The contribution reported below was published on betapress.it at this page.
 |
|---|
| Credits Council of Europe |
On January 28, 2021, the 15th Data Protection Day was celebrated. In fact, on April 26, 2006, the Committee of Ministers of the Council of Europe decided to launch a Data Protection Day, to be celebrated every year on January 28. Convention 108 was the first binding international treaty on data protection and a model for many other data protection regulations. This year, the 40th anniversary of the opening for signature of Council of Europe Convention 108 for the protection of individuals with regard to automatic processing of personal data was also celebrated.
Indeed, on January 28, 1981 in Strasbourg, Treaty No. 108 (reference is ETS No.108) of the Council of Europe was opened for signature by Member States and for accession by non-member States. The title of Treaty No. 108 is “Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data”. Convention 108 (ETS No. 108) entered into force on October 1, 1985 with 5 ratifications.
Italy signed it on February 2, 1983 and ratified it on March 29, 1997, but the date of entry into force is July 1, 1997. This Convention represents the first binding international instrument whose purpose is the protection of individuals against the abusive use of automatic processing of personal data, and which regulates cross-border data flows. In addition to the guarantees provided for the automatic processing of personal data, the aforementioned Convention 108 bans the processing of “sensitive” data on racial origin, political opinions, health, religion, sexual life, criminal convictions, in the absence of guarantees provided by domestic law.
On May 18, 2018, after 7 years of intense work and negotiations, the Protocol (CETS No. 223) amending Convention 108 was adopted by the 128th ministerial session of the Committee of Ministers of the Council of Europe, held in Elsinore, Denmark. It is therefore renewed in a modernized version called Convention 108+. Convention 108+ consists of a total of 31 articles and will enter into force upon ratification by all Parties to Treaty STE 108, or on October 11, 2023, if by that date there are 38 parties to the Protocol.
Currently there are 10 ratifications and 33 signatures not followed by ratification. Italy signed it on March 5, 2019 and has not yet ratified it; San Marino signed it on July 16, 2019 and has not yet ratified it. The month of May 2018 also saw the application of EU Regulation 2016/679, better known as GDPR (acronym for General Data Protection Regulation), which constitutes the European discipline on the protection of natural persons with regard to the processing of personal data.
To the aforementioned regulation, for Italy, is added the discipline of the privacy code (Legislative Decree 196/2003). To whom do we provide our personal data and why? It is necessary to acquire awareness. The qualitative leap can only be made with adequate awareness of the topic we are addressing or that we intend to address. What are the challenges to face? Among the main challenges, the COVID-19 pandemic must certainly be mentioned, whose effects are before everyone’s eyes: this, however, is not only evaluable from a medical and health point of view and presents various issues related precisely to the protection of personal data. On the one hand, it is undeniable that since the beginning of the pandemic there has been an exponential increase in the use of available technologies and digital resources, but little has been said about the risks related to privacy and personal data protection. On the other hand, the processing of large quantities of data on the health of natural persons must be carried out in full compliance with current legislation and with the adoption of all appropriate security measures.
Furthermore, in recent times there has been much talk about vaccines and the international context is questioning the lawfulness of solutions such as vaccine passports or immunity passports. Another challenge is that of Artificial Intelligence (AI). The European Commission has long created the group of experts called “AI High Level Group” and the CoE has created the Ad hoc Committee on Artificial Intelligence (CAHAI). Furthermore, on January 28 the Council of Europe published guidelines on facial recognition, stating the need for strict regulation to prevent human rights violations.
A further challenge, as I have already said on several occasions and most recently in my book, is that relating to Neurosciences. In particular, there is an alarm related to the impact that technologies adopted in the field of neurosciences can have on personal data protection and privacy. This is an aspect that in the USA they have been observing for some time, but - due to the approach to privacy of that country - with results adherent to their constitutional framework. These phenomena must be carefully evaluated; ethics is undoubtedly a fundamental element.
My approach, based on the relational model called DAPPREMO (acronym for Data Protection and Privacy Relationships Model), could be useful for exploring these aspects. The theme of neurosciences in relation to the impact on personal data protection and privacy, without doubt, could be the most important one for our times, so much so that - provocatively - I launched the idea of a new category of rights that I have defined “neuroprivacy rights”.