Datagate, new technologies, customers profiling and “big data”, user consent, data protection in non-EU countries, damage to reputation, right to be forgotten, web fury, social media, web violence and cyberbullying – these are the privacy hot issues according to the President of the Italian Data Protection Authority (“DPA”).
In September 2014, Mr. Antonello Soro, DPA President, released an interesting interview which covers the following:
- Datagate: the scandal revealed how companies and government intelligence agencies are a big brother whose reach is basically the whole world. The giant digital companies play a central role in this by collecting — and then making available to governmental agencies – all kinds of information about people.
- Foreseeable developments: new technologies are growing fast and produce more information than in the past: the life of almost all individuals on the planet is being transferred to the digital world. The DPA set as main goals the safeguard of the right to access the web, of its neutrality, and of individuals’ right to privacy.
- Commercial profiling and users’ consent: data collection for commercial profiling can be done only with the consent of the data subject. The Agency is trying to find schemes that will make it easier to ask and give consent to treatment. According to the DPA, European privacy rules are often eluded by companies claiming not to be based in the EU. However, due to the latest ECJ’s decision (Costeja case, C-131/12) things might be changing. As a matter of fact, Google will submit to the European jurisdiction when treating European citizens data.
- Situation in the other countries: lately also the other countries started giving due attention to privacy protection. For example, Brazil adopted the “Marco Civil” (a bill of right for the internet). Similar provisions were adopted also by Australia and Canada.
- Difference between digital and physical life: according to Mr. Soro, there is no difference between the two because when electronic personal data are processed, there may be consequences for the data subject also in the real world. Let’s think for example at the information contained in a medical file, or credit card information. All these data should all be safely stored and processed as their abuse might have material consequences on the life of individuals.
- What is the highest risk for an individual: Mr. Soro deems that individuals’ biggest fear is the risk to reputation. Protecting personal information means also looking after one’s own reputation.
- Right to be forgotten: is the most discussed topic and it aims at protecting one’s reputation once her data are collected, by projecting a real portrait of the person. An additional aspect of the right to be forgotten is the desire to delete from the web true information that, after several years, may reflect a limited negative period of one’s life and therefore falsely distort the perception of that person. This is a delicate balance because of the conflict t between the right to have personal negative information deleted and the right of the public to be informed. One of DPA’s most important tasks is to balance the right to privacy with other fundamental rights, such as, for example, the right to be informed.
- This balance is particularly important when wiretapped conversations are published: while the public have the right to be informed, you must strike a balance with their diffusion. The DPA monitors how this information is released.
- Web fury (“accanimento informatico”) should also be monitored: this happens every time news is excessively and unnecessarily reported, like when, for example, to satisfy the public’s curiosity, press publishes collateral facts on people only marginally involved in the newsworthy event and this produces negative consequences for them. This topic is closely related to transparency.
- What is the relationship between privacy and transparency? – they are both positive values. Transparency is a democracy requirement as it informs the citizens on the use that government makes of public powers and resources. However, this right to know often invades the right to personal privacy. For example, it is right for the public to know the amount of a tender offer in a public procurement or the salary of a public servant to understand how public resources are used but knowing the type of illness affecting a person receiving social security is not useful and violates that person’s privacy.
- DPA and social networks: social networks are a revolutionary communication mean but they involve some risks as well. Young people are the most exposed in a global community that registers all information, feelings, opinions, political views, etc. Schools should offer digital education, since the web is now part of our lives.
- Violence on the web: According to Mr. Soro, immoral aspects such as cyberbullying and similar behaviors derive from an anonymity illusion and an underestimation of the effect that words have. Web violence is no less harmful than physical violence and has often caused suicides among the young. According to the DPA, two measures would help: on one side we should understand that web violence is only a mean to externalize a violence already affecting the real world and on the other the law should punish crimes committed on the web in the same way as crimes committed in the real world.
In June 2014, the DPA released a report analyzing its 17th years of activity and the status of privacy implementation, “Relazione sul diciassettesimo anno di attività e sullo stato di attuazione della normativa sulla privacy”.