On Dec. 9th, 20145 the Italian Data Protection Authority, together with other 22 privacy authorities from around the world, and grouped in the Global Privacy Enforcement Network (GPEN), have signed an open letter (–> here) to the operators of seven app marketplaces urging them to make links to privacy policies mandatory for apps that collect personal information.
The letter was sent to Apple, Google, Samsung, Microsoft, Nokia, BlackBerry and Amazon.com, and is intended for all companies that operate app marketplaces.
This is in fact a mandatory requirement in many jurisdictions (such as EU), but not in all of them.
This is for Italian readers only – In a recent, gruesome murder case (the assassination of young Yara Gambirasio –> see the story), a suspect has been identified after long investigations; however, once his name has been made known, although he was still a suspect, not even indicted, his name and picture, and even his relatives’ were immediately put on the front page of virtually every newspaper in Italy (web included). This was -irrespective of the fact that eventually he might be indicted, and/or convicted for the murder- a grave violation of his right of non-interference with his personal life and, what is graver, of his relatives’. The Italian Data Protection authority has condemned this very thoughtless behavior of the press. It was hard time! (see the communication –> here). Let me say that the right to a defense and a fair trial should be taken at least as seriously as the other rights set by the Convention Europèenne de Droit de l’Homme, including the right to a free information. In fact, the press must be the watchdog of power, not the hound of citizens, or we’ll be suddenly back to Judge Linch law.
Il Garante per la Protezione dei Dati Personali, nella sua newsletter n. 384 del 25 febbraio 2014 ha annunciato il piano ispettivo per la prima metà dell’anno. L’attenzione dell’Autorità si concentrerà su
- grandi banche dati pubbliche;
- gestione delle reti pubbliche di accesso a Internet in wi-fi;
- marketing telefonico;
- mobile payment;
- call center delocalizzati in Paesi extra Ue;
- sistemi di profilazione dei consumatori;
- aziende farmaceutiche;
- centri di assistenza tecnica e recupero dati.
Il piano ispettivo è lo strumento attraverso cui il Garante pianifica l’attività di controllo sulla compliance privacy pur in assenza di ricorsi, reclami o segnalazioni.
Nella stessa newsletter, il Garante indica che, rispetto al 2012, gli accertamenti sono cresciuti del 4%, mentre i procedimenti sanzionatori sono aumentati del 47%, emessi principalmente in materia di telemarketing. Da questi dati emerge che, lungi dall’essere l’Italia uno Stato che tutela “troppo” la privacy, impedendo alle aziende di funzionare, viceversa è caratterizzata da un approccio molto ragionevole di contemperazione delle esigenze della produzione con quelle della vita privata dei cittadini.
The European Court of Justice, in its Judgment in Joined Cases C-293/12 and C-94/12 “Digital Rights Ireland and Seitlinger and Others”, has declared data retention directive invalid.
The directive (Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC), according to the judgement (yet unpublished, here you find the press release anticipated by Wired) infringes article 52 of the EU Rights Charter and cannot therefore be upheld. This decision is welcome from a citizen rights’ perspective, but it raises some doubts in terms of security, if we consider that justice-controlled data retention is (was?) one of the major tools given to communications police authority to track down not only intellectual property infringements, but much more hideous crimes such as pedo-pornography. Again, we face an issue: chasing the thieves or locking the house. This round was against chasing the thieves. Let’s hope the answer is not locking the house, so that fewer people can go outside in the brave outer world.
The “spending review” (i.e. the action Italian Govt is leading in order to reduce unproductive expenses in National budget) is worryingly leading to a cut in the information police services. 73 out of 76 local section of the “polizia postale” are planned for shutdown. Considering that this specialized police is conceived for “ex post” police activity against cyber-crimes, the predictable effect can be a limitation “ex ante” of the rights of Internet users: less internet activity means less chances to commit crimes. So, instead of having police run after cyber-criminals and protect users, we might have less user rights in order to have to spend less in crime protection. At the end of the day, you’d need no car-theft protection in a world that abolishes the wheel. A Turkish way to Internet security, if you want… Not exactly the right approach for a forward-looking Country. Italian police Unions are raising shouts to try and avoid such poor result, but financial “advisors” seem stronger. So to say: excel spreadsheets win over web 2.0!
sources: repubblica.it; huffingtonpost.co.uk
8 January 2014 – Good news on Cyberbullying, bad news for cyberbullies.
The Italian Ministero dello Sviluppo Economico has published a consultation document that is the initial draft version of a code of ethics for Service Providers aiming at protecting young people from cyberbullying. “Cyberbullying is the use of Information Technology to harm or harass other people in a deliberate, repeated, and hostile manner” (cfr Wikipedia), and is one of the worrying sides of the present decay of public speech over Internet.
The document establishes a Committee made of experts taken from the stakeholders of the project : institutions (The Ministry, Agcom, Polizia postale e delle comunicazioni, Autorità per la privacy, Garante per l’infanzia e Comitato media e minori), industrial syndication (Confindustria digitale, Assoprovider ecc.) and operators(Google, Microsoft ecc.) and a principle of easy and quick reaction from qualified personnel in case of cyberbullying episodes.
This initiative is highly welcome, as this phenomenon is increasingly scary. Since 2008, 41 teenagers committed suicide admittedly due to mobbing and stalking episodes occurred while living a normal web-life (see enquiry –> here). It is hard to decide whether these (unjustifiable) deaths are “more” or “less” tragic than the effects this type of “mala educacion” is inducing in adults’ behaviours, such as the recent political mobbing cases emerged on Mr Bersani’s health conditions, or than plain religious censorship (as happened in Iran yesterday –>here).
The Art. 29 WP has released on 3 dec. 2013 its 2-years working plan for years 2014-2015. In the document (available —> here), we can read that “The Working Party’s goal for the 2014-2015 period is to ensure a coherent and correct application of the current legal framework and to continue to prepare for the future legal framework”.
The stress placed on the current framework, while the future one is left on the background, gives room to the assumption that work around the reformed Data Protection Regulation, that shall replace the national legal framework, might again be facing some hard times. However, we might be pessimistic…
Article 29 Working Party is the European consultative body established to study improved ways of addressing privacy principles in European legislation. It is made of representatives of the Data Protection authorities of all Member States plus a representative from the Eu Data Protection Supervisor and a member of the EU Commission.
The Article 29 Data Protection Working Party was set up under the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. It has advisory status and acts independently. (quoted from DG Justice website)
The Italian Data Protection Authority (so called “Garante per la Privacy”) has renewed the set of general authorizations for sensitive and judiciary data handling, with effect from 1/1/2014.
The set, made presently of nine general clearance orders (normally ranging from 1 to 9 -this year from 1/2013 to 9/2013-), is reviewed on a yearly basis, and regularly updated.
The new set is available on the authority’s official website (–> here)