FC: Translation of Italian photo-phone privacy law zaniness

[Declan McCullagh <declan () well com>]

Previous Politech message:
"Use a photo-cell-phone in Italy, go to jail?"
http://www.politechbot.com/p-04589.html

And let's not forget this classic post about Euro-privacy law run amok:
"EU data directive bans church teacher, dog owner Swedish web sites"
http://www.politechbot.com/p-01218.html

-Declan

---

From: "Federico Lucifredi" <flucifredi () acm org>
To: <declan () well com>
Subject: Re: Use a photo-cell-phone in Italy, go to jail?
Date: Thu, 27 Mar 2003 01:12:17 -0500
Organization: Endorfine.org

Dear Declan,
     I am not sure what Poynter is saying about this, but I'll contribute my
insight (this is actual material from a government website, and as such it
is written in "Politichese", which can hardly make any sense at all through
Babelfish).

ABSTRACT:
What the paper says is that this new media has potential for privacy
violations, and it notifies the telecom providers that if personal data is
distributed, how such data is distributed should be a matter of concern. I
do not see any automatic violation of law by sending MMSs there.

ANALYSIS:
    The paper is an analysis of the multimedia message capability of GPRS
phones (MMS) in the context of Italy's broken-minded privacy law. A bit of
insight in the latter is perhaps the most important point here:

    The Italian privacy law is concerned with "trattamento di dati
personali" ("handling of personal information", which could include your
name, date of birth, address, and so on. This category is fairly broad). It
must be noted that in Europe privacy rights of individuals are protected in
a much stricter way than under current US law. The reason for this (aside
from some 1984-derived tendencies of the current administration) is, in my
opinion, that lawmakers in the US look much more closely to enforceability
and realistic effect of a law than it is the case in Europe (don't laugh, it
is actually possible to do a lot worse than Congress does!), where the
theory of what should be protected is paramount, even when actual safeguards
are non-enforceable or effectively useless.

   The Italian privacy law specifies that you MUST obtain a person's
authorization to "handle" their personal data -an example of this would be
me signing an insurance contract, where I will have to put an additional
signature giving my approval to the company to "handle" my name, address and
so on. Another aspect of this is that you should notify the "Ombudsman for
Privacy" (in the document mentioned as "Il Garante") of any such collection
of personal information. As of the time of the law's passing, the criteria
under which the Ombudsman would have had the ability to deny a certain
entity (person, company) the privilege to maintain such collections was not
defined, and you were only required to register any such collection, and to
expressly request permission from any person to be inserted in there after
the laws approval.

    As you can imagine, the only real effect that the law has had so far is
that you _must_ maintain a large stack of signed papers where people approve
of you having their address. As the law was analyzed for me, there are no
specific limits on this so (in a strictly theoretical interpretation), YOU,
Declan, might have to send the Ombudsman a notification of you possessing a
list (politechbot's distribution DB) of people and their email addresses
(the personal data). Furthermore, in theory, I as an Italian citizen should
send you a letter with my signature approving of you handling such info.

  Things have become more reasonable, and apparently "virtual" signature of
approval (clicking a button) is enough to give such consensus (otherwise
mailing lists would have died). I am also not aware of anyone being sued for
not having registered their personal organizer =)

    The law seems wacko, but in effect it only requires people to sign for
treatment of data /knowing/ who is authorized to use such data (it must be
stated), so people can restrict who can handle their data or not. Credit
reporting agencies obviously cannot exist under such a scheme, at least not
in US fashion (do I hear a cheer here?).

  So - there it is. What the paper says is that this new media has potential
for privacy violations, and it notifies the telecom providers that if
personal data is distributed, how such data is distributed should be a
matter of concern. I do not see any automatic violation of law by sending
MMSs there.

regards -Federico

---

To: declan () well com, gnu () new toad com
Subject: Re: FC: Use a photo-cell-phone in Italy, go to jail?
Date: Wed, 26 Mar 2003 16:15:48 -0800
From: John Gilmore <gnu () toad com>

Don't forget that anyone with an ordinary cellphone can "easily and
immediately place in circulation" audio "bugging" of private and
public places.  It's not just cam-phones that can reduce privacy.

        John

[Not to mention standard old analog cameras... You know, the type that all 
the tourists to Italy bring with them... --Declan]




-------------------------------------------------------------------------
POLITECH evening reception in New York City at 7 pm, April 1, 2003 at CFP:
http://www.politechbot.com/events/cfp2003/
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------