Privacy and Data Protection – Page 18

August 28, 2019August 28, 2019

External Ordre Public and The Limit of GDPR’s Extra-Jurisdictional Reach

It is a well established principle in private international law that

The driving force behind development of ordre public externe is the same as that which motivates public policy: no country can afford to open its tribunals to the legislatures of the world without reserving for its judges the power to reject foreign law that is harmful to the forum. ¹

This principle affects directly the power of local EU jurisdictions to impose fines on non-EU countries, notwithstanding what the GDPR says.

Kent Murphy, The Traditional View of Public Policy and Ordre Public in Private International Law, 11 Ga. J. Int’l & Comp. L. 591 (1981). ↩

August 25, 2019August 25, 2019

Altering Faces. Data Protection And Sore Thumbs

To those that, contrary to any evidence, still believe that data protection equals privacy, this case will come as a shock: the police of Portland (Oregon – USA) ? used Adobe Photoshop to remove tattoos from the picture of a suspect so that he could “blend” better in a photo-based identification. The defense of the suspect claimed that that was a way to “frame” him, while the prosecutor said that the “digital make-up” has been necessary to avoid excessive attention on the face of the suspect itself. The Court still haven’t issue a decision on the matter.

A few issues:

Is this a Personal Data Case? Yes. A few things but tattoos identify or make a person identifiable.
If happened in the EU, would had it be a GDPR Case? The GDPR doesn’t cover judicial activity and law enforcement investigation. Nonetheless, this is case where the notion of “fair processing” comes into play. Altering reality can hardly be hold as a “fair” behaviour.
If not the GDPR, what would have stopped this? This is a case of “reverse fairness” and “investigative malice”. Police wanted to be “fair” toward the suspect and – in the meantime – explore the “possibility” that he disguised the tattoos with a make-up. The due process right prevents (or should prevent) law enforcement from resorting to this trick.

August 19, 2019

A Real-Life Case of Inefficient Profiling

Amazon knows in extreme detail – thanks to the analysis of purchases – my interests and – thanks to the analysis of how I use my Kindle – my reading habits. Yet he sends me an email to suggest, on the basis of my profiling, to buy a book that I wrote.

If all a giant with a limitless computing might like Amazon is able to extract from my personal data is a suggestion to buy my own books either I’m not actually monitored or profiling just doesn’t work.

August 6, 2019

The Holy Alliance Between GDPR and Consumer Law

One of the most difficult task in the practical enforcement of the GDPR provisions is to find a fair balancement between the technicality of the legal language and the duty of simplicity settled by the data protection bylaws. Both the GDPR itself and the various “suggestions” coming from the various player are nothing more but a re-phrasing of the legal text, thus leaving the data controller as well as the data subject unable to have clear directions. Continue reading “The Holy Alliance Between GDPR and Consumer Law”

July 10, 2019

The Data Protection Authorities and the Liability for fines’ early warning

I do not understand the choice of some Personal Data Authorities to publicly anticipate the decision to fine a Data Controller instead of just doing it and then spread the news.

Indeed, many large companies are listed on the stock exchange or may suffer negative consequences from a simple announcement such as “we are thinking of fining…”. What happens, then, if the fine does not come or – worse – if it is cancelled following a judicial appeal? There will be a similar press-release that will say “we are deeply sorry, we were wrong, the judge turned us down?”

Now, if obviously it is not possible to ask for damages for the application (in good faith) of a fine then revoked by the judge, it is not automatically so for behavior that goes beyond the strict observance of the fining procedures.

Attention and care should be paid, therefore, to publicly anticipate decisions that are not definitive, especially without indicating the date when the appeal is no more allowed or the fact that the owner has challenged the fine in Court.