Technology

Web Key Directory: the technology that every email domain should adopt to ensure the authenticity and security of communications - TL;DR Why Encryption Is the Foundation of Digital Privacy Encryption is the technology that transforms readable information into incomprehensible code for anyone without the decryption key. It’s what protects banking transactions, government communications, and healthcare data. In the context of the European GDPR, strong encryption also enables the transfer of personal data outside the EU: when data is properly encrypted, individuals are no longer identifiable, simplifying regulatory compliance for international communications. Yet, paradoxically, the world’s most used communication technology – email – remains largely unencrypted, exposing billions of daily messages to potential interception. This article explores how the protocol Web Key Directory (WKD) finally solves this paradox, making email encryption simple and automatic: just as we now visit secure websites (HTTPS) without doing anything special, with WKD emails are also encrypted automatically without any user intervention. ...

It’s been months since I deleted my account from Whatsapp. However, other users continue to see my active profile and write to me. Among these, unaware of my decisions, some were concerned about not receiving a response, while others were probably angry. The numerous messages and open tickets to support and even the DPO were no use because nothing has changed. The FAQ states, “It may take up to 90 days from the beginning of the deletion process to delete your WhatsApp information.”. I am considering other initiatives, indeed. All this shows how a Whatsapp user has no control over their personal data. ...

Chapter III of the GDPR is related to the Rights of the data subject. The data subject is at the centre of the system and is the only one entitled to exercise the power of control over their data. In particular, it is well-known as provided by Whereas (7) of the GDPR, according to which Natural persons should have control of their own personal data. Legal and practical certainty for natural persons, economic operators and public authorities should be enhanced. ...

In one of our previous contributions, we stated that the human being needs to communicate (the first axiom of the Palo Alto School)[1] , and the advantage offered by the Internet of interacting with other people even at a distance has been successful. Moreover, numerous popular and scientific contributions described the social evolution (or involution, depending on the point of view), and it is undoubted understandable that it may have legal and juridical repercussions. ...

The year is ending and I would propose some food for thoughts. Nowadays it seems that people are slaves of digital life, captured by devices and online social phenomena. What kind of phenomenon are we living? Is it a battle where people fight against digital contents provider or are we fighting against ourselves? Probably, it isn’t precisely a battle, but a matter of approach. The human uncontrollable desire to be potentially anywhere leads us to exalt the power of digital resources if we can be - although virtually - somewhere in the world together with others, showing our presence anyway. People, to realise this kind of digital desire, are available to unconditionally provide their personal data to everyone (developers or software provider) requires them. People can be excited by digital resources, but probably they don’t realise that in that way they risk being victims if it happens without awareness. We have always to balance the will to have any apps necessary to exhibit ourselves with the awareness about our personal data. What kind of addiction is it? Are we exaggerating, but above all, are we aware? Is it a human factor? The human factor is unpredictable and uncontrollable if not solely by our consciousness and awareness. We cannot discuss only in terms of abuse or misuse of personal data by developers and companies, but - above all - it is a matter of people’s awareness. Any organization or company has its own digital sovereignty and should act respecting human dignity firstly, consequently data protection laws and hence the “data protection by design and by default” principle. Generally speaking, respecting privacy and data protection should not mean to behave well only to avoid to be exposed to fines or sanctions but, essentially, to comply with the accountability principle, looking over, toward the right balance between ethics, human dignity and norms. ...

I was invited, as President of the Data Protection Authority of San Marino, to speak at the “5G Italy 2019” event held in Rome. Below is the video of my speech (from minute 2:34:59 to 2:44:26) held on December 3, 2019: my opinion on the role of the privacy supervisory authority regarding 5G and emerging technologies. What is the approach regarding the relationship between personal data protection and emerging technologies? ...

To my work as a lawyer, I wanted to add that of research, combining legal skills with technical ones; it is not simple; indeed, it is very demanding.It is necessary to always keep in mind that researchers must conduct any research activity with scientific rigour and based on objective elements, without neglecting any other contributions already published. The in-depth study phase of research topics is particularly tricky as it is necessary to always pay maximum attention to the object of the analysis and to the aspects that are intended to be highlighted. ...

The Swedish Data Protection Authority fined a school to pay about 20,000.00 euros. The measure is currently available only in Swedish; therefore, we propose the news with a brief comment without further details. Facial recognition system. © Nicola Fabiano - All rights reserved What has it happened? A Swedish school used a facial recognition system on the students to verify their attendance. During the preliminary investigation by the Swedish supervisory authority, the school defended itself by stating that the students expressed their consent. The supervisory authority closed the investigation sanctioning the school. ...

The “Privacy by Design” principle has been known for years and was the subject of the resolution adopted by the 32nd International Conference of Data Protection and Privacy Commissioners in 2010. The GDPR in Article 25 regulates the principle “Data protection by design and by default” perhaps better known as “Data protection by design and by default”. A premise is necessary. Confidentiality, “privacy”, in Europe is a fundamental right pursuant to Article 7 (Respect for private and family life) of the Charter of Fundamental Rights of the European Union which states: ...

On January 12, 2018 the advanced training course on personal data protection for professional training of the Data Protection Responsible, better known as Data Protection Officer (DPO), will begin. The course - which enjoys the patronage of the Data Protection Authority - was activated in implementation of the Memorandum of Understanding of April 28, 2017, signed between the National Bar Council (CNF) and the National Council of Engineers (CNI), on a project by the Italian Foundation for Forensic Innovation (FIIF) and thanks to the interest of the two National Councilors Lawyer Carla Secchieri and Engineer Luca Scappini who assume its coordination. ...