My “Cookie Law” Legal Notice (in English and Italian)

This is how I amended the data-protection information page on my street-photography website to meet this stupid “cookie law”;

A plain wrong Italian enforcement of the EU “cookie” directive makes mandatory to obtain a prior consent to allow the use of Google Analytics, even if – as in this case – the personal identity of a user is unknown by me and Google only “might” be able to exploit the anonymous information collected through this website. So, in case you want to know if Google is able to identify you by means of this website’s access, please send me your identity together with your IP and I will forward your request to Google… or you might better do it on your own, without telling ME who you are.

And this is the Italian translation:

Un’applicazione semplicemente sbagliata della direttiva europea sui cookie impone di ottenere il consenso preventivo per usare Google Analytics anche se, come in questo caso, ignoro l’identit?? personale di chi accede al mio sito e solo Google “potrebbe” essere capace di usare le informazioni raccolte per fornirmi le statistiche. Dunque, se volete sapere se Google ? in grado di identificarvi tramite l’accesso a questo sito, per favore inviatemi le vostre generalit?? e l’IP che avete usato, e girer? la vostra richiesta a Google… oppure, meglio, potreste farlo direttamente voi, senza dire A ME chi siete.

Italian “Cookie Law” and the Misinformation about Google Analytics

There is a lot of hype in Italy about this “cookie law” put into force since June, 2 that makes mandatory to obtain the consent of a user accessing a website to allow his “profiling” through the use of cookies.As always, a ? fleet of ? “advisers” kept, full steam, pushing companies to comply with this regulation, foreseeing dire consequences for the non-abiding companies, especially those using Google’s Analytics.

This is not entirely correct, so it is better to clarify a few points:

First of all: “cookie law” is not a “law”, but just an order issued by the Data Protection Authority under its “peculiar” view of the EU Data Protection Directive(s),

Second: the data protection directive (and its local enforcements) work only with “personal data”, i.e. data that identify or made possible to identify a natural person,

Third: a user that access anonymously a website doesn’t reveal his identity, thus the data protection act doesn’t come into play,

It comes from above that a website using Google Analytics without looking of the identity of the user is not subjected this stupid “cookie law”.

Simple as that.

How Do Cameron and Obama Are Going to Forbid This?

cipherThis is – the news is as recent as today – what the Italian Polizia di Stato found during a Ndrangheta (organized crime from Calabria) related investigation.

Although the cipher, in this case, is not that hard to handle for an expert codebreaker it shows that “old school” systems still work.

So, following the announced ban of side-to-side encryption application made by US Presidente Obama and UK Prime Minister Cameron (coupled with the statement by Italian Home Affair Ministry) I wonder how they’re going to fight this “new”, dangerous way to exploit the encryption.

Maybe outlawing paper and pencil?

The Italian Home Affair Minister To Call For Another Internet Crackdown

In the aftermath of the Charlie Hebdo massacre, as a way to improve the “safety” of the citizen, the Italian Home Ministry Affair, Alfano (a right-winger) ? called for:

  • a “registration” of “dangerous” websites,
  • a further enhancement of the ISPs duty to block access to
    (terrorism-related) Internet resources,
  • an exception to the data-protection regulation, to allow the law
    enforcement agencies to easily access “sensitive” data.

This is an exploitation of the recurring rhetorical locus: “enhance safety needs the fundamental rights to be weakened”.
It is easy to answer with an often quoted statement by Benjamin Franklin:

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.

But this is not the point.

From a “terrorism” fighting point of view, what Alfano is calling for is simply useless.

If the target is to gather as much information as possible to prevent new attacks, blacklisting websites obviously doesn’t help. It neither stops terrorists from talking each-other, nor allows to spot upcoming threats.

If the target is to gather advance information to run “pre-emptive actions”, it is useless to “weaks” the data-protection regulation to ease the law enforcement agencies access to “sensitive” (i.e. political-related) information. Those who need a fast and direct access to such king of information, in fact, are the secret services (whose activities are neither handled nor reported to a magistrate) and not the law enforcement bodies, that can only act, in Italy, AFTER a crime has been committed (having, in this case, full access to everything they need, under the control of the public prosecutor.)

Then, a couple of questions:

  • why does Alfano calls for measures that don’t help fighting terrorism, but allow a crackdown against normal citizens?
  • why the ISPs should be burdened to act as censors and central scrutinizer on behalf of the government?

The Roman Catholic Church Knows Better (about privacy and the Internet)

Monsignor Nunzio Galantino, the secretary of the Conferenza Episcopale Italiana (the permanent assembly of Roman Catholic Bishops) stated that (my translation)

The Internet is useful and effective, but the price we pay in term of privacy is huge

and, talking about the Data Protection Authority, he said

I don’t understand what these useless entities are worth for.

Of course he’s right, but the Italian Data Protection Commissioner (obviously) has a different opinion claiming that (again, my translation)

It is rather odd to call as useless the only entity that – within its powers – has always defended the human dignity from the “mud machine” 1, and from the plots arranged by those who want to turn the Internet into a space of violence and outlaws, form the totalitarian logic of the man-in-a-fishbowl.

Is this the same Data Protection Authority that failed to address the issues of the Telindus Router, the Android Spyware Case, The Pirate Bay Case, the Aruba Case, the Sony BMG rootkit case, that didn’t say a single word (while being informed) about the security concerns in relationship to the upcoming massive, trial-related personal data flood originated by the online shift of the Italian Civil Trial System, and that wasn’t able to prevent the leak of a confidential report?

 

  1. The reference is to a journalism idiomatic meaning the use of the media machine to soil somebody’s reputation