Category: Privacy and Data Protection

Posted on

Criminal Justice System and Personal Data Protection in Japan and Italy – A Special Lecture at Roma Tre University

Special Lecture
(Chair of Criminal Procedure – Prof. Luca Lupària)

 ?Criminal Justice System
and Personal Data Protection
in Japan and Italy

Tuesday 3 September 2019
h 15.00

UNIVERSITÀ DEGLI STUDI ROMA TRE
DIPARTIMENTO DI GIURISPRUDENZA – AULA 5
via Ostiense 159, Roma

 ?Speakers:
Marco Pittiruti (University Roma Tre)
Hiroshi Miyashita (Chuo University of Tokyo)
Andrea Monti (D’Annunzio University of Chieti-Pescara)

N.B. The lectures are in English

Posted on

External Ordre Public and The Limit of GDPR’s Extra-Jurisdictional Reach

It is a well established principle in private international law that

The driving force behind development of ordre public externe is the same as that which motivates public policy: no country can afford to open its tribunals to the legislatures of the world without reserving for its judges the power to reject foreign law that is harmful to the forum. 1

This principle affects directly the power of local EU jurisdictions to impose fines on non-EU countries, notwithstanding what the GDPR says.

Continue reading “External Ordre Public and The Limit of GDPR’s Extra-Jurisdictional Reach”
  1. Kent Murphy, The Traditional View of Public Policy and Ordre Public in Private International Law, 11 Ga. J. Int’l & Comp. L. 591 (1981).
Posted on

Altering Faces. Data Protection And Sore Thumbs

To those that, contrary to any evidence, still believe that data protection equals privacy, this case will come as a shock: the police of Portland (Oregon – USA) ? used Adobe Photoshop to remove tattoos from the picture of a suspect so that he could “blend” better in a photo-based identification. The defense of the suspect claimed that that was a way to “frame” him, while the prosecutor said that the “digital make-up” has been necessary to avoid excessive attention on the face of the suspect itself. The Court still haven’t issue a decision on the matter.

A few issues:

  • Is this a Personal Data Case? Yes. A few things but tattoos identify or make a person identifiable.
  • If happened in the EU, would had it be a GDPR Case? The GDPR doesn’t cover judicial activity and law enforcement investigation. Nonetheless, this is case where the notion of “fair processing” comes into play. Altering reality can hardly be hold as a “fair” behaviour.
  • If not the GDPR, what would have stopped this? This is a case of “reverse fairness” and “investigative malice”. Police wanted to be “fair” toward the suspect and – in the meantime – explore the “possibility” that he disguised the tattoos with a make-up. The due process right prevents (or should prevent) law enforcement from resorting to this trick.

 ?

Posted on

A Real-Life Case of Inefficient Profiling

Amazon knows in extreme detail – thanks to the analysis of purchases – my interests and – thanks to the analysis of how I use my Kindle – my reading habits. Yet he sends me an email to suggest, on the basis of my profiling, to buy a book that I wrote.

If all a giant with a limitless computing might like Amazon is able to extract from my personal data is a suggestion to buy my own books either I’m not actually monitored or profiling just doesn’t work.

Posted on

The Holy Alliance Between GDPR and Consumer Law

One of the most difficult task in the practical enforcement of the GDPR provisions is to find a fair balancement between the technicality of the legal language and the duty of simplicity settled by the data protection bylaws. Both the GDPR itself and the various “suggestions” coming from the various player are nothing more but a re-phrasing of the legal text, thus leaving the data controller as well as the data subject unable to have clear directions. Continue reading “The Holy Alliance Between GDPR and Consumer Law”