Editorial Director: Giusella Finocchiaro
Web Content Manager: Giulia Giapponesi

The 50th annual session of the UNCITRAL Commission will be held in Vienna from the 3rd to the 21th July 2017. During the session the Commission will consider the deliberations and decisions of its Working Group IV on Electronic Commerce regarding the finalization and adoption of a Model Law on Electronic Transferable Records.

In 2011, the Commission mandated the Working Group IV to undertake work on electronic transferable records. The Working Group has worked on that subject from its forty-fifth session (Vienna, 10-14 October 2011) to its fifty-fourth session (Vienna, 31 October-4 November 2016). At its fifty-fourth session, the Working Group asked the Secretariat to revise both the draft model law on electronic transferable records and explanatory materials contained in document and to transmit the revised texts to the Commission for consideration at its fiftieth session. For these reasons, the Working Group invited the UNCITRAL Secretariat to forward the text to all Member States and international organisations for their opinions, in order to submit their comments to the UNCITRAL Commission at its 50th session.

Meanwhile, in 2016, the UNCITRAL Commission assigned to the Working Group a new project regarding new identity management and trust services, as well as cloud computing, underlying that it would have been premature to prioritize between the two topics. Therefore the Commission asked the Secretariat and the Working Group to continue updating and conducting preparatory work on the two topics, assessing their parallel execution and reporting back to the Commission so that it could make an informed decision at a future session, including the priority to give to each topic. In that context, it was mentioned that priority should be based on practical needs, rather than on how interesting the topic was or upon the feasibility of work.

 

 

 

posted by admin on luglio 18, 2011

Privacy, Senza categoria

(No comments)

As anticipated, the second booklet presented with the Annual Report of the Italian Authority for the protection of personal data deals with the system of cloud computing. Here we present a brief summary for the benefit of those who have doubts about the level of security and confidentiality of their data uploaded “in the cloud”.

Given the increasing offer of these services, the booklet presents itself as a “series of precautions” aimed at encouraging their appropriately aware and responsible use.

“Cloud computing” is a set of services for which resources are easily accessible and configurable on a network. Once they are connected to a cloud provider, users can perform certain activities such as using remote software not directly installed on their computers or save data on online storage systems.

It is essential to differentiate between private and public clouds. In neither case does the data reside on users’ “physical” servers, but whereas a private cloud is a closed system dedicated to the needs of a single organization, management of which is entrusted to a third party (easy to control), the infrastructure of a public cloud is owned by a supplier, the use of which is made on the web.

In a public cloud, confidentiality and availability of information are entrusted to the security mechanisms adopted by service providers and users who upload their data lose most of their ability to exercise adequate control over it.

The Italian Authority focuses on a number of aspects regarding cloud computing that require particular attention. For example if the chosen service is the end product of a transformation chain of services from other service providers apart from the vendor the user signs the service contract with, it may not be possible to ascertain which of several managers of intermediate services can access certain data. In addition to this, in the absence of adequate guarantees on the quality of network connections, temporary problems of data accessibility may be experienced due to breakdowns or traffic overloads; in other cases, portability and interoperability might be jeopardized by the passage of data and documents from one cloud system to another, or during an exchange of information with users of different clouds.

Outsourcing data to remote providers is not the same as keeping it on one’s own system: there are advantages and drawbacks that need to be taken into consideration. In this regard the Authority has drawn up a series of actions that are to be considered indispensable in order to use cloud services with due care and awareness:

 

-Prioritize consideration of risks and benefits of the services offered.

 

- Prefer services that facilitate data portability.

 

- Ensure the availability of data in case of need.

 

- Select the data to be included in the cloud.

 

- Do not lose sight of data.

 

- Be aware of where data will effectively reside.

 

- Pay careful attention to terms of contracts.

 

- Check the conservation policies of persistent data.

 

- Demand appropriate safeguards for the protection of confidentiality of data.

 

- Provide appropriate training for staff

 

The Authority closes with the reminder that the adoption of outsourced services does not relieve companies and public administration of their responsibilities for the protection of personal data. Thus, when using cloud computing it is essential to “rationalize its distinctive features in order to identify potential risks associated with such services and therefore to be able to take effective and specific protection measures.”

 

posted by Giusella Finocchiaro on giugno 30, 2011

Privacy

(No comments)

The presentation of the Italian Privacy Authority’s Annual Report in Parliament today has provided much food for thought.

There are many talking points, starting with the title of the Report itself, “Men and data”.

As stated in the report, “Men and data cannot be split up into different worlds. Data are not only the product of men and their ability to communicate and organize, but are now also an essential part of their way of being.” This is particularly evident in the world of “self exposure and global transparency”, especially in that world of social networks. In this context, speaking of the “right to oblivion” runs the daily risk of being perceived as laying unacceptable claim to restricting the right to “know” in all its meanings.”

In his speech the Authority’s President, Francesco Pizzetti raised many new issues such as net neutrality, the obligation to report serious breaches and the need to redefine responsibilities in the area of complex chains of data processing.

Great importance was given to the risks posed by cloud computing, smartphones and tablets, tools which can transform each potential user into an “Electronic Hop-o’-My-Thumb”, who often unconsciously leave the traces of their movements, as they have left their device’s location-based systems turned on.

This year the Authority’s Report also offers two modules on cloud computing and smart phones and tablets, which set out guidelines respectively for responsible use of services and current scenarios and operational prospects.

There is also a certain critical element in the Report regarding the current system of telemarketing and the recent Development Decree (decreto sviluppo).

The Authority recommends putting off unnecessary changes while waiting for the pending redefinition of the European guidelines, which in all likelihood will take the form of a directly binding Regulation. The Authority also hopes that its jurisdiction on making provision for new minimum security measures for the protection of personal data will be recognized. Obviously, given the quality of recent legislative measures, this would be preferable.

 

  • Recent comments

  • Popular posts

    • None found