Quando una legge sul Profiling e la profilazione in Italia?

La profilazione dei dati degli utenti è un tema abbastanza importante, se ne parla poco ma coinvolge tutti noi. Per questo ho cercato diverse volte di segnalare come salvaguardare la privacy e perché decidere di usare i DNS di Google.

Il tema è importante e lo sarà sempre più in quanto ormai si gioca una lotta tra la pubblicità di Facebook e quella di Google. FoolDNS ha avuto il merito di portare all’attenzione dell’opinione pubblica la profilazione, operazione svolta da tutte le media e internet company e della quale ne beneficia sia il singolo che la collettività.

A tutelare gli utenti ci deve essere una legge precisa che disciplini limiti e abusi, cosa che in Italia mi pare non ci sia (vi invito a fare segnalazioni in tal senso). Di recente il Comitato dei ministri ha invitato gli stati membri del consiglio d’Europa ad adoperare una legislazione sulla profilazione mediante una raccomandazione che contiene alcune norme minime da legiferare.

Ricopio qui di seguiti i principi generali e le definizioni che l’Europa invita ad adottare affinchè non si abusi del profiling:

a. “Personal data” means any information relating to an identified or identifiable individual (“data subject”). An individual is not considered “identifiable” if identification requires unreasonable time or effort.

b. “Sensitive data” means personal data revealing the racial origin, political opinions or religious or other beliefs, as well as personal data on health, sex life or criminal convictions, as well as other data defined as sensitive by domestic law.

c. “Processing” means any operation or set of operations carried out partly or completely with the help of automated processes and applied to personal data, such as storage, conservation, adaptation or alteration, extraction, consultation, utilisation, communication, matching or interconnection, as well as erasure or destruction.

d. “Profile” refers to a set of data characterising a category of individuals that is intended to be applied to an individual.

e. “Profiling” means an automatic data processing technique that consists of applying a “profile” to an individual, particularly in order to take decisions concerning her or him or for analysing or predicting her or his personal preferences, behaviours and attitudes.

f. “Information society service” refers to any service, normally provided for remuneration, at a distance, by electronic means.

g. “Controller” means the natural or legal person, public authority, agency or any other body which alone, or in collaboration with others, determines the purposes of and means used in the collection and processing of personal data.

h. “Processor” means the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

2.1. The respect for fundamental rights and freedoms, notably the right to privacy and the principle of non-discrimination, shall be guaranteed during the collection and processing of personal data subject to this recommendation.

2.2. Member states should encourage the design and implementation of procedures and systems in accordance with privacy and data protection, already at their planning stage, notably through the use of privacy-enhancing technologies. They should also take appropriate measures against the development and use of technologies which are aimed, wholly or partly, at the illicit circumvention of technological measures protecting privacy.