Privacy and Data Protection – Page 35

February 25, 2014

The EU Cookie Directive: there is not just HTTP out there!

The EU Cookie Directive, the “privacy-hyped” piece of legislation that forces websites to display a “cookie-waring” for the sake of “privacy protection” is flawed by two weakness.

The first is technical: HTTP (the web, in other words) is not the only protocol around and – though admittedly there are a lot of people using it – there are other ways to use a network that don’t involve a browser. I know, the “command-line” era is gone (it actually is?), there are no “clients” anymore to chat or to do other stuff (there aren’t anymore, actually?) and so on, but what the EU Cookie Directive was built upon is simply a misunderstanding of how the Internet works. By focusing on a single, tiny piece of technology, the EU allowed the idea that technologies have to be regulated instead of the use that humans do of it.

The second mistake is legal: as soon as a network(ed) resource ‘s user is not identifiable than there are no personal data involved. Thus, the privacy of somebody who access a website without disclosing somehow his personal identity is not at stake. Of course I’m aware of the issues related to the anonymous profiling, the fact that no matter if I know exactly who you are, I’m nevertheless able to lure into your personal habits and so on.

But the law is made of both words and definitions: as much as you can stress one or all of them you can’t do it up the reverse the basic meaning of the rules – its ratio as the Latins scholars loved to say – i.e. no identification, no privacy protection. We may, rightfully, disagree on that and claim that a further protection is needed. But this doesn’t justify turn the law upside-down.

February 24, 2014

The Italian Data Protection Authority to wrongly enforce the Data Protection

The Italian Data Protection Authority continues the enforce a wrong interpretation of ? the Data Protection Code to affirm back ? its jurisdiction over the legal person.

On Feb. 7, 2014 an Italian company active in the ICT VAS received a decision issued by the Italian Data Protection Authority that challenged the handling of legal person data on the basis that, no matter what the recent amendment of the Data Protection Act says, the legal person data are still under the IDPA jurisdiction.

While the appeal against this decision is still to be (filed and) decided, it is important to understand the background of the IDPA assumptions. The EU Directive 95/46/CE clearly states that the its realm of application is limited to a “natural person” only, therefore the “legal person” are not subjected to the Data Protection Code and – a fortiori -to the jurisdiction of the DP Commissioner. Contrary to what the Directive said, Italy passed a “modified” DP Act extending its reach up to legal person. This lead to a waste of time and (huge quantity of) money to comply with something that the EU never asked for.
Only on Dec. 24, 2011 (better late than never) the Law n. 214 fixed this appalling mistake but the Data Protection Authority didn’t agree with the Parliament and issued an order where with a byzantine and convolute syllogism tries to get the notion of legal person back under its reach.

As the Italian Courts often show, the IDPA is not always right in its interpretation of the DP Act and in this specific case it will be interesting to see on which basis the Authority will affirm the superiority of the DP Act over another Law that, by coming later, has the power to limit or provide means of interpretation – even implicitly – an older one. To put it short, the Data Protection Act is not a Constitutional Law and can be interpreted and modified by later-issued law, as in this case.

February 15, 2014

The Italian Data Protection Authority lost a trial (and must pay the legal fees)

On Jan. 29, 2014 the Italian Data Protetcion Authority lost a case tried by the Court of Milan and has been ordered to pay the plaintiff’s legal fees.

The claim has been filed by a company providing directory services, charged by the IDPA of having sent an unsolicited fax without having got the consent of the receiver.

There are several interpretation issues of the Italian Data Protection Act involved in this decision, that the justice decided not to address, by just trying to “save” the (wrong) interpretation backed by the IDPA. Nevertheless, the justice couldn’t avoid to state that the sending of the (allegedly) unsolicited fax happened in a B2B context that is protected by Sect. 41 of the Italian Constitution and that – as such – needing that information must freely flow (OMG, is this a chapter of ? “The Hacker Strikes Back”?)

🙂

November 21, 2013November 20, 2013

The Datagate Legal Implication under German Law

An interesting article from Axel Spies, a Washington-based ICT lawyer, assesses the impact of the US spying over the German Chanchelor, Angela Merkel.

Here is an excerpt from the “Conclusion” section:

Most Blog participants were more pessimistic about the legal remedies having any leverage against spying. To quote a key statement in the Blog: “What Germany can “legally” do against wiretapping is likely to be on a similar level as asking what Pakistan can do ” legally” against U.S. drone attacks on its territory. Politically, maybe some counteraction in the areas of punitive tariffs on imports from the U.S. or the termination of international treaties is conceivable. But this is less a question of being allowed, rather than being able to follow through with sanctions and thus hardly the subject of a legal discussion.” Müller further added this observation: “If there were an effective counter-espionage [in Germany], also against supposed “friends” [in the U.S.], then it would hardly be possible to spy on the head of a befriended government’s private and political communication.”

November 13, 2013

Street Photography, Right to be Alone and the Challenge of the Reasonable Privacy Expectation

Question: what does ? street-photography has in common with Google’s indictment in the Mosley suit?

Answer: both challenge the balance between reasonable privacy expectation and the right to be informed.

There is a widespread attitude acknowledged by some European courts – namely, Italy and France – that grants legal protection to this alleged “right to be forgotten”. This is a rather dangerous attitude because following this path leads to the deletion of the collective memory of a culture: if Catilina were alive today, he would have had merit in asking his conspiracy to be deleted by the chronicle. Agreed, not everybody is a Catilina – or a public person whatsoever – but there is a shared principle in Western legal systems that separates what is public and what ought to be private. As soon as something falls in the former, there is not – or ? there shouldn’t be – a reason to delete the information of its existence.

To provide an example of the absurdity of the enforcement of this alleged “right to be forgotten” on the freedom of (online) press I can quote a fact I’ve witnessed in person, professionaly. An online magazine has been targeted by a threatening letter from a law firm, asking to remove from its server an article talking about an acquittal – yes, acquittal – of a Mr. Somebody. The basis of the claim is not a falsity or an exaggeration – that would have been illegal, indeed – but the simple fact that this Mr. Somebody “didn’t like the news to be online.” Only the future will tell whether this case will end in settling new censorship’s standards, or if the Justice – once and if the issue will be taken in Court – will decide in favour of the freedom.

As per the relevant case law, after a couple of lower court decision that enforced this “right to be forgotten”, a Supreme Court decision ruled that there is no such thing as “right to be forgotten” when freedom of press is involved and the news is correct. The concerned person, nevertheless, has the right to ask the online newspaper to update the original news in case of some further development of the story.

With a rather unusual sense of balancement – when dealing with the Internet – the Supreme Court issued a reasonable decision that should stop any further attempt of erasing the History.