Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
FC: Translation of Italian photo-phone privacy law zaniness
Options
-
28-03-2003 12:37amI'm going to email the office of the Data Protection Commissioner to ask about this out of curiosity, and to introduce myself, but before I do I'd like to get other people's input on this. Although I don't appreciate the cynical jibing of The European Way[TM] in the missive below, there is an important underlying point. As far as I'm aware, there have been none of these silly cases - see the Swedish link - in Ireland, but it could be argued that this is because we have an apparently sensible Data Protection Commissioner. However, that may not always be the way.
Under the terms of the Data Protection Act, I'm a data controller because of my business and the sites I run, and so are the admins here and probably a lot of you too. In fact, if someone were to twist the definitions, it could be argued that we should even register with the Commissioner, but it wouldn't make a difference anyway, since we have to abide by the principles of the DPA whether or which. So is there a possibility we're setting ourselves up for a fall here? What if we got a Data Protection Commissioner who was more easily swayed by political or commercial pressure, or god forbid was apparently incompetent, like a certain regulator we know? Isn't there a change that they could interpret the Act as they damn well please, and start bringing silly cases?
The DPA has been enormously useful for me, I've used it to great effect in the past few years, and I think I've helped others to understand it and start using it themselves. I'd hate for it to turn into a Tool Of The Devil[TM].
adam
Original Message
From: owner-politech@politechbot.com
[mailto:owner-politech@politechbot.com]On Behalf Of Declan McCullagh
Sent: 27 March 2003 14:48
Subject: FC: Translation of Italian photo-phone privacy law zaniness
Previous Politech message:
"Use a photo-cell-phone in Italy, go to jail?"
http://www.politechbot.com/p-04589.html
And let's not forget this classic post about Euro-privacy law run amok:
"EU data directive bans church teacher, dog owner Swedish web sites"
http://www.politechbot.com/p-01218.html
-Declan
---
From: "Federico Lucifredi" <flucifredi@acm.org>
To: <declan@well.com>
Subject: Re: Use a photo-cell-phone in Italy, go to jail?
Date: Thu, 27 Mar 2003 01:12:17 -0500
Organization: Endorfine.org
Dear Declan,
I am not sure what Poynter is saying about this, but I'll contribute my
insight (this is actual material from a government website, and as such it
is written in "Politichese", which can hardly make any sense at all through
Babelfish).
ABSTRACT:
What the paper says is that this new media has potential for privacy
violations, and it notifies the telecom providers that if personal data is
distributed, how such data is distributed should be a matter of concern. I
do not see any automatic violation of law by sending MMSs there.
ANALYSIS:
The paper is an analysis of the multimedia message capability of GPRS
phones (MMS) in the context of Italy's broken-minded privacy law. A bit of
insight in the latter is perhaps the most important point here:
The Italian privacy law is concerned with "trattamento di dati
personali" ("handling of personal information", which could include your
name, date of birth, address, and so on. This category is fairly broad). It
must be noted that in Europe privacy rights of individuals are protected in
a much stricter way than under current US law. The reason for this (aside
from some 1984-derived tendencies of the current administration) is, in my
opinion, that lawmakers in the US look much more closely to enforceability
and realistic effect of a law than it is the case in Europe (don't laugh, it
is actually possible to do a lot worse than Congress does!), where the
theory of what should be protected is paramount, even when actual safeguards
are non-enforceable or effectively useless.
The Italian privacy law specifies that you MUST obtain a person's
authorization to "handle" their personal data -an example of this would be
me signing an insurance contract, where I will have to put an additional
signature giving my approval to the company to "handle" my name, address and
so on. Another aspect of this is that you should notify the "Ombudsman for
Privacy" (in the document mentioned as "Il Garante") of any such collection
of personal information. As of the time of the law's passing, the criteria
under which the Ombudsman would have had the ability to deny a certain
entity (person, company) the privilege to maintain such collections was not
defined, and you were only required to register any such collection, and to
expressly request permission from any person to be inserted in there after
the laws approval.
As you can imagine, the only real effect that the law has had so far is
that you _must_ maintain a large stack of signed papers where people approve
of you having their address. As the law was analyzed for me, there are no
specific limits on this so (in a strictly theoretical interpretation), YOU,
Declan, might have to send the Ombudsman a notification of you possessing a
list (politechbot's distribution DB) of people and their email addresses
(the personal data). Furthermore, in theory, I as an Italian citizen should
send you a letter with my signature approving of you handling such info.
Things have become more reasonable, and apparently "virtual" signature of
approval (clicking a button) is enough to give such consensus (otherwise
mailing lists would have died). I am also not aware of anyone being sued for
not having registered their personal organizer
The law seems wacko, but in effect it only requires people to sign for
treatment of data /knowing/ who is authorized to use such data (it must be
stated), so people can restrict who can handle their data or not. Credit
reporting agencies obviously cannot exist under such a scheme, at least not
in US fashion (do I hear a cheer here?).
So - there it is. What the paper says is that this new media has potential
for privacy violations, and it notifies the telecom providers that if
personal data is distributed, how such data is distributed should be a
matter of concern. I do not see any automatic violation of law by sending
MMSs there.
regards -Federico1
Advertisement