ius and bits

Here below the full press release from the European Commission on the day of the protection of personal data.

Read the rest of this entry »

With a press release dated 22.12.2010 the Authority for the Protection of Personal Data has announced that he had given preliminary approval to the scheme of "Guidelines on the processing of personal data by public entities for the purpose of publishing and distributing Web of records and documents adopted by public administrations. " Read the rest of this entry »

With a press release issued on December 3 last year the European Commission, in the prevention of terrorism and crime, opened negotiations with the U.S. for the protection of personal data. Read the rest of this entry »

On November 30, 2010 was held in Brussels the first European conference on data protection and privacy that I attended on behalf of CINFOR - Centre for Forensic Computing and Innovation.

This was undoubtedly an event of prime importance both for the historic moment for both the thickness of the speakers.

Regarding the moment is undoubtedly important, given that there is a considerable change particularly with regard to the relationship between privacy and new technologies. This is most felt in Europe, but there's fervor also internationally. Read the rest of this entry »

In Arezzo, on 12.11.2010, was held on "Privacy Day", an event entirely devoted to privacy and data protection.

These speakers and their papers: Dr. Andrea Chiozzi - "Privacy in the company: key elements to be in compliance with existing legislation," Mr. Nicola Fabiano - "Identity Theft in Web 2.0: From PETs to Privacy by Design", Dr. Beatrice Rubni (CRIF) - "Methods and tools to protect themselves from identity theft," Mr. Valentina Frediani - "The new general provision on video surveillance," Dr. Luca Bolognini - "e-marketing in the community of the third millennium," Dr. Giuseppe Chiaravalloti (Vice President of the Privacy Guarantor) - "The functions of the Authority for the protection of personal data to protect the community," Dr. M.Giovanni Buttarelli (Added European Ombudsman) - telephone intervention on current issues concerning privacy in Europe, Mr. Rosario Imperiali - "The implications of privacy legislation in the employment relationship," Mr. Iaselli Michele - "The Citizen and privacy: The fundamental right to privacy of personal information," Mr. Luke Giacopuzzi - "Biometrics in the company: the legal system and operational implications", Mr. Victor Lombardi - "Privacy & Detective: Powers and limits imposed by law in the investigative activities," Col. Umberto Rapetto (GATT - Computer anti-fraud Unit of the Guardia di Finanza) - "Safety on the Web, because it is of paramount importance."

Without doubt, very interesting institutional interventions, namely the Vice President of the Guarantor, Dr. Giuseppe Chiaravalloti, and to that of European Added, Dr. John Buttarelli. Dr. Chiaravalloti presented the role and responsibilities of the Authority, stressing the independence of the Guarantor for the protection of personal data that it operates in complete autonomy to protect the public, especially with regard to new technologies evolving.

Of particular importance was the intervention of the European Ombudsman, who confirmed, as anticipated by the European Commission with the release of 4.11.2010 and the launch of public consultation, which is working on all fronts for reform European legislation on privacy, not only with reference to Directive 1995/46/EC, but also with regard to Convention 108 of 28.1.1981 which will be reviewed. The same Dr. Buttarelli has also highlighted the importance of what has been discussed recently within the 32 World Conference of Trustees which was held in Jerusalem, which has, however, adopted the Resolution on Privacy by Design proposal from Commissioner of Ontario ( Canada), Dr. Ann Cavoukian. Basically it emerged at European and international actors and stakeholders, including institutional, we became aware of the fact that it is undergoing a sea change with regard to privacy and personal data. It becomes, therefore, the role of all relevant players, including institutional, to contribute to a suitable modification of existing structures.

My speech was intended to emphasize the phenomenon of identity theft for the user of the web, as well as resources that can help protect privacy and personal data. In fact, I just highlighted the role of Privacy Enhancing Technologies (PET), or technological solutions that improve the privacy they represent - in my personal opinion - the intermediate step to find solutions in the near future according to the patterns of Privacy by Design. In fact, as PBD Ambassador, I could not leave out the privacy by design to be seen as a milestone for privacy, because it is the hub for the future of privacy.

The event was sponsored by numerous organizations, including the CINFOR whom he may support an initiative so thick.

With a press release on 4 November, the European Commission announced it has presented a strategy for the protection of personal data and privacy in Europe.

In particular, we show the steps of the press release indicates that the objectives of:

- Strengthening the rights of individuals so that the collection and use of personal data are strictly necessary. Interested parties must be informed clearly and Transparent about how, why and by whom their data is collected and used. They should be able to give informed consent to treatment, for example when surfing the internet, and have the "right to oblivion" when their data are no longer needed or if they want to have it deleted;

- Strengthen the "internal market" by reducing administrative burdens for companies and ensuring a level playing field. The differences in the implementation of EU data protection rules and the lack of clarity regarding the applicable national law hamper the free movement of personal data throughout the EU and raise costs;

- Revising the rules for data protection in police and judicial cooperation in criminal matters to ensure these areas in the protection of personal data. Under the Treaty of Lisbon, the EU now has the opportunity to lay down comprehensive and consistent data protection for all sectors, including police and judicial cooperation in criminal matters, where specific needs will of course be considered. According to the review, data retained for law enforcement purposes should be covered by the new legal framework. The Commission has also initiated a revision of the Directive on the retention of data from 2006, according to which companies must retain communications traffic data for a period of between six months and two years;

- A high level of protection for data transferred outside the EU through simplified procedures and better for international data transfers. The EU should pursue the same level of protection in cooperation with third countries and promote high international standards of data protection;

- Implement policies more effectively by strengthening and further harmonizing the role and powers of data protection authorities. Strengthened cooperation and coordination are absolutely necessary for ensuring a more consistent application of rules of data protection in the single market.

This is certainly an important announcement, because it is jointly opened a public consultation is available here: http://ec.europa.eu/justice/news/consulting_public/news_consulting_0006_en.htm

In 2011, the Commission will, therefore, "its proposals for a new general legal framework on data protection to be negotiated and adopted by the European Parliament and the Council."

Among the most significant aspects emerge: a) the purpose of strengthening the right of people to ensure greater control of personal data in order to decide whether to cancel (right to oblivion), b) open to question on the retention of data c) the problem of data transferred outside the EU; c) increased powers to the Authority. The Commission seems to have become aware of what specific action it is important to guarantee each person the right to control and use their personal data. In this context, the subject becomes central and primary to any other aspect, with the result that must be assured of protection prior to the process that concerns the processing of data. This is a much more advanced compared to the traditional one that is also compatible with the resolution of Privacy by Design (96) recently adopted by the 32 th Conference of the World Guarantors. In the opinion of this writer can say that it is implementing the privacy of the evolutionary process, so that we can talk about - like the web - even in terms of Policy 3.0.

It will, therefore, should - as a first step - the public consultation and await further developments.

Dr. Ann Cavoukian, Ontario Information and Privacy Commissioner of Ontario (Canada), known for offering the world, first in 1995 with the Dutch Guarantor PETs (Privacy Enhancing Technologies) and then the concept of Privacy by Design, recognized me, " Individual Privacy by Design Ambassador ".

With this recognition is added to the group - at the moment are less than 30 people in the world - made up of professionals of the highest importance and prestige internationally.

I consider this a positive recognition and I hope to do my best.

Moreover, even during the recent World Conference 32 ^ of Trustees, was adopted the Resolution on Privacy by Design (96) proposed by the Commissioner said.

The Privacy by Design is based on 7 principles and provides an approach to reading the concepts of privacy is absolutely innovative and futuristic. Our Privacy Code art. 3 contains a reference to the use of technologies, so that does not seem difficult to combine it with the PETs. The PBD (Privacy by Design) is, in a very concise, evolution of PET. This is to embed (embedded) the concept of privacy in the technological and structural processes that are associated with the processing of personal data.

In my humble opinion, the PBD may be considered, for its evolutionary character, a sort of extra step forward in the field of privacy and then - would be part of the language of the Internet - could speak of privacy 2.0. The feature is to consider how important the role of the person whose privacy should be considered before anything else and protected.

At the 32st World Conference of Trustees Privacy, held in Jerusalem last October 27 to 29 was approved the resolution proposed by Commissioner of Ontario (Canada) - Dr. Ann Cavoukian - on Privacy by Design. This initiative resolution of Dr. Ann Cavoukian was supported by the Privacy Authority of Canada, Germany, Czech Republic, Estonia and New Zealand.

The adoption of this resolution has been called a milestone for the importance of the principles of the Privacy by Design. The most important point of the resolution is as follows [the translation is not official]:

The 32nd Conference:

1. Privacy by Design recognizes as an essential component of the fundamental protection of privacy;
2. Encourage the adoption of the fundamental principles of the Privacy by Design, such as those described below, as a guide for privacy as the default mode in the processes of an organization;
3. Invite the Guarantors and the Commissioner for the Protection and Privacy to:
   1. promote Privacy by Design, as much as possible through the distribution of materials, for the support and education personnel;
   2. promote the integration of the fundamental principles of the Privacy by Design in the formulation of rules of privacy and privacy legislation in their respective jurisdictions;
   3. proactively encourage research on Privacy by Design;
   4. consider adding the Privacy by Design agendas of events taking place at the International Data Privacy Day (January 28);
   5. report to the 33 th International Data Protection and Privacy Commissioners' Conference, where appropriate, activities and initiatives undertaken under the Privacy of their jurisdiction, in order to share best practices.

Dr. Cavoukian is concerned since the '90s of Privacy by Design, which is based on 7 principles which basically consists in considering the centrality of privacy, even in relation to new technologies and ICT, as a factor which must be Embedded ( embedded) in the processes and not just those dealing with new technologies. Indeed, the principles of PBD are absolutely universal and adaptable to the processes of business and network infrastructure. This is, of course concepts that have connotations of innovative and futuristic than that normally discusses addressing the privacy issue.

The resolution adopted is an impulse, a solution that must keep pace with changing times and technologies, because otherwise you run the risk of being left behind remain embroiled in the current arrangements on privacy that certainly will become obsolete.