Posts

The year is ending and I would propose some food for thoughts. Nowadays it seems that people are slaves of digital life, captured by devices and online social phenomena. What kind of phenomenon are we living? Is it a battle where people fight against digital contents provider or are we fighting against ourselves? Probably, it isn’t precisely a battle, but a matter of approach. The human uncontrollable desire to be potentially anywhere leads us to exalt the power of digital resources if we can be - although virtually - somewhere in the world together with others, showing our presence anyway. People, to realise this kind of digital desire, are available to unconditionally provide their personal data to everyone (developers or software provider) requires them. People can be excited by digital resources, but probably they don’t realise that in that way they risk being victims if it happens without awareness. We have always to balance the will to have any apps necessary to exhibit ourselves with the awareness about our personal data. What kind of addiction is it? Are we exaggerating, but above all, are we aware? Is it a human factor? The human factor is unpredictable and uncontrollable if not solely by our consciousness and awareness. We cannot discuss only in terms of abuse or misuse of personal data by developers and companies, but - above all - it is a matter of people’s awareness. Any organization or company has its own digital sovereignty and should act respecting human dignity firstly, consequently data protection laws and hence the “data protection by design and by default” principle. Generally speaking, respecting privacy and data protection should not mean to behave well only to avoid to be exposed to fines or sanctions but, essentially, to comply with the accountability principle, looking over, toward the right balance between ethics, human dignity and norms. ...

To my work as a lawyer, I wanted to add that of research, combining legal skills with technical ones; it is not simple; indeed, it is very demanding.It is necessary to always keep in mind that researchers must conduct any research activity with scientific rigour and based on objective elements, without neglecting any other contributions already published. The in-depth study phase of research topics is particularly tricky as it is necessary to always pay maximum attention to the object of the analysis and to the aspects that are intended to be highlighted. ...

The Swedish Data Protection Authority fined a school to pay about 20,000.00 euros. The measure is currently available only in Swedish; therefore, we propose the news with a brief comment without further details. Facial recognition system. © Nicola Fabiano - All rights reserved What has it happened? A Swedish school used a facial recognition system on the students to verify their attendance. During the preliminary investigation by the Swedish supervisory authority, the school defended itself by stating that the students expressed their consent. The supervisory authority closed the investigation sanctioning the school. ...

For the second consecutive year, I participated in “The Eleventh International Conference on Evolving Internet - INTERNET 2019”, organised by the International Academy, Research, and Industry Association (IARIA) which was held in Rome from June 30th to July 4th 2019. Furthermore, my participation was also as the chair of the special track “RAIEDP: Robotics, Artificial Intelligence, Ethics and Data Protection” together with my colleague Filippo Bianchini (co-chair). I presented the contribution entitled “The Meaning of ‘Accountability’, ‘Responsibility’ and ‘Liability’ in the GDPR: Proposal for an Ontology”. ...

I note from the statement published on the EDPS website that Giovanni Buttarelli passed away. The news much saddens me. The post published on the EPDS website defines Giovanni Buttarelli such a kind and brilliant individual. Throughout his life, Giovanni dedicated himself completely to his family, to the service of the judiciary and the European Union and its values. His passion and intelligence will ensure an enduring and unique legacy for the institution of the EDPS and for all people whose lives were touched by him ...

I am honoured to be a member of the Program Committee of the 8th International Conference on e-Democracy that will be held in Athens on 12-13 December 2019. Below the official communication. Spread the information the about the conference. Dear colleagues, Duetonumerous requests from potential authors, the submission deadline of 8th International Conference on e-Democracy: Safeguarding Democracy and Human Rights in the Digital Age has been extended to August 18, 2019. ...

Court of Justice of the European Union - PRESS RELEASE No 99/19 - Luxembourg, 29 July 2019. Here the document: https://curia.europa.eu/jcms/upload/docs/application/pdf/2019-07/cp190099en.pdf

After one year, many people make evaluations, while others forecast or organise events. My purpose is not celebratory but purposeful and prodromal: what are the aspects concerning the protection of personal data on which it would be appropriate to reflect and which deserve further investigation? One of the most relevant aspects is undoubtedly the “awareness” that it means “to have exact consciousness about himself”. Among the principles laid down in the GDPR, the “accountability” (art. 5, paragraph 2) is the central pillar. The data controller or the data processor who has to respect the “accountability” principle must necessarily be aware of “having a perfect consciousness about himself” on the knowledge of the GDPR rules and principles. It is not about a purely technical-juridical knowledge that would favour the jurist in the application of the laws. Reading the GDPR often goes beyond the qualification of the rules of conduct that are part of the legal system: there is much more over. We cannot ignore the fundamental rights provided for by the European Charter and by the Convention 108 plus. ...

Some weeks ago I gave an interview to Ingenium Magazine and it has been published here. Grateful to Sonia Montegiove.

The IoT is innovative and important phenomenon prone to several services ad applications, but it should consider the legal issues related to the data protection law. However, should be taken into account the legal issues related to the data protection and privacy law. Technological solutions are welcome, but it is necessary, before developing applications, to consider the risks which we cannot dismiss. Personal data is a value. In this context is fundamental to evaluate the legal issues and prevent them, adopting in each project the privacy by design approach. Regarding the privacy and security risks, there are some issues with potential consequences for data security and liability. The IoT system allows us to transfer data on the Internet, including personal data. In this context, it is important to consider the new European General Data Protection Regulation (GDPR) - already in force from 24 May 2016 - that will be applicable on 25 May 2018. The GDPR introduces Data Protection Impact Assessment (DPIA), data breach notification and very hard administrative fines in respect of infringements of the Regulation. ...