Category: Privacy and Data Protection

Posted on

Italian Data Protection Law badly injured… whoduneit?

Last June 5, 2007 the Italian Camera dei deputati (roughly, a sort of US “lower house” equivalent) passed a law to excuse Small Medium Enterprises (SME) employing no more than 15 people from the enforcement of mandatory security measures to protect personal data. To enter in full force the law need to be approved by the Senate, whose decision is exepcted in the very next weeks.

This law has been proposed because – as matter of fact – from 1996 to present days Italian Data Protection Law has become just a bureaucratic issue, made of form to fill, with no actual attention to substantive issus. And – that is worse – the Italian Data Protection Authority did almost nothing in the last twelve years to stop this trend.

The proposed SME’s exemption arouse the furious reaction of ICT security lobbies who claimed that this law endagers the whole Italian communication network “safety”.  ?This is a grossly misleading claim since data protection law only deals with a limited subset of data an the security measures related provisions basically provide “paper based security”.

True problem is that – on the contrary – Italian Data Protection Law has been drafted and enforced with a distinctive lack of ? “reality check”, whose result is that now the Parliament is stepping back on its foot.

Posted on

Peppermint, copyright and personal data

A side issue arising from the Peppermint affaire is the relationship between criminal and civil trials rule of evidence.

In a criminal investigation, access to ISP owned traffic data and log files is possible only with a public prosecutor search and seize warrant. One seized, these information are strictly confidential and cannot disclosed – even to the defense counsel – before the trial starts.

The very same data – as the Peppermint affaire shows – can indeed be obtained by a private entity alleging a civivl – not criminal, then – copyright infringement, just asking the civil court to force an ISP to disclose information.

This is a paradox of the Italian legal system, since criminal action is supposed to be the only reason to allow the breach of constitutional rights, while the a civil case only gives the court limited powers. This common-sense rule has been subverted when talking about copyright. Is it fair or acceptable?

Posted on

Fastweb. Again!

That’s incredible! Fastweb answered the Data Protection Authority questions by claiming to ignore ? who was calling me on its behalf, and not to have any personal data belonging to me. A few days after (March, 26) I got a NEW CALL from “Fastweb Commercial Department” trying to sell something.

I’ve reported againg this new fact to the Authority, and now I’m really courious to see who – between Fastweb and the Authority – is better “nuts-equipped”.

More to come…

Posted on

Italian Data Protection Authority and workplace (Internet) privacy

Today the Italian Data Protection Authority issued an official position re: (internet) workplace privacy protection. The bottom line is: employers cannot control how do employees use the Internet during working hours, providing a few exemption to this general “block”. They are simply wrong and tell just the half of the story. Italian courts (including Corte di cassazione – the Supreme Court), indeed, ruled in favour of a more flexible approach when the employer must investigate misbehaviours or crimes. But the data protection people seems not to be aware of it.

What is worse is that to protect employees’ privacy, the Authority is strongly advocacing for preemptive web filtering and content blocking.

That’s a brilliant trade-off: privacy for censorship… and chicks for free!