ius and bits

Since the spring of 2011 in all casinos will be installed a biometric facial recognition video system that will be positioned opposite the front door. This impiano will detect the faces of people accessing the casino but with a guarantee of absolute confidentiality and, therefore, the protection of personal data. Read the rest of this entry »

The European Commissioner Kroes speaking Université Paris-Dauphine last 25.11.2010 has stated how important the topic of cloud computing, stressing that it is more than just a technical challenge. The primary attention is paid to this new paradigm of the Internet is the protection of personal data and privacy. In fact, the risk that is often feared that's what you can somehow access the personal data that are stored on the server, just in clouds, or of which you do not know the actual location.

Ms Kroes stressed that the right to protection of personal data is a fundamental right in Europe.

Particularly interesting was the statement of the Commissioner that there is need to initiate research into the evolution of privacy and above all to seek funds to study issues of "Privacy by Design" and the Privacy Enhancing Technologies.

It 's clear, therefore, be considered as actually starts turning on privacy that will see real changes in the next 10 years.

Ms Kroes said that all European users of cloud computing should be able to know two things:

a) that the provider protects your personal data in an efficient manner, being in line with EU rules on data protection,

b) that all governments of all countries where there are servers in the cloud must have a legal framework to ensure adequate data protection and privacy. There are limited exceptions for reasons of public order and national security, but these must be governed by the rule of law.

Protection of personal data, Kroes said that you must change the rules on privacy that is fundamental right, by answering the following questions:

• How do we Ensure transparency in the processing of personal data? People Should Be Aware of What They are signing up to. They Should Have The Possibility to review Their choice in a user-friendly Manner at any time.
• Data minimization: what can be done To ensure that just the right amount of personal data is' collected, and nothing more?
• – how can that work in practice? The "right to be forgotten" - how can That Work in Practice? Here I want to pass my personal thanks to Nathalie Kosciusko-Morizet Whose relentless work on this subject has-been very valuable. Let me be clear: in my view, the issue is not about Merely deleting all data. Just like in real life, When you present yourself on the net, you can not take no records exist of your past actions. Is that what matters in any given cases Those records are irreversibly made ​​anonymous before further Top is made ​​use of them.
• Data portability. This is all about freedom of choice: the right for you to change your mind and preference about the services you need. Freedom of choice is only possible When a user can transfer raised easily and Freely His or her date to HIM or herself and then Possibly to another service provider.
• Efficient use of the resources Invested in data protection is important - Both the Supervisory Authorities for the industry and for complying with it. Unnecessary administrative burdens Should be removed where possible.

The evolution of the industry also touches on privacy than the traditional and primary configuration with respect to PET (short for Privacy Enhancing Technologies), as are the technologies used to improve the right to privacy. Obviously, these technologies are considered in a neutral manner, ie without any connection to a particular case. This expression was used for the first time in the reports published in 1995 by the thiol "Privacy-enhancing technologies: the path to anonymty", the Dutch Data Protection Authority in collaboration with the Commissioner of Ontario (Canada).

In purely practical terms, the reference to PET technology was aimed at any resource that could reduce the risk of misuse of personal data. Moreover, even at the European Seventh Framework Program (FP7), the European program of funding for research and technological development for the period 2007-2013, has highlighted the importance of adopting technological solutions for privacy protection. On this front is clearly the voice of the European P. Hustinx noted that, instead, a lack of action on this front also about the practical use of PET in important areas.

However, the PET in the '90s, the Privacy Commissioner of Ontario has begun to talk about a new concept called "Privacy by Design" that is, in brief, the evolution of PET without abolishing them, so much so that one speaks of PET Plus In fact, the more delicate profile in terms of confidentiality is made by the entire IT system and its communications through the Internet. Privacy by Design refers to the philosophy and approach to consider privacy in the design specifications of the various technologies.

Basically, the concept of Privacy by Design is housed in the trilogy of applications: 1) IT systems, 2) accountable business practices, and 3) physical design and infrastructure ". In essence:

1) Information Technology;

2) responsible business practices;

3) Design of structures.

In particular, with reference to information technology is affirmed, as already shown, that technology can not constitute a threat to privacy, but an aid for risk reduction. For the responsible business practices, it became evident that privacy should not be interpreted as a burden, a cost that weighs down the entrepreneurial activity, but rather as an advantage for better competitiveness. Finally, the element of design of structures is relevant - according to Commissioner of Ontario - because very often we are forced to see the personal data exposed in public areas such as poorly designed, for example, the waiting rooms of hospitals or office , where it may be - illegally - the personal information disclosed.

Without the context represented by the three previous points, the Privacy by Design is based on seven principles:

1. Proactive not reactive; Preventative Remedial not: the approach to PBD is proactive rather than reactive, the goal is to anticipate events and not wait until it occurs to propose remedial solutions.
2. As the Default Notice: this principle is the preservation of the subject since the good "privacy" shall be considered a priori, in essence, no action is required the person to protect his privacy because personal information is automatically protected in any IT system or commercial, even if the subject does nothing.
3. Privacy embedded into Design: The PBD is embedded in the architecture of the system and business practices and does not constitute a quid pluris, then an element to be placed: it is an essential component of the system that does not affect its functionality.
4. Full Functionality - Positive-Sum not Zero-Sum: The PBD seeks to accommodate all legitimate interests and goals in a win-win type of "win-win" where the compromises are unnecessary and dated by an approach of "zero -sum ", essentially in a traditional context, a person wins and one loses, while the PBD all parties need to be successful. Moreover, "Privacy by design avoids the pretense of false dichotomies, Such as privacy vs.. security, Demonstrating That It is possible to have both ".
5. End-to-End Lifecycle Protection: built-in data at the beginning there is no risk to the end of the treatment process the data, with confidence that, at the end, all data will be destroyed immediately in a safe manner. Thus, the PBD provides cradle to grave life cycle management of information, "end-to-end".
6. Visibility and Transparency: PBD ensures that all stakeholders, regardless of the business practice or technology, may at any time to make proper inquiry in complete transparency.
7. Respect of user privacy over and above all, the PBD requires operators that the interests of individuals are paramount, and therefore providing a strong privacy measures as the default, appropriate information and enhancing user-friendly options, all with an approach to user- centric.

As you can see it is a real revolution of the privacy concerns not only the technical measures to ensure adequate security for personal data, but a series of innovative concepts that go beyond dall'assolutizzare the protection of personal data to arrive at the consideration that Information security is inherent in the concept of privacy.

In the opinion of the writer represents the further evolution of this concept stated with PETs (Privacy Enhancing Technologies), which can determine the scope and operation of the privacy action 3.0. In fact, although these issues include futuristic profile, the evolutionary process is already underway for some time and came in this time with awareness of the need for a new approach to issues of personal data.

It is not just a matter of nominal or theoretical, since there are many practical reflections of Privacy by Design.

Dr. Ann Cavoukian, Ontario Information and Privacy Commissioner of Ontario (Canada), known for offering the world, first in 1995 with the Dutch Guarantor PETs (Privacy Enhancing Technologies) and then the concept of Privacy by Design, recognized me, " Individual Privacy by Design Ambassador ".

With this recognition is added to the group - at the moment are less than 30 people in the world - made up of professionals of the highest importance and prestige internationally.

I consider this a positive recognition and I hope to do my best.

Moreover, even during the recent World Conference 32 ^ of Trustees, was adopted the Resolution on Privacy by Design (113) proposed by the Commissioner said.

The Privacy by Design is based on 7 principles and provides an approach to reading the concepts of privacy is absolutely innovative and futuristic. Our Privacy Code art. 3 contains a reference to the use of technologies, so that does not seem difficult to combine it with the PETs. The PBD (Privacy by Design) is, in a very concise, evolution of PET. This is to embed (embedded) the concept of privacy in the technological and structural processes that are associated with the processing of personal data.

In my humble opinion, the PBD may be considered, for its evolutionary character, a sort of extra step forward in the field of privacy and then - would be part of the language of the Internet - could speak of privacy 2.0. The feature is to consider how important the role of the person whose privacy should be considered before anything else and protected.

At the 32st World Conference of Trustees Privacy, held in Jerusalem last October 27 to 29 was approved the resolution proposed by Commissioner of Ontario (Canada) - Dr. Ann Cavoukian - on Privacy by Design. This initiative resolution of Dr. Ann Cavoukian was supported by the Privacy Authority of Canada, Germany, Czech Republic, Estonia and New Zealand.

The adoption of this resolution has been called a milestone for the importance of the principles of the Privacy by Design. The most important point of the resolution is as follows [the translation is not official]:

The 32nd Conference:

1. Privacy by Design recognizes as an essential component of the fundamental protection of privacy;
2. Encourage the adoption of the fundamental principles of the Privacy by Design, such as those described below, as a guide for privacy as the default mode in the processes of an organization;
3. Invite the Guarantors and the Commissioner for the Protection and Privacy to:
   1. promote Privacy by Design, as much as possible through the distribution of materials, for the support and education personnel;
   2. promote the integration of the fundamental principles of the Privacy by Design in the formulation of rules of privacy and privacy legislation in their respective jurisdictions;
   3. proactively encourage research on Privacy by Design;
   4. consider adding the Privacy by Design agendas of events taking place at the International Data Privacy Day (January 28);
   5. report to the 33 th International Data Protection and Privacy Commissioners' Conference, where appropriate, activities and initiatives undertaken under the Privacy of their jurisdiction, in order to share best practices.

Dr. Cavoukian is concerned since the '90s of Privacy by Design, which is based on 7 principles which basically consists in considering the centrality of privacy, even in relation to new technologies and ICT, as a factor which must be Embedded ( embedded) in the processes and not just those dealing with new technologies. Indeed, the principles of PBD are absolutely universal and adaptable to the processes of business and network infrastructure. This is, of course concepts that have connotations of innovative and futuristic than that normally discusses addressing the privacy issue.

The resolution adopted is an impulse, a solution that must keep pace with changing times and technologies, because otherwise you run the risk of being left behind remain embroiled in the current arrangements on privacy that certainly will become obsolete.

Here below the article published today by Law and Process . It is a part of a larger working under publication.

Privacy, PETs and 01 PBD