Privacy and Data Protection – Page 31

March 31, 2017April 21, 2017

Does Your Privacy Actually Matters To You?

An article published by the New York Times addresses the possible outcomes of the announced changes in the US privacy legislation that allows a free sales of people’s Internet “life”, and advise to use TOR, VPN or similar tools to “protect the right to privacy”.

I actually think that the best privacy protection tool is to comply to what the latin poet Orazio said: Nescit vox missa reverti (Once you said something, it is useless to say “I didn’t want…”) Or, to put it short, “what you want to keep secret, don’t tell Google” 🙂

Kidding apart I think that the privacy hysteria led us much beyond any logic thinking.

Like a Pavlovian reflex, as soon as something is announced that might slightly interact with us, a rant shouts out: hey! This infringes my privacy!

Sure, Google and companies are snooping into our private lives, but it is every single of us that allow for that. Google (Facebook & C) are companies that seek for profit, and since there is no free lunch, somebody has to pay the bill (in terms of personal data.)

I don’t like this status quo but I have to face actuality: if we care about our privacy, we should start using these tools in a more aware way, by selecting what we want to share. We can’t throw our life into the wild and then complain that somebody else took it away.

So, privacy protection starts from ourselves.

Do we have a right not to be “blamed” for some specific interest or personal inclination (as soon as it isn’t criminal?) Absolutely. But the Internet it is not the only place where we can cultivate our personal interest. It is an oxymoron to call for privacy protection when we are withdrawing this right in the very moment we hit “search” on Google. I may dare to say that on the Internet, as in public spaces, there is no “reasonable privacy expectation”.

What scares me more is the State surveillance because in this case I have neither a technical nor a legal protection to enforce. I can avoid to give Facebook some information, and I don’t care if Amazon gives somebody else my shopping history (dind’t buy bombs or mass-murder weapons to be shipped to Middle East) but I can’t stop a spook to dig into my life.

So, “shouting fire” every time something goes remotely “personal” is the best way to pollute the notion and the value of privacy.

December 23, 2016December 23, 2016

EUCJ and the Data Retention and Investigatory Powers Act

A friend of mine asked a quick commentary about a Telegraph news about the European Court of Justice decision that bashed the British Data Retention and Investigatory Powers Act, forcing the ISPs to abid to a one-year Internet traffic data retention period.
Here is my answer:

It is clear that the EUCJ is following its political agenda.
As I said countless times, law enforcement and national security aren’t subjected to the might of the data-protection directive so this legal instrument can’t be enforced to rule investigative powers.
It is false that users are note informed about the retention. There is a law that set forth the duty, so the citizen are supposed to know about it (ignorantia legis non excusat.)
Again, the article and – I suppose – the EUCJ confuses fairly different things: GCHQ is intelligence and – as such – is well out of reach from the DP directive. Other public bodies have the right to perform their investigation to guarantee the respect of the law.
So, the actual problem is quis custodies ipsos custodies. In other words: I have no problem with an agency that accesses my data. But I do have the right to know in real time when it happens and why (or, if there is a secrecy issue, as soon as it is reasonable.)

October 27, 2016

Privacy Shield Dead-On-Arrival?

As expected, Privacy Shield has been challenged in front of the EUCJ.

Before wasting time and money trying to comply with this DOA thing, it would be safe to wait for the judgement.

October 19, 2016

The Italian Supreme Court: name and surname only aren’t subjected to the Data Protection Act

The Corte di cassazione (Italian Supreme Court) decision n. 20615/16 narrows the definition of “personal data” under the Italian data-protection act that enforces the data-protection directive.

The merit of the decision is a legal action against a municipality accused of having published on its website the name and surname of an individual who sued the municipality.

While, the Court said, when mandatory by law the releasing of personal data is always allowed (and this was the case, since there is a law the bind a municipality to disclose its decisions, including those related to legal actions), the simple publication of a name and surname is not enough to make and individual actually identifiable.

Verbatim, the Court says:

the identification of the individuals… would have been possible only by way of further investigations, including third-parties database, with a disproportionate effort in terms of energy and money that is not justified by the interest to identify people involved in a trivial car accident.

This decision set forth a very important point because points out the fact that the “identifiability” notion of the directive is a relative one.

In other words, and enforcing the legal principle to the telco world, an IP number in itself is not necessary a personal data, unless “the identification of the individuals… would have been possible only by way of further investigations, including third-parties database, with a disproportionate effort in terms of energy and money that is not justified by the interest to identify people”.

Needless to sat, the Italian Data Protection Authority has always challenged this interpretation, trying to affirm an “absolute” notion of personal data, thus creating bureaucratic burdens end financial costs for the compliance.

July 12, 2016

Privacy Shield Officially Adopted

Here is the European Commission’s press release summarizing the content of the agreement, and here the fact-sheet.

Showtime!!