Amazon.it to infringe Italian data protection law?

I’m an old Amazon.com customer and I’m very happy that the Company finally landed in Italy.
It is odd, nevertheless, that Amazon.it’s data protection policy (informativa sul trattamento dei dati personali) is not fully compliance with the Italian Data Protection Code, since mandatory information are missed:
– the identity of the data controller (responsabile del trattamento)
– how long will Amazon handle the personal data
– what will happen when the data handling is no more necessary
– the rights belonging to the data subject (diritti dell’interessato) under sect. 7-13 of the Italian Data Protection Code
Further more Amazon.it’s privacy procedure fails to collect the explicit consent of the data subject for the data processing and didn’t collect the specific consent to handle the sensitive data (those related to customers who purchase political, philosophical, and/or healt-related books.)
This situation, then, poses an interesting question: is Amazon.it actually infringing its customer personal privacy rights?
Strictly speaking, the answer is yes because the law has been breached. Nevertheless I’ll keep purchasing books through Amazon services since I feel more protected by Amazon ethical commitment than by a bunch of legal lingo.
Fact is that bureaucracy asks for its lamb to be sacrificed.
🙂

Late night thought on the notion of “privacy”

The more I think about, the more I’m convinced that if we continue to think of privacy as a concept unrelated to other ideas we face the old problem: if an unbreakable wall is a wall that cannot be broken and an unstoppable projectile is a projectile that cannot bestopped, what happens when an unstoppable projectile hits an unbreakable wall? This is not to justify a softer approach in defending privacy, rather to ask whether “trust” plays a role in defining (and not only supporting) privacy.

In other words: if each of us lived in a separate island then privacy would be at its best, but could we still think of privacy if nobody else is around?

If this is correct, than the privacy in itself should include the idea of (breaching the) trust. As soon as we enter into a relationship with somebody else, we need to surrend a part of our privacy. This means that privacy is co-defined by our counterpart’s ethical commitment to recognize it as a “value”.

Odds, although intriguing.

In the name of privacy…

If passed, a bill heavily supported by right wing Italian prime minister and media mogul , Silvio Berlusconi, will force the public prosecutors to wiretap suspect’s communication for a limited time and will punish harshly those who shares information related to a criminal investigation before the trial (that usually, in Italy, starts year after the alleged crime has been detected.)
This draft law is a ruthless attempt to shut down the check and balance system in Italy (thus, it is not a case that the bill is aimed at preventing prosecutors to investigate AND both traditional media and independent citizens to report information.)
That said, the reactions against the proposal were (and still are) short-sighted. Mainstream media talk about dangers for “bloggers” as if running a site with Drupal or WordPress actually gave a particular status to the information released. Technically speaking, whoever publish fake or offensive information is liable of his action. If those who commit the fact are journalists, then there is an additional liability for the editor-in-chief (in Italian: direttore responsabile.) Period.
I really don’t understand why a lot of “bloggers” complain for the (possible) introduction of a mandatory amendment of mistaken information. A law shouldn’t even be necessary, since it is matter of common sense to verify sources first and then, in case of error, fix it as fast as is possible.
Unfortunately, then, the criticisms against this law hit the wrong target, easing the work of the “Evil Forces”.

Google executives acquitted in Italy from defamation charges

Today the Court of Milan made public the decision in the criminal trial against four Google executives, charged of defamation and illegal personal data handling in relationship to the publication on the video sharing platform ? of a video containing act of bullyism against a person affected by the Down Syndrome.

The legal basis for the charges, following the prosecutor’s theory of the case, was that those executives failed to exercise a pre-emptive control over the contents published by Google final users’, thus allowing the infringement of the reputation of the concerned person and of an NGO representing Down-Syndrome-affected persons.

The Court acquitted all the defendant from the charges of defamation, while found them liable of the illegal personal data handling charge. The whole sentence (including the legal technicalities that support the decision) will be public within the next 30 days.

This indictment is the last component of a long series of court decisions that kill Network Neutrality and turn ISPs and Telcos into Digital Vigilantes while, in the meantime, no actual protection is given to the victims of online crimes.

The Peppermint and The Pirate Bay cases, the legal argument against Youtube and the one between an entertainment-backed lobbying group by one side and Telecom Italia, the ISP’s association and the Data Protection Authority on the opposite and – finally – this indictment are all linked through the same connection: to erode the absence of the legal duty to preemptively contol internet users’ activity established by the UE directive on e-commerce.

What is bizarre, in this Google trial, is that for the very first time the existence of the ISP’s duty to perform a mass-control of user activities has been asserted thank to the data protection regulation. The same data protection regulation that forbade the disclosure of the identities of people allegedly accused by the entertainment industry of copyright infringement through P2P networks.

Is still to early to understand the Court mind (since the basis for the decision will be disclosed within the next 30 days. It is, nevertheless possible to try an educated guess based on the Court records. To put it short, here is a probable explanation for the decision:

1 – there is a rule of law into the Criminal Code that says: to not stop a fact equals to cause it,
2 – data protection law requires a prior authorization to be obtained before handling personal data,
3 – a video to be posted online is personal data,
4 – therefore Google executives had to check whether the user who posted the video got the preemptive authorisation from the people of the video, and
5 – by failing to do so, they infringed the data protection law
6 – furthermore, by not controlling in advance, they let the video to libel the victim of the violence (this charge has been dismissed.)

It is too early to assess the damages provoked by this decision, but it is not unreasonable to imagine that – should this court decision become “case law” – the telco market will suffer an alteration of the competion among the various players. The smallest one can’t handle the increasing risk (and cost) of being sued or investing in momentum-generating policies. Big international players might find Italy a lesser attractive place to do business in.

Corporate liability for copyright infringements in Italy?

Among the measures to fight the economic crisis announced by the Italian Government, sect. 15 para 1 lett. c) of the Anti-Crisis decree deserves a special mention: to put it short, the provision asserts corporate liability (under legislative decree 231/01) ? for copyright infringement committed by top management.

Although it may seems that the new law is of a little impact on corporate life (is highly unlikely that a top manager has time to waste doing file sharing) a second glance prove this first opinion not entirely correct.

The inclusion of copyright infringements into the list of crimes implying specific corporate liability forces a company to revise its (mandatory) prevention model to reflect new changes; thus – de facto – establishing a specific set of controls aimed at downloads, website surfing and file sharing. Failing to do so might lead some zealous prosecutor to think that the company actually allows copyright abuses.

A side effect of this regulation – when it will come into full force – is that workplace privacy will get another heavy blow. For the sake of copyright abuse prevention, indeed, all of employees’ Internet activity will be deeply inspected.

So long, Mr. Data Protection Commissioner…