From a legal point of view, privacy protection in Italy has far-reaching origins. The first law raises to the end of 1996 with Law 675 issued to respect the Schengen Agreements. But in Italy, the first true legal discipline based on shared common guidelines within the European Community, has been applied with Legislative Decree 196 from 2003.
In Legislative Decree 196/03, for the first time, the minimal IT security’s measures for data retention were mentioned with non-exhaustive examples: passwords, antivirus, screensavers and firewalls.
To describe better it in a temporal context, this law was born in a time in which there was a decrease of the new economy’s bubble, when Google was at the beginning, Facebook and social network did not exist and maybe Steve Jobs didn’t think the Iphone.
But today what does “privacy” mean? The digital world is more evolved and complex, the security is weak and the attention about the fundamental right to privacy is increased. Is again possible or the actual and future technology, more invasive, doesn’t permit to realize this law?
Different are the interventions of the competition regulator of the application D.Lgs 196, in order to find other modalities of legal protection to a legal discipline not upgraded with the technologic evolution. The most well-known provisions are linked to: the abolition of the drafting of the “Documento Programmatico sulla Sicurezza”, the rules for sensitive data provided spontaneously through the CV, the right to oblivion, the opposition register and the cookies information.
On date 15th December 2015, in the offices of the European Commission there was found an agreement on unique text for the privacy in order to balance the different laws of every EU countries.
In particular the agreement between the EU members is arrived at:
· a Data Protection Directive for police and judiciary;
· a unique regulation for all the EU (General Data Protection Regulation) and a unique authority of European vigilance. In about two years it should regulate itself using penalties for defaulting companies from 2% to 4% of annual turnover.
The Regulation assimilates the right to oblivion, the right of transferability of data between the Service Provider, the right of notice of unauthorized accesses by third party to own personal and sensitive data.
Better informative rules are introduced and the limits on automated processing of personal data are defined. The bases for the exercise of new rights are also laid down and rigorous criteria for the transfer of data are established outside the European Community.
It is important to remember that all big players in the digital world: Google, Facebook, Amazon, Microsoft and Apple have their headquarters outside the European Union territory.
The new General Data Protection Regulation (GDPR) will come into force in all EU countries from 25 May 2018.
Is your company in charge of data collection? Have all the benefits for the different marketing activities been gathered? What are the modes used for profiling users?
These are some of the questions that E-Business Consulting will help you to solve, because privacy is not just a legal aspect, it's not just a bureaucratic aspect, it's not just a technology infrastructure issue, but it's an organizational model and only an agency of Marketing that knows in detail all the digital tools can help you find the best management mode.
E-Business Consulting is a company that has been active since 2003 and has been engaged in privacy consulting for important companies already in the implementation of Legislative Decree 196/03, organizing a roadshow in major Italian cities in collaboration with IBM. Call us for a consultation!