Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

FC: Translation of Italian photo-phone privacy law zaniness

Options
  • 28-03-2003 12:37am
    #1
    dahamsta
    Banned (with Prison Access) Posts: 16,659 ✭✭✭✭


    I'm going to email the office of the Data Protection Commissioner to ask about this out of curiosity, and to introduce myself, but before I do I'd like to get other people's input on this. Although I don't appreciate the cynical jibing of The European Way[TM] in the missive below, there is an important underlying point. As far as I'm aware, there have been none of these silly cases - see the Swedish link - in Ireland, but it could be argued that this is because we have an apparently sensible Data Protection Commissioner. However, that may not always be the way.

    Under the terms of the Data Protection Act, I'm a data controller because of my business and the sites I run, and so are the admins here and probably a lot of you too. In fact, if someone were to twist the definitions, it could be argued that we should even register with the Commissioner, but it wouldn't make a difference anyway, since we have to abide by the principles of the DPA whether or which. So is there a possibility we're setting ourselves up for a fall here? What if we got a Data Protection Commissioner who was more easily swayed by political or commercial pressure, or god forbid was apparently incompetent, like a certain regulator we know? Isn't there a change that they could interpret the Act as they damn well please, and start bringing silly cases?

    The DPA has been enormously useful for me, I've used it to great effect in the past few years, and I think I've helped others to understand it and start using it themselves. I'd hate for it to turn into a Tool Of The Devil[TM].

    adam
    Original Message
    From: owner-politech@politechbot.com
    [mailto:owner-politech@politechbot.com]On Behalf Of Declan McCullagh
    Sent: 27 March 2003 14:48
    Subject: FC: Translation of Italian photo-phone privacy law zaniness

    Previous Politech message:
    "Use a photo-cell-phone in Italy, go to jail?"
    http://www.politechbot.com/p-04589.html

    And let's not forget this classic post about Euro-privacy law run amok:
    "EU data directive bans church teacher, dog owner Swedish web sites"
    http://www.politechbot.com/p-01218.html

    -Declan

    ---

    From: "Federico Lucifredi" <flucifredi@acm.org>
    To: <declan@well.com>
    Subject: Re: Use a photo-cell-phone in Italy, go to jail?
    Date: Thu, 27 Mar 2003 01:12:17 -0500
    Organization: Endorfine.org

    Dear Declan,
    I am not sure what Poynter is saying about this, but I'll contribute my
    insight (this is actual material from a government website, and as such it
    is written in "Politichese", which can hardly make any sense at all through
    Babelfish).

    ABSTRACT:
    What the paper says is that this new media has potential for privacy
    violations, and it notifies the telecom providers that if personal data is
    distributed, how such data is distributed should be a matter of concern. I
    do not see any automatic violation of law by sending MMSs there.

    ANALYSIS:
    The paper is an analysis of the multimedia message capability of GPRS
    phones (MMS) in the context of Italy's broken-minded privacy law. A bit of
    insight in the latter is perhaps the most important point here:

    The Italian privacy law is concerned with "trattamento di dati
    personali" ("handling of personal information", which could include your
    name, date of birth, address, and so on. This category is fairly broad). It
    must be noted that in Europe privacy rights of individuals are protected in
    a much stricter way than under current US law. The reason for this (aside
    from some 1984-derived tendencies of the current administration) is, in my
    opinion, that lawmakers in the US look much more closely to enforceability
    and realistic effect of a law than it is the case in Europe (don't laugh, it
    is actually possible to do a lot worse than Congress does!), where the
    theory of what should be protected is paramount, even when actual safeguards
    are non-enforceable or effectively useless.

    The Italian privacy law specifies that you MUST obtain a person's
    authorization to "handle" their personal data -an example of this would be
    me signing an insurance contract, where I will have to put an additional
    signature giving my approval to the company to "handle" my name, address and
    so on. Another aspect of this is that you should notify the "Ombudsman for
    Privacy" (in the document mentioned as "Il Garante") of any such collection
    of personal information. As of the time of the law's passing, the criteria
    under which the Ombudsman would have had the ability to deny a certain
    entity (person, company) the privilege to maintain such collections was not
    defined, and you were only required to register any such collection, and to
    expressly request permission from any person to be inserted in there after
    the laws approval.

    As you can imagine, the only real effect that the law has had so far is
    that you _must_ maintain a large stack of signed papers where people approve
    of you having their address. As the law was analyzed for me, there are no
    specific limits on this so (in a strictly theoretical interpretation), YOU,
    Declan, might have to send the Ombudsman a notification of you possessing a
    list (politechbot's distribution DB) of people and their email addresses
    (the personal data). Furthermore, in theory, I as an Italian citizen should
    send you a letter with my signature approving of you handling such info.

    Things have become more reasonable, and apparently "virtual" signature of
    approval (clicking a button) is enough to give such consensus (otherwise
    mailing lists would have died). I am also not aware of anyone being sued for
    not having registered their personal organizer =)

    The law seems wacko, but in effect it only requires people to sign for
    treatment of data /knowing/ who is authorized to use such data (it must be
    stated), so people can restrict who can handle their data or not. Credit
    reporting agencies obviously cannot exist under such a scheme, at least not
    in US fashion (do I hear a cheer here?).

    So - there it is. What the paper says is that this new media has potential
    for privacy violations, and it notifies the telecom providers that if
    personal data is distributed, how such data is distributed should be a
    matter of concern. I do not see any automatic violation of law by sending
    MMSs there.

    regards -Federico


Advertisement