2 key biggest markets?
I dont like to criticize anyone, but "American crime" written by S. Zuboff of "The Age of Surveillance Capitalism, The Fight for a human future at a new frontier power", is an urgent call for everyone, especially American People and authorities to do their ethical and right works they must do, for them, for their children and for the world.

12. Web Logs/Third-Party Tracking:
We may collect information from you, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet), domain name, click-activity, referring website, or a date/time stamp for your visit. In addition to information stored by our servers, we may also use cookies and clear GIFs.

In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources.

---> As I mentioned above, the term of "By visiting this Platform, you are freely accepting and consenting to the practices in this Privacy Policy....” is the NO JUST for anyone.

Firstly, I am NOT your membership for quite a long time; but I still keep your email in my contact list as I try to review and give you something in this letter: giving comments on the very key policy for Nafsa. For me, this is the way that I do hope to share with you my concerns, not only for me, but for all other members and non-members. But in return, to exchange my willing advice/comments for Nafsa by freely being considered as "giving you consenting the Policy" that I have not agree with, how do we develop the "fair communication" for everyone, from the starting, to know who you are, Nafsa?

The second, let me be clear. When I devoted hardly for Nafsa from 2014-2017 as your official member, I did not expect that on the day I faced with the challenges at my university as an international student, as a human, at the US, no one at Nafsa and in US might give me any help! I felt so deeply sorry for my trust and love with American values and ethics that one of persons I admired that making me cry every time I read his words, "Ethics is testing every American generations". But it did not stop in 2017; as I tried again, in 2019 at Boston' volunteering activities for homeless and disadvantaged people; the very obvious infringements over my life, my human rights, my feelings under many high-tech tortures that I could not understand, who I am, what is my wrong with American People, when one friend, one guy came to US for giving friendly hand to the poorest, to the disadvantaged people in the dead-end of Boston, why some Americans still "killed" me, again, again and again, that every day I walked in Boston, every night I stayed in Boston streets with full snow storms, I tried to sing, to exercise, to "live me up" to understand what was the true value of my life when I came to Boston, to help me get the "American values"? At Boston, we have P. Brook for "Refresh the truth; Refaith the humanity", but I found the "hard truths" there, and by my life' price to warn US Congress and People that, please, you cannot take any "free" life by tech-crimes.

Humanity in our ethics and biz conduct code seems going wrongly, as we rely on laws and many laws for tech and for human rights on internet and tech' dark sides keep silence for so long; and that's why many tech companies and people ignore their human ethics to explore commercially with global scale and paid by many other generations.

Market research for whom benefits? especially when you refer to 3rd parties with no clear, no definition, no governing laws. Nafsa should declare they devote for whom? for international education or for 3rd parties' benefits?

At first, Nafsa, you force others to freely give you the legal binding over your Policy, no matter they might disagree. Then, you automatically transfer information/personal data of your visitors/members/others to 3rd parties, although you dont know who they are; what 3^rd parties will do with Nafsa’ visitors/members/others’ information/personal data; the final is what shall be the next for the beneficiaries and that is Nafsa or 3rd parties?

So sorry for raising this concern, but honestly, in America, we often say about "accountability", but I am tired up with the terms and conditions of one-side agreement for all members and others that dont show proper respects and just/fair under the ethics/laws for all.

13. Use of Personal Information
---> From all the above sharing, what shall be the relevant terms and conditions for "use" of personal info? From my personal views, “use” right always goes with who own personal info first, as the owners will decide who will use and for what purposes. From the Universal declaration of human rights, I strongly believe human are born free and equal; and accordingly, no way to separate their human personal info with their human identity and their human rights. If we agree with Universal Declaration of Human Rights since 1948, and as US is the country for “free and brave men”, I understand that all statements for “use” of personal info must be consented by the person who owns his/her personal info.

Sharing of Personal Information
Other Disclosures with Your Consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy, and we may do so with your consent.

---> From all the above sharing, what shall be the relevant terms and conditions for "sharing" of personal info?
Firstly, when Nafsa use the verb “may”, it should be understood that it is NOT the legal rights and obligations for Nafsa to “ask” for sharing personal info. Kindly advise if my understanding is NOT accurate. If Nafsa’ obligations are not officially asking members/visitors and others before or prior sharing their information to, either affiliated or unaffiliated or any types of 3^rd parties (besides Nafsa), how to show the fair and just 2-ways communications/transactions and promoting an opening international education for Nafsa’ members and others?

Secondly, talking about 3^rd parties (all types, affiliated or unaffiliated)

I do believe Nafsa don't list down clearly all 3rd parties’ names and scopes of biz at your website to members/visitors; how's about the case if it help Nafsa list down all info of any 3rd party for commercial/non-commercial purposes in your website for officialization of your contracts with them; and the ways Nafsa and 3rd parties verify how they explore membership' database.

Other Disclosures without Your Consent.

Service Providers. We may share your personal information with service providers. Among other things service providers may help us to administer our website, plan or facilitate events or travel, conduct surveys, provide technical support, or sending marketing, promotions, and communications related to our business, payment processing, and for other legitimate purposes permitted by law

--->Please STOP share anything that members/visitors don't allow Nafsa in written agreements for 2 - sides’ agreement with clear purposes. In your Privacy Policy, you don't declare clearly which governing laws shall be applied for courts/relevant mediation if something/conflict is happening. This term shows the readers, especially for whom who know laws in US and the world, need to ask ourselves, who benefits from all of "voluntarily share other personal information"?

I want to remind every American People and Nafsa, you are the country to state clearly before the world in 1776 "All men are born equal"; why do till now, going to 2020, Nafsa and many laws in US allow others to "share" human – persons under the format of human - PERSONAL INFORMATION?

14. Security of Personal Information

“Nafsa has implemented reasonable and appropriate security measures to help protect of the personal information Nafsa collects from loss, misuse, unauthorized access, disclosure, alteration, and destruction.”

---> Kindly advise clearly what is "reasonable and appropriate security measurements" in this term, from the US applicable laws and from any other laws that Nafsa and US voluntarily agree to binding. Further, please advise how Nafsa' members and others might find relevant legal resources to ensure that the "reasonable and appropriate measurements" you described are the best protection for their members/visitors and others and their personal information, under the prevailing laws and ethical practices, in the US and in the international laws.

What shall be protected to all Nafsa members/visitors and others’ personal info when the laws are silent?

15. Retention of Personal Information

“Nafsa will retain your personal information as needed to fulfill the purposes for which it was collected. Nafsa will retain and use your personal information as necessary to comply with Nasal’s business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.”

“Purposes for which it was collected”: please kindly set this as the key principle for any/all activities of collection of humanitarian data. We must be clear and clean to state the purpose for any time to collect the personal data, information for research or 3^rd parties’ survey. If Nafsa lead this as the key principle for data collection, please kindly delete out the first statements you mentioned at the very first of Privacy Policy "By visiting this Platform, you are freely accepting and consenting to the practices in this Privacy Policy.”; “Without your consent, NAFSA will use personal information, only insofar as such processing is permitted by applicable law (e.g., for the performance of a contract or agreement between Nafsa and you) or where such processing is necessary for compliance with a legal obligation to which Nafsa is subject."; “Sharing of Personal Information”;
“to comply with NAFSA’s business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements”: from my understanding of US Constitution, we – America, respect the principle of “rule of laws” for not only American matters, but for international matters. How to reflect this principle in this term, when we – Nafsa put the “biz requirements” first and before the “legal obligations”? When Nafsa declare about “our assets”, kindly advise, visitors/members/others, including but not limited to “personal data”, shall be Nafsa’ assets? Let’ be clear and kindly refer to the biggest challenge asked by WEF’ President to the World and in Davos, for whole “elite” that

“We are encountering new business models as well as ethical, safety and social issues as emerging technologies come to life. But we have yet to collectively solve some of the most basic questions on critical issues such as the ownership of personal data, security of social infrastructure and systems, and the rights and responsibilities of the new leaders of our business landscape.

For a prosperous future, we must ask how all of us, and the technological systems we design and build, can serve the proper ends and not be confined to the means. Our efforts must focus on the impact of the Fourth Industrial Revolution on human beings, society and the environment, and not just focus on technological progress or economic productivity.”

[https://www.weforum.org/agenda/2016/10/four-leadership-principles-for-the-fourth-industrial-revolution?utm_content=buffereaf4a&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer]

So, how Nafsa clarify who own personal data of Nafsa’ members/visitors and others?

And how do Nafsa focus to explore for “human benefits”, society and environment; NOT on tech progress and economic productivity only? While, in reality, the bad consequences from tech’ commercialization over our People has been studied by Zuboff at The Age of Surveillance Capitalism?

Always remember, Nafsa is committed to international education and educators, students and all related to them. How do we state clearly that all terms and regulations, our core principles for international education are for Human – People? No matter we devote for “Connecting the World” by internet, but People must come First; and their human rights, their privacy rights and their data shall be the Top of Mind in any word, in any activity or any clause that Nafsa shall execute, in US and in anywhere Nafsa and 3^rd parties will do business?

16. Data Integrity and Purpose Limitation

“NAFSA limits the use of personal information to ways that are compatible and relevant to the purposes for which the personal information was collected or subsequently authorized or for which consent was obtained.”

This clause is too good. How to enforce? Whenever we say about “relevant to the purposes for which the personal information was collected or for which consent was obtained”?

The case of more than millions of personal data from Facebook/Cambridge Analytics and even Official Personal Management in US “shared” the reality of not only about the silent laws for protection of personal info; but the key is who enforce; how to enforce; and how to clarify with not only in US, but whole the world, as the internet hacking of personal data has been the world-wide crimes and many are falling into silence; and might solve by diplomat relationships, like the meeting b/w Obama and Xi for solving the hacking matters. How to “awake” People, in US and in all other countries, esp. the people from China, and many others that whenever US respect human rights, privacy rights for Americans, we also respect the same for other People in other countries and in return, we do hope they also do the same for Americans and American’ allies/visitors/members and all others?

My strong recommendation for UN-UN OCHA for Humanitarian Data Management is that we must develop an UN-official system for protection of humans and humans’ rights via internet, online and offline; as the personal data is NOT the US matters only, it is the global matters. The Chinese students study in US, their personal data has been recorded and protected the same like Americans; while do we must build “wall fire” and hacking and then, increasing many challenges between 2 countries? And in US, to date, not only China, many others up to 1 million international students from more than 40 countries around the world come to study; but now, we all know that their personal data might be unsecured and not well protected, even in the Privacy Policy of Nafsa.

The personal data via cross-border “systems”, online or offline; must be well protected as they are NOT the numbers; they are our life, our People and our future as well.

“NAFSA will take reasonable steps to ensure that personal information is reliable for its intended use, accurate, complete, and current.”

17. Your Choices
“Third-Party Communications. You may choose to consent for the purpose of allowing targeted offers from third parties or NAFSA’s clients or business partners.”

Any term for 3^rd party/3^rd parties are the big “grey” area for readers/visitors/members, if Nafsa do not publicize and update all their 3^rd parties in the website for everyone knowing who works for Nafsa and for which purposes, for profits or non-profits.

This is just an advice for Nafsa. It’s always good for public accountability and social responsibility, incl. members of Nafsa and also for everyone to learn who is who in Nafsa’ system; but the key is not only for public benefits; Nafsa might develop “clean” 3^rd parties with the highest ethical conduct for long-term biz when all of 3^rd parties commit to implement the Privacy and rule of laws/enforcement to protect members and all, the relevant rights of People first. Publicizing 3^rd parties shall be the clear evidence for responsibilities between Nafsa and 3^rd parties in any case the mistake/fault/fraud has been occurred. Everyone knows that no one can “bribe” or “get the money under the table” under Nafsa’ clean 3^rd parties’ policy and who they are.

To execute this, it requests Nafsa and 3^rd parties clearly commit to their members and all others – public accountability shall be the first priority in any activity.

Further, to implement the social responsibility of Nafsa to the members, kindly review again and revise the following terms and clauses:

“We may share your personal information with service providers. and
By visiting this Platform, you are freely accepting and consenting to the practices in this Privacy Policy.

“You may withdraw your consent at any time and for any reason with effect to future data processing by contacting us at the address listed below in the Section titled "Communications.";

Legal obligation to which NAFSA is subject; and
Market Research Studies;

18. Changes to Your Personal Information. Note that we may keep historical information in our backup files as permitted by law.

---> Some concerns in relation to “changes to your personal info”:

Any change must be done by the “You”, individually and by their full knowledge and aware of what/why/how to change in Nafsa’ Platform/online/offline systems;
Changes must be clear that any change don’t cause any confusion; misleading and should be legal with the legal requirements under any law that Nafsa and local Gov’ requests;
Historical info closely and automatically attach to Nafsa and internet’ tracking-location and other tracking/censoring systems set by Nafsa and others. The tracking locations and censoring the members/visitors/others through website and internet systems should be re-considered for NOT infringing the human rights, the privacy rights and all related rights. Backup files in relation to personal info should be executed at the request of Nafsa and local laws; but above of all, they must be agreed in written agreement with the “You” before any transaction between Nafsa and the members is executed. Kindly remember, except the Gov and under the specific orders from Courts, some authorities of US might track and supervise some suspects, incl. individuals; and for “national security purposes” only. The national security purposes must be clarified by/in the Court’ order to ensure that the authorities do not infringe the individuals’ freedom and no harm for their privacy/individual life. Regretfully, after 11/9/2001; and depending on the local state’ laws, many regulations on one-side agreement for “digital recording” and tracking systems has been widely implemented, even in the university campus, under the claim of “security”; but in fact, to serve for “promotion and marketing purposes”. This matter has been warned clearly by FBI for “students’ data”; and banking/financing systems to explore and “sell/buy” human data without any clear enforcement/governing laws.

Assuming that historical info of students (K-12 and university; including the historical info of learning and health status) has disclosed to sell and buy/to hack for many 3^rd parties, esp. for health status; how to solve the matter? The same for banking system, all types of transactions for loan; debts and personal credibility ranking, has been known by many others; how to protect him/her as “human individual”? And as an individual, how to solve the problems like diplomat “relations” between country – to – country, when individuals are most often the last informants and not fully aware of the legal systems for protecting themselves?

In 2015/2016, when I faced with the key question for my own privacy rights on campus in US, I wrote many letters asking for whole Texas legislations and university management, as well as for US Congress, and no one replied, the same like Nafsa’ silence at that time.

How to protect international students like Americans and all others, in US and in anywhere in this world, even they are just “a person” and not suring what is right/legal in US and how/who might protect them? Kindly remember, international students quite often spend few years in US to study, then, most of them go back to home countries; thus, their personal data and historical info shall be backed up and stored and explored for what purposes? For whom benefits? To serve what? And how to ensure that the historical info including personal data don’t impact badly to international students’ future when they go home?

From my experiences, many emails are wasting time for readers/receivers as if we send out without the clear purposes and suiting with them, esp. emails for marketing and selling services/products only. In case the historical info has been kept for our Nafsa’ archives and for networking from time to time; we might think about any system that let the receivers/readers have their own choice to opt-out the email lists if they think emails/info Nafsa sending is not useful for them. Respecting the rights of receivers shall be the first priority in any activity/communication or any work via internet, I do believe it helps Nafsa/US to be widely known for reputation of international education.

19. Access to Your Personal Information. If required by law (for example, the European Union General Data Protection Regulation), upon request, we will grant reasonable access to the personal information that we hold about a User.
---> this clause might be understood that US laws are NOT the only laws to govern the privacy data and personal info, how's about other relevant laws, incl. international ones that governed by UN (Universal Declaration of Human Rights) and many other regional? Further, when saying “upon request” ---> upon request from whom? Why do they not contact directly with some general info about "who is who" in the public info if the "You" agree to publicize their personal information? Otherwise, if they state clearly at first that they do not allow anyone to access their personal info, how do Nafsa rely on which laws to "grant reasonable access"? How to measure the "reasonable" of personal data of a NAFSA person, when Nafsa have a clause "We may share your personal information with service providers"?

How to solve the conflict of interests/laws between EU GDPR and US just in case? And if the Users/Members and others don’t know clearly laws of US/EU and other international and local laws; or even they have never acknowledged what kind of laws shall be applicable to them under Nafsa’ Privacy Policy, how to help them get the resources/knowledge understanding clearly what laws, what procedures and which pathways/who might help them?

*** In this Privacy Policy, Nafsa try to use the words “visitors”, “members” …and here, at this clause and some other clauses, it is mentioned “User”, and just one User? Please kindly revise this. And as if the clause for “freely given consenting to Nafsa’ Platform…” is deleted, Users and members means who will agree with the terms and conditions of Privacy Policy? If I want to be Nafsa’ member, and I disagree with your terms of Privacy Policy, how to solve this matter?

Please note that Nafsa and EU hold many networking around the world for international education. How to solve the conflicting matters in the Privacy Policy and other regulations shall be the key for all to learn from Nafsa’ examples.

20. Deletion of Your Personal Information.

"All deletion requests must be directed to the contact in the “Communications” section below. We may also decide to delete your personal information if we believe that the data is incomplete, inaccurate, or that our continued use and storage are contrary to our obligations to other individuals or third parties [?].

Kindly advise me, whether membership between individual and Nafsa shall be the 2- ways agreement, between 2 parties through membership program, including fair and just “rights and obligations” under the current/prevailing/relevant laws and practices? Including the ethical conduct codes that we shall apply at the highest level because we devote for education and for humans? If we agree to each other this perception, we might go further for the next question of “delete your personal info ….contrary to our obligations to other individuals or 3^rd parties”, as I don’t understand how the other individuals or 3^rd parties might impact to the 2-ways agreement, except the terms and conditions for deleting personal info must be clearly stated, quite often from the individual’ request to Nafsa.

When Nafsa have a specific clause for ‘Changes to your personal information”, how to combine the “changes” including into the “deletion of your personal info”?
How to insert the relevant links at Nafsa’ website or documentation for the “You” might do their own rights to keep or to change their personal info with Nafsa’ database systems and via Platform, at any time they want, the same rights Nafsa allow to self-modify the Privacy Policy, " NAFSA reserves the right, at any time, to modify this Privacy Policy. " ?

“When we delete personal information, it will be removed from our active database, but it may remain in archives where it is not practical or possible to delete it. In addition, we may keep your personal information as needed to comply with our legal obligations, resolve disputes, or enforce any of our agreements."

---> This clause shares the truth that whatever we agree or disagree or whatever happen, the personal info shall be recorded and stored somewhere. As I am not the technical guys for IT, but from my understanding from the laws and biz practices, even the tax statements and records, after 3 years, persons might delete (under IRS regulation) or after some specific timelines (The Freedom of Information Act), Gov. shall open and disclose classified info to Americans and the world. Why do we need to record the historical personal info (for unlimited timelines) that don’t have any link, (like you said, not active activities or impractical)? Why do Nafsa keep personal info just to serve for “legal obligations, resolve disputes”? I am curious how it might happen, as Nafsa’ members and visitors and others, if they work/devote with Nafsa, they all do for education and students, and we often don’t have any dispute or creating the dispute after long time we are members of Nafsa? Assuming that there might have a case for disputes, please kindly refer exactly to the timeline of court proceedings that might claim under the laws if Nafsa want to set the timeline of keeping personal info; or, any precedent that US or EU or international laws refer to keep the personal info/materials/documents for resolving disputes in the similar non-profit educational organizations like Nafsa. Personally, I don’t think we have any practice like this before.

"If you revoke your consent for the processing of personal information, then we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity."

---> when Nafsa say about “identity”, please kindly review the following Nafsa’ statements that are much NOT relevant to “human identity” and “human rights” stated by UN – Universal Declaration of Human Rights:

"By visiting this Platform, you are freely accepting and consenting to the practices in this Privacy Policy.
"personal information,” which is information that identifies an individual or relates to an identified individual.
Non-personal information means information that does not directly identify an individual.
We collect both types of information about you.”
and
"NAFSA may capture proximity and duration information for providing personalized products and services, demographic analysis, or behavioral analysis. Such information, and any derived information, may be shared with third parties that have a relationship with NAFSA."
Service Providers. We may share your personal information with service providers.
à This clause, “"If you revoke your consent for the processing of personal information, In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity.", please let S. Zuboff share the facts about tech’ crimes under the “certainty business” in the new economy and by exploring “human identity” at The Age of Surveillance Capitalism.
“Non-personal information means information that does not directly identify an individual.
We collect both types of information about you.” and “behavioral analysis” has been identified the key targeted by 5 Top Tech American Companies that develop the American Crimes!
àNafsa – as a leading international education organization in US and in the world, how do you and American educators, American organizations will do to stop this?
In Zuboff’ book, she advised that we all, the same like German in WW II, must say, “No More”, “Stop Crimes” or “Never Again”; but how it shall do in US, for Americans first and for the world? Personally, when I wrote many letters to US Congress and authorities, from different levels in US and in Vietnam for my case, I don’t know much, but I might say that, without the leading examples by American authorities for technology’ laws to stop the dark sides of tech influencing the human life for automat and making all to be their prisons within internet and tech’ supervision for “global scale” new biz; all of us, including American students, international students in US and all this world shall be the new prisons in the tech-surveillance world, if they explore “truly human identity” to be “extracted” for certainty business that I am now experiencing.
Regarding this matter, how to identify “human” within the Nafsa system, please kindly contact me at any time you need, as I am so glad to share my own experiences. I try hardly to give a warning, not only for Nafsa, but for UN and the world about how deeply “NOT HUMAN any more” when we trace “human identity” to be the prisons for tech’ sides via “identity and behavior analysis surplus”.

21. European Union General Data Protection Regulation: “you may lodge a complaint with the respective European Union data protection authority (DPA)”?
Let me share some facts with Nafsa and EU:

It’s not just one person’s responsibility; It will take “real effort” to bring together everyone involved”. When you read the article enclosed herewith [https://www.insidehighered.com/news/2018/03/13/colleges-are-still-trying-grasp-meaning-europes-new-digital-privacy-law], we all know how arrogance of US and universities think about privacy and their laws, even they are universities and teaching “freedom of thinking and academia” for the world. I love American values so much; and that’ why I feel so sorry for the news sharing that they, in fact, don’t try hardly to protect their personal info first; the same for their People first! This is NOT the one person, one official authority like Congress or Gov or Court or FBI’ responsibility, this is all of US’ responsibilities to allow the American crimes happened, the laws don’t work, the Congress don’t promulgate the relevant laws, the Court don’t know how to decide and request the tech and their biz to protect their People; and the ignorance of our People, no matter they are Americans, international students, immigrants and the world, especially UN.

UN’ headquarter locates in US; while UN-Human rights locates in some other locations, in EU. Please advise me, if some crimes happen in US, whether we might lodge complaints with EU for what? When the US and US authorities don’t know how to solve their matters; and because of their “face”, they might try hardly to protect their “right”, no matter they are so wrong?

We might learn a lot of lessons from the empire’ behaviors from WTO’ conflict/dispute cases, when the biggest countries are the ones who often infringe the rules and ignore the international decisions. If US is not enough for evidence, we might learn some lessons from recent history of the wars occurred around the world in the last 20 years, including the international disputes for cheap steels, international seas in South East Asia and more.

The key challenge for ALL’ involvement is NOT only about the laws or DOC like people discuss/debate, the key is about “dominant attitudes” from big countries over the others; and the same in the international education and for students.

---> [It will also need to get them to give their consent before it can store their information], and for any specific circumstance or in any service they want to provide/share with others]

"big task is identifying all of the third-party vendors that the institution works with and checking that they are in compliance" ---> compliance with what? with internal regulation of NAFSA' vendors or universities' vendors for sharing personal data? I am not sure the case of Facebook and Cambridge Analytica explored online survey for many different purposes, incl. online political campaigns without the users/customers/members' knowledge and consent should be a good example for all to study.
these regulations are “the way of the future.” Trust and reputation with regard to data protection are going to become increasingly important, she said. If a college can’t demonstrate that it is taking data protection as seriously as its competitors, it may start to lose out on prospective students.
“In Europe, privacy is considered a fundamental human right, but in the U.S. we tend to think of it as a consumer right,” “I think this is just the beginning of a long conversation about data protection around the world.”
----> how to say "consumer" is NON-human? No matter the word they might label, all terms and conditions for privacy rights via internet are serving for HUMAN, of course, incl. for commercial and non-commercial purposes.
The key concern for EU' GDPR and for ALL is who/when/how to answer the question, the key and the first question,
"who own our personal data and privacy info?"; when Nafsa devote for ‘Connecting the World” and for international education?
22. Cross-border Transfer of Personal Information
"By using NAFSA’s Platform or providing any personal information to NAFSA, where applicable law permits you consent to the transfer, processing, and storage of such information outside of your country of residence where data protection standards may be different. When NAFSA collects information in one country, and transfers it to another, to the extent possible it applies the same level of data protection required under the laws in the first country even when the data is in the second country. "

Question for which law shall permit/govern/apply[? local laws, international law or UN' Declaration on Human Rights and related governing documentation manage the cross-border transfer of personal info?, I understand that UNCTAD and UN, including US, have a very well-written guidelines for technology and intellectual transfer which most of the countries around the world agreed together at WTO’TRIPS. Saying about “technology and intellectual property transfer”, including the database (I understand that humanitarian data shall be reviewed carefully to evaluate and classify which types of intellectual/property/or technology shall be governed to answer the key and first question, who own our personal data that referred above), why do Nafsa/US, by a simple statement, develop for Nafsa’ rights to transfer the human personal database to other countries, while we fully learned that not only different standards of protection; but many other differences, from local laws, practices and the ways that database might be treated. If, like I said above, we agree with the key principle that human is NOT the numbers and any other’ database, Nafsa simply cannot do any cross-border activity for transferring personal info without any specific agreement between Nafsa and individuals who Nafsa want to explore their personal data. The wordings of “By using NAFSA’s Platform or providing any personal information to NAFSA” are non-sense for legal binding, as the above sharing, we know clearly that one-side statement/agreement shall NOT have any legal binding for the others if they don’t agree or allow, especially when Nafsa works for international education, managed by the international laws and many other local countries’ laws, not only US laws.
From my “poor” understanding about the UN-Humanitarian Data Management, UN organizations and the world try hardly to develop an international treaty or cooperation for humanitarian database management that shall help all countries to review and apply to their national levels, how to protect People on internet and the related topics. Recently, G20 discussed about taxing big tech companies based on country’ populations or internet users is one example for the world’ reference. However, the bigger concern comes from UNESCO – UNICEF – OECD and other international orgs is that digital shall be dividing the world and increasing global inequality between the poor and the rich, between who might get access to the high-advanced tech and the rest. UN-UNESCO advised about 5,5 billions of connections in the world, incl. 800 millions of children social media accounts. How do we – UN and Nafsa and other international education develop the systems to protect students’ database, People’ database and ensure that they don’t exchange their personal life/personal data to get very few cent to “connect” with the world? In this matter (global inequality of education), all lessons from 1960s to the world, I strongly believe, are not old to learn.

Under these views, I strongly encourage Nafsa to revise the following terms and clauses to ensure that Policy is for just and fair, Policy is for human and for 2 – sides agreement:

"By visiting this Platform, you are freely accepting and consenting to the practices in this Privacy Policy.
You may withdraw your consent at any time and for any reason with effect to future data processing by contacting us at the address listed; and
"Without your consent, NAFSA will use personal information, only insofar as such processing is permitted by applicable law (e.g., for the performance of a contract or agreement between NAFSA and you) or where such processing is necessary for compliance with a legal obligation to which NAFSA is subject."

When I read many reports about tech-edu and digital for children/adult’ learning, honestly, I am thinking how to solve “Ghost – How to stop Silicon Valley from building new global underclass?” and all the century’ challenges written at The Age of Surveillance Capitalism.
If they do hacking one person’ mind, how many years do we – People pay off the price?
If under the claim of “massification of education, higher education” by online or virtual learning, but all their reading – thinking and attitude/behaviour for their reading and thinking controlled and coded by computers/algorithms, what’s about their learning? About their future human being? That even in an “Intentional University”, the mission of the future university is to keep People as human?
Please kindly bring up this matter to Nafsa’ discussions, at US Congress and any international forum that might help Nafsa and Americans, especially all international students like me who studied in US and paid off for “technology progress” through “hacking brains; changing attitude and behavior for certainty biz”, know what values of human America will stand for?

21. Dispute Resolution
Some questions for this clause:
(?) Questions for legal parts, governing laws, resolution laws for contents and "NAFSA' is subject"
(?) When the local laws and international laws, incl. enforcements keep silence or conflicts, how do we agree to find any dispute resolution' principles, incl. mediation?
(?) When NAFSA just commits to work/cooperate with EU/GDPR, how's about other areas in the world? Esp. NAFSA and EU manage the most powerful networking and management with universities and colleges around the world?
(?) How's about UN and any other international org might involve?

Recommendations for Guideline of Humanitarian Data Management: their draft and my comments are attached hereto for your reference.

How do NAFSA review/analyze and work out to comply with not only EU, but OCHA/UN to ensure that "human rights" in database/internet services and privacy rights shall be the first and the most key important principle for any regulation to manage anyone/any law, in the data system.

Thank you for your timing. I sincerely wish Nafsa and all members shall get more success in future with the philosophy of not only connecting the world, but the human world!

Feel free to contact if I might assist.

Yours sincerely,
Huong Nguyen