Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

Italy's data authority calls for Internet regulation [1998] PLBIRp 10; (1998) 44 Privacy Laws and Business International Report 15

Italy’s data authority calls for Internet privacy regulation

A CONFERENCE ON INTERNET AND PRIVACY, organised in Rome by the Italian Data Protection Authority, debated which rules should be applied to this global network. A solution favoured by the Italians was to support privacy enhancing technologies with some regulation.

This was the first conference organ- ised by the Italian Data Protection Authority, Garante, which was appointed just a year ago. The event was a success with 300-400 partici- pants during the two conference days,

Rodotà encouraged the adoption of international measures such as conventions to enhance privacy on the Internet. They should then be supported by national legislation, self-regulation and technology.

Directive 95/46/EC and Telecommu- nications Data Protection Directive 97/66/EC (PL&B, Dec ’97, p. 2-3). First of all, the General Directive applies to personal data, i.e. any infor- mation relating to an identified or

8-9th May. Since most participants were Italian, the authority’s attempt identifiable natural person. The direc- tive’s definition of an identifiabl

to raise awareness of the new law were rewarded. The conference did, however, hear international view- points, as the speaker list included many privacy advocates from abroad. Professor Stefano Rodotà , the President of the Italian Data Protection Authority, drew attention to the huge gap between technologies and legislation in his opening remarks. “Advocates of freedom of information should realise that we always need a legal framework,” Professor Rodotà said. “The focus is now on technologies. A new approach is needed now in the form of legal rules to complement these technologies.” The Internet is a complex question because it a social problem as well as an economic and political one, Rodotà explained. He stressed the question of access which is related to the prices charged to connect to the Internet, and the importance of educating people on how to use the Internet. On the question of harmful content, Rodotà declared that Internet providers should be liable. They should be aware of the content to be able to protect consumers. If harmful content is found, the providers should use a certain amount of censorship.

Italy may, in the future, have specific regulations for privacy on the Internet. The data protection law (675/1996) of December 1996, could originally be amended by the Government by July this year. However, this deadline has now been stretched by another 12 months until July 1999 as the Government needed more time to prepare its proposals.

HOW WILL EU DATA LAW APPLY TO THE INTERNET?

Professor Yves Poullet from the University of Namur, Belgium, addressed the conference by asking how data processing practices on the Internet will have to comply with the Data Protection Directives; the General person is one who can be identified, for example by reference to an identi- fication number. Professor Poullet pointed out that Transport Control Protocol and Internet Protocol addresses, which are required for any computer to be connected to the Internet, may be regarded as identifi- cation numbers. If so, the fact that they enable one to trace the click stream an individual has left on the Internet when browsing could fit under the definition of personal data. Professor Poullet also raised the issue whether the ‘sole consultation’ of a web-site could be regarded as processing in the sense of the directive. Many other problematic questions relating to the General Directive and the Internet were also explored. However, the application of the Telecommunications Data Protection Directive in the Internet environment deserves just as much attention. As the scope of this directive covers publicly available telecommunication services in public telecommunications networks, one may ask which organi- sations providing these services on the Internet could fall under this directive? Also, with regard to the provi- sions prohibiting unsolicited calls for the purpose of direct marketing without consent, data controllers and subjects need to know whether this provision applies to junk e-mail com- monly known as spamming.

These questions are currently tackled by the individual EU Member States implementing both directives. The representative of DGXV of the EC, Marco Gasparinetti, explained that the Telecommunications Data Protection Directive may be applied to the Internet but probably not to other networks such as global airline reservation systems.

LEGISLATION CANNOT COPE WITH FAST CHANGES

The American attitude towards privacy and the Internet was explained by Barbara Wellbery of the US Depart- ment of Commerce. Although there are several sectoral privacy laws in the USA, the emphasis on privacy pro- tection is on self-regulation (PL & B, May ’98, p.12). “The private sector should take the lead as the changes in technologies are so fast that legislation cannot cope,” Wellbery claimed. She went on to emphasise the managementl of compliance, the

need for codes of conduct and a variety of privacy tools for consumers to use.

Wellbery also urged flexible implementation of the EU data pro- tection directive in the Member States. She thought that the new European regime is likely to have dis- astrous consequences on both sides of the Atlantic.