Privacy 2.0: The Italian Record

In the 2.0 world, the protection of personal data appears to have become today’s hot topic. Very recently, Navi Pillay, U.N. high commissioner for human rights, maintained that digital surveillance has become a dangerous habit rather than an extraordinary measure, maintaining that those rights guarded offline should be protected in the same way even inside the digital ecosystem. In this respect, Italy seems to have made the first move. The Belpaese, often a taillight in European classifications as far as innovation and the digital are concerned, lagging in the development of bandwidth or the digitization of the public administration, has attained an important record on the subject of the protection of personal data.

In fact, our country was the first in Europe to put bolts on the doors of the Mountain View giant in order to guarantee a more efficient guardianship over its users’ privacy — a job that lasted more than a year, and that saw side by side “Big G” and the Italian guarantor for private data, headed by Antonello Soro. The objective, as Soro himself declared, “was not to establish sanctions in the event of improper practices, but rather to write rules together that Google would have to adhere to.” The provision does not limit itself to calling for respect for privacy, but indicates precise measures that Google will need to adopt to conform to the new law.

The introduction of this new standard constitutes a real revolution because from this moment on, it will no longer be taken for granted that whoever uses the services Google offers consents to the unconditional use of his or her own data. Even if the search engine has tried to comply with European rules on matters of privacy — especially after the Court of Justice’s ruling on the “right to be forgotten” — many points remain unresolved. And it was precisely to correct these mistakes that the Italian authority intervened.

The critical points singled out by the guarantor relate to the inadequacy of the information provided to users, to the missing request for agreement on the proliferation of the data, and at other times to its retention. In this sense, Google will be required to clearly explain, in its general informational statement, that the data is collected and used for commercial purposes, for visible advertising, and to specify the ever more sophisticated techniques of proliferation that by now go well beyond simple cookies.

For their part, through a simple and clear mechanism — a clickable banner where they can accept or deny — the users can choose, instance by instance, whether they agree or not to their data being used. As far as retention patterns are concerned, Google will have to specify definite time periods based on the norms of the privacy code, both for data kept on “active” systems and archived data. In the first case, the guarantor has determined that the cancellation has to be completed within two months of a request having been made, and for archived data within six months.

Google will have 18 months to conform to the regulations. In this time period, the guarantor will monitor the implementation of the measures. By next September 30, Google will have to submit a verification protocol to the authority Soro heads that will become binding as soon as it is signed.

About this publication


Be the first to comment

Leave a Reply