An Italian Data Protection Authority decision issued on June, 25, 2009 set the deadline of Sept. 30, 2009 for telco operators and ISPs that must notify the Data Protection Authority the list of their mining activities executed on customers’ aggregate data (such as traffic volumes, paths and so on.) The aim of this decision is to spot illegal (at least, under Data Protection Authority opinion) data handling “masked” by activities performed to keep the infrastructure running
The Data Protection Authority, after having received the information, will decide what can be still done without informing the customer, what can be done AFTER having informed the customer and obtained his approval and what cannot be done at all. Furthermore, the Data Protection Authority will release a set of technical and management rules to ensure the concerned subjects’ compliance.
If these new set of rules will mimic those recently established for data-retention purposes and system administrators, telcos and ISPs will face again a mayhem of useless bureaucracy so hard to understand that the Data Protection Authority itself did release a FAQ to explain what these regulation actually meant (and we’re still waiting for the FAQ interpretation.)
Although the decision is limited to the Internet and telephony world, it is clear that in the near future it will affects too energy firms, banks, insurance companies and, in general, everybody who relies upon aggregate data to tweak its supply chain of services.
Once again, the Italian Data Protection Authority is proved to be one of the biggest blocking factor of Italian telco market, while not granting citizens some sort of protection.