Editorial Director: Giusella Finocchiaro
Web Content Manager: Giulia Giapponesi

posted by admin on maggio 9, 2016

digital identity

(No comments)

THE ITALIAN DPA HAS RULED IN FAVOUR OF THE APPEAL BY A USER, TO WHOM FACEBOOK HAD NOT GRANTED A BAN ON FAKE PROFILES CREATED TO HIS DETRIMENT

Facebook will be accountable for fake profiles created on its platform and offer full cooperation and transparency. In the last few days the Italian DPA has published a provision from last February concerning a dispute between a well-known doctor from Perugia and Facebook Ireland Ltd. The complaint presented in November 2015 and originated from an attempt at extortion carried out on the pages of the famous social network.

The doctor had been the victim of activities amounting to threats, attempts at extortion, impersonation and the unlawful breaking into a computer system by a Facebook user, who, after requesting online friendship and obtaining acceptance from the doctor, started an “electronic correspondence with him, which at first was of a confidential nature, but which subsequently aimed to pursue criminal ends”. The criminal had created a fake account using photos and personal data of the Perugia doctor and had attempted to blackmail him with threats of sending obscene photomontages showing child pornography material to friends, acquaintances and colleagues. The doctor, who had not given in to these blackmail attempts, asked Facebook to take appropriate steps to eliminate the fake profiles and to provide him with all the relevant information necessary to limit as quickly as possible the damage suffered by his image.

According to the doctor’s lawyers, Facebook did not take the appropriate action on the matter, not granting satisfactory and complete access to the required data. In particular, Facebook simply made available through its “download tool” service a set of data, which were not clearly intelligible as they only referred to code numbers. Furthermore, the data set was incomplete as it simply referred to data from the claimant’s valid Facebook account and did not include data processed by the fake account and shared on the social network.

Therefore, the DPA established that Facebook Ireland Ltd, which is in possession of the information required by the doctor, must communicate “to the claimant in an intelligible form all data relating to him that are held with regard to the Facebook profiles opened in his name”. The social network must close down the fake profile in order to facilitate any possible investigation into establishing the identity of those responsible for the attempt at extortion.

Following the expiry of the thirty day term to comply with the DPA’s provisions, Facebook will have about two weeks to file opposition before the Court of Perugia, failing which the penalty will consist of a fine and up to two years’ imprisonment.

 

 

posted by Giusella Finocchiaro on novembre 10, 2015

Privacy

(No comments)

The recent “Facebook” decision by the European Court of Justice can be interpreted from two different perspectives, which are not (however) mutually exclusive. The first interpretation is of a legal-technical nature, while the second is political.

Let us start with the first. The facts are known as are the conclusions. The United States is not considered to be a country that guarantees an adequate level of protection in accordance with the Directive on personal data protection, dir. 95/46.

The path is outlined in art. 25 of the Directive, which is hereinafter quoted for convenience and clarity, in order to better understand the past (the decision) and the future (the currently open directions).

Article 25

Principles

1. The Member States shall provide that the transfer to a third country of personal data which are undergoing processing or are intended for processing after transfer, may only take place if, without prejudice to compliance with the national provisions adopted pursuant to the other provisions of this Directive, the third country in question ensures an adequate level of protection.

2. The adequacy of the level of protection afforded by a third country shall be assessed in the light of all the circumstances surrounding a data transfer operation or set of data transfer operations; particular consideration shall be given to the nature of the data, the purpose and duration of the proposed processing operation or operations, the country of origin and country of final destination, the rules of law, both general and sectoral, in force in the third country in question and the professional rules and security measures which are complied with in that country.

3. The Member States and the Commission shall inform each other of cases where they consider that a third country does not ensure an adequate level of protection within the meaning of paragraph 2.

4. Where the Commission finds, under the procedure provided for in Article 31 (2), that a third country does not ensure an adequate level of protection within the meaning of paragraph 2 of this Article, Member States shall take the measures necessary to prevent any transfer of data of the same type to the third country in question.

5. At the appropriate time, the Commission shall enter into negotiations with a view to remedying the situation resulting from the finding made pursuant to paragraph 4.

6. The Commission may find, in accordance with the procedure referred to in Article 31 (2), that a third country ensures an adequate level of protection within the meaning of paragraph 2 of this Article, by reason of its domestic law or of the international commitments it has entered into, particularly upon conclusion of the negotiations referred to in paragraph 5, for the protection of the private lives and basic freedoms and rights of individuals.

Member States shall take the measures necessary to comply with the Commission’s decision”.

 

In the past the Commission had deemed the level of protection afforded by the Safe Harbour framework to be appropriate, but this decision by the Court shows its disagreement and invalidates the Safe Harbour.

This does not imply, however, that the transfer of personal data to the United States can no longer take place. It can take place on the basis of the express consent of the interested party or on the basis of the Binding Corporate Rules. Therefore either the interested party may give their consent for the transfer or the data controller may adopt management rules approved by the Data Protection Authority that will allow the transfer.

So, what is the difference then? The difference is that it will not be possible to use the Safe Harbour framework, i.e. transfer data to the United States without consent or without pre-approved rules, that is assuming the data to be protected in the United States in the same way as they are in Europe.

From a strictly legal-applicative point of view all comment ends here. Undoubtedly, there will be higher management costs for those who transfer data from Europe to the United States, but there will certainly be no ban.

On the other hand, the political interpretation of the decision which follows roughly a year after the Google Spain case is far more problematic. As mentioned above, in the Court’s opinion, the United States does not provide an adequate level of data protection.

Essentially the Court states that the level of protection of personal data is higher in Europe and that it is the European law which should be applied to European subjects’ personal data (apologies for this simplification, obviously the decision refers to data transfer from Europe under certain conditions). Similar assertions can be found in the Google Spain decision.

The Court anticipates the contents of art. 3 of the forthcoming European regulation for the protection of personal data with another decision which is also political. Then again, personal data protection has constitutional significance in Europe (article 8 of the Charter of Fundamental Rights), but not in the USA. This obviously reflects a different scale of values in two regions of the world, albeit very similar to each other if compared to the Asian region. This of course has a cost, which big players such as Google and Facebook can much more easily afford than small ones. And it underlines that Europe and the United States have not (yet) reached a political agreement on the question.

 

 

posted by admin on maggio 27, 2015

computer crimes

(No comments)

According to the Court of Ivrea (Italy) insulting remarks directed against colleagues and superiors posted on Facebook are a sufficiently serious cause for justifying the dismissal of an employee.

With an injunction issued on the 28th January 2015, the Court of Ivrea rejected an appeal by a former employee asking to be reinstated at work following lawful dismissal for misconduct. The employee had been fired for posting seriously offensive comments on Facebook against his employers and some women colleagues.

While admitting to posting the offensive remarks on his Facebook account, the claimant had applied to the Court claiming that such conduct could not be considered sufficiently serious to justify his dismissal and in addition to reinstatement demanded damages.

This is the second procedure in which the employee has taken legal action to ask to be reinstated at work at the same company. The work relationship had already been terminated in 2012. However, certain contractual irregularities had prompted the man to file an appeal and at the end of 2012 the Court had accepted his request, annulling the terms of the fixed-term contract that he had stipulated with the company and condemning the latter to reinstating the claimant and in addition to the payment of all wages accrued.

Consequently, in 2014 the company had rehired the employee, but had decided to exempt him from effectively resuming work, thus the employee had begun to receive a salary without having to work.

Paradoxically this condition, which to some might seem advantageous, led the employee to libel his employers on Facebook. In fact the man published the letter of reinstatement on the social network, accompanying it with some highly insulting remarks against his superiors who had reinstated him and also against some women colleagues.

As the Ivrea Court judge stressed, the posts were not restricted to the “friends” of the claimant, but “could potentially have been seen by about a billion social network users” and were only removed after a cease and desist order on the part of the company. All these factors carried weight in the judge’s final decision, according to which the seriousness of the former employee’s misconduct is considered “severe enough to preclude even temporary continuation of the work relationship”.

In the judge’s decision it is explained that the insults, especially the sexist insults directed at the women colleagues, who were totally unconnected to the previous litigation between the employers and the employee, indicate “the will of the claimant to defame both the company and also some of its employees, in a manner which was potentially gravely damaging to their reputations”.

The claimant failed in his attempt to justify his behaviour as “a reaction, even though an excessive and abnormal (but instinctive) one”. The judge underlined that if it had been provoked by an instinctive gesture –although rash – the employee would have taken prompt action to eliminate the post and would not have waited more than two weeks to do so, as in fact happened. This lengthy period of time that the comments remained online also seems to suggest that the claimant had absolutely no perception of the serious nature of his misconduct.

In light of these considerations, the Court dismissed the claimant’s appeal and ordered him to pay the company’s legal costs, amounting to 3,500€.

This decision by the judge of the Court of Ivrea confirms the case law regarding lawful dismissal for misconduct for defamatory posts which offend employers, as already established by the Court of Appeal of Turin (judgment of 17th July 2014, n. 164) and the labour section of the Court of Milan (order of 1st August, 2014).

 

 

posted by admin on maggio 30, 2011

Consumer rights, Media

(No comments)

There is an ever growing protest in Italy against Sky Italia’s decision to exclude from its digital TV package Current TV, the TV channel and website founded by Al Gore in 2005 which is famous for hosting alternative news video content compiled by viewers.

The protest campaign was launched on the Current website on a page which invites all supporters to send emails to Tom Mockeridge, managing director of Sky Italia, demanding a reversal of the decision to close the channel. In the space of a few days the protest spread on Facebook, Twitter and many online and offline magazines, involving an ever growing number of citizens concerned that there might be ideological reasons behind Sky’s decision.

In fact, according to Current TV’s top management, failure to renew the contract may indeed be connected to reasons of a political nature. Current’s mission might be in opposition to the “ideological agenda” of News Corporation, the international group which seeks political power in whatever country it operates in. This is what Al gore stated in a recent interview with the Guardian, in which the former US presidential candidate accused News Corp of “an abuse of power”. According to Gore, the reason behind the decision to close Current TV is to be found in the hiring of Keith Olbermann, a US left-leaning commentator often critical of News Corp, who has been invited to present one of the channel’s new programmes.

Referring more directly to the Italian case, Gore argued that Current TV’s position, which has often been critical of the Italian government and of Prime Minister Silvio Berlusconi (reaching its highest level with “Citizen Berlusconi” a documentary about the power of the media in Italy), would clash with the strategy plans of Murdoch, whose aim is to ingratiate his company with the Italian government in order to gain advantage in negotiations for space on Italian digital terrestrial television.

Al Gore also presented this idea on Italian TV on the programme “Annozero” with Michele Santoro, the well-known linkman who had already been a guest of Current TV itself on the occasion of the programme “Rai per una notte”, a media protest event against the suspension of his show “Annozero” by the Italian public television corporation. According to Current’s top management the collaboration with Michele Santoro, well-known as an enemy of the Italian Prime Minister, adds a further point to the idea that the closing of Current TV is a “gift” for Silvio Berlusconi.

In answer to this accusation, Sky stated that the only reasons behind the decision are of a commercial nature. The satellite television broadcaster declared that the contract signed with Current in 2008 when it was included in Sky’s package, provided for automatic renewal if the channel reached its objective of an average of 4,500 viewers daily, which it failed to do. Therefore they say the decision was taken in view of the fact that in addition to failing to reach the necessary number of viewers, Current’s share also fell by 20% in the first quarter of 2011 compared to 2010.

However, according to Current, viewing figures are increasing. They say that the 2010 result was inaccurate primarily due to “Rai per una notte”. The importance of the media event created an anomalous peak in viewing figures for Current, thus giving inaccurate total viewing figures for the first quarter of 2010, in comparison to the fall registered in 2011. If this anomaly is taken out of the equation, however, the share data seems to be on the increase.

In any event, after the first protests it appears that Sky made a proposal to Current for the renewal of the contract, but that this was not accepted. In fact, the satellite broadcaster is said to have proposed to Current a contract offering a 70% cut on the previous one. However, Sky maintains that Current had asked for double compared to the agreement signed 3 years previously.

For now the agreement between Current and Sky seems to have turned into a data war measured with different criteria and not entirely transparent economic proposals. Internet commentators are divided into those who are convinced about the ideological motivations and those who find the idea of an alliance between the two rivals Murdoch and Berlusconi to be implausible.

However, the case of Current has brought fresh International attention to the Italian media situation.

 

The recent firing of a British employee who seems to have lost her job for posting a complaint on her Facebook profile about her salary, leads us to thinking again about the question of the uses employees make of technological resources in Italy. Here we are talking about Facebook only because it is the most widespread social network.

1) Is it forbidden to use Facebook in the workplace?

Not always, it depends, the employer has the right to choose.

2) How can we know what the employer’s choice is?

We need to read employer policy or the guidelines (names can vary greatly) also keeping one eye on the Guidelines of the Italian Data Protection Authority.

3) What if policies do not exist?

Obviously rules can be found elsewhere, for example in the contract. In this case work tools are only supposed to be entrusted to the employee for professional use.

4) Could professional policies provide for the use of Facebook for personal reasons?

Generally, yes. An employer’s choices can vary widely. The employer may also exercise a choice of leniency.

5) What if the employer is a public body?

In such cases the matter is rather more delicate. We have to remember that the criminal code punishes the crime of embezzlement.

6) Are workers in any way limited when they express thoughts on Facebook regarding their work or employer?

They are limited by norms of a general nature which might be applied in the same way to Facebook as to any other circumstances, and which could be, for example, the duty of professional loyalty, the principle of fairness, the obligation of non-competition, the norms of personal data protection, and also the respect of honour and of other people’s reputations.

7) Are employers allowed to use information about their workers found on Facebook?

If it is found through legal channels through Facebook’s particular chain of consent, then yes.

8) Should information found on Facebook be considered as private?

It depends on the meaning of “private”. Public information on Facebook is directly or indirectly visible to authorized individuals (for example, friends, friends of friends) and so potentially posted to many individuals.

9) Can information on Facebook only be used for certain purposes (e.g. personal) and not for others (e.g professional)?

Only if this limitation is expressly stated. At the moment it is not possible.

10) Do we need an ad hoc law?

Germany is thinking in this direction. Personally I am still against special laws for every technological innovation. What we need is greater awareness.

 

  • Recent comments

  • Popular posts

    • None found