"The Privacy? Today is not confidentiality, but correct processing of data." Is in one sentence, well summarized by Andrea Lisi, Professor of Legal Informatics, University of Salento, the old issue of data protection, both in business to business to business to consumer.
Because the bogeyman of the "note" must give way to a "clear strategy and defined" on the data management company. And this is the real leitmotiv of the conference "Direct marketing: new solutions of respect for privacy", organized recently by know.
"Privacy - Lisi said - but not ban transparency, strategy and organization and has nothing to do with the right of the" right to be alone " (Right to be left alone, Warren and Brandeis 1890 ed).
Privacy is linked to the protection of the data on which the user has the right:
to ask himself what he has to choose willing to reveal to the other to control the use of information about him to self-determination computing / information
"Do not forget - add Diego Fulco, Senior Associate of the law firm Imperial - that privacy has a European origin." Vista the enormous economic importance of the use of personal data, Europe has established a directive to ensure uniformity among the Member States.
The problem is that each State can customize the directive with the "end result - continuous Fulco - that almost all countries they have decided to 'opt-out, while in Italy has opted-in".
simply, according to the dictates of the opt-out notices to all you can do except to those who do not want. With the opt-in, you can make communications only to those who wish to receive (prior consent).
"The point - Fulco continues - is that the law in this area is still very inconsistent and in recent months, rather than simplifying it is made even more complicated."
privacy of communication and one speaks in the Legislative Decree 70/2003 on Electronic Commerce, in consumer protection (which does not apply, however, worldwide B2B), Directive 2002/58/EC concerning the processing of personal data in the rules of advertising, and of course in the Privacy Code.
Considering that "any rule can be interpreted" often come to conflicting situations in the second paragraph of the individual concerned. Added to this is also the fact that the measures of the Guarantor do not go to take the place as defined by the legislature (except in areas in which specific delegation) but have a lot of media coverage with the result that it is spoken in some cases to inappropriately.
B2B and B2C
Let's see some points. The first major distinction to be do is communication between business-to-business (B2B or between enterprises) and communication business-to-consumer (B2C, or business to consumer).
"In B2B - Fulco says - the issue of opt-in practically does not arise. You can make business communication, subject of course to the criteria of transparency and fair trading. Furthermore, we must always provide an opt-out : At any time you can deny being contacted for business communications. "
For B2C, the situation is more complex because the opt-in requires a consensus estimate. But even here there may be exceptions. It 'been carried to such an action as permissible di comunicazione nei confronti dei soci ACI (iscritti a un registro di pubblico dominio) da parte di un produttore di automobili perché si può presumere una sorta di "compatibilità di scopo" (chi è socio ACI verosimilmente è interessato al mondo delle automobili).
La stessa azione non sarebbe permessa invece a un commerciante di vini perché verrebbe meno questa ammissibilità di obiettivi.
Il problema del consenso
Ancora, si fa un gran parlare del "consenso" nell'informativa sulla Tutela della Privacy. Ebbene, il consenso, secondo quanto dice la normativa, deve essere "determinato", ovvero riferito a una specifica finalità.
This means that the consent for direct marketing differs from the consensus profiling. In other words, a company that wants to make commercial communications by telephone to a list of consumer clients (direct marketing) and at the same time profiling these customers (eg shopping habits) need two separate consents.
Consent is not necessary but if customers are contacted by mail or e-mail (with subject, however, goods or services similar to those already purchased), but is required in (almost) all cases in prospect. We wrote "almost" because the consent is not required if the paper is sent to a mailing company mail-order.
These are just some individual examples that clearly outline the difficulty of moving in this minefield.
The interpretations of the rules in the conference has been repeatedly noted that it is necessary to carefully follow the dictates of legislation, but there is always a 20% gray area where you have to move with intelligence to minimize risk.
"In the privacy - says Fulco - is the rule that nothing is obvious. We must put everything on paper and reduce the risk in writing also means documenting the obvious."
Some advice, then. Is transparent to the user receiving the communication. The latter, Lisi says "must clearly and unambiguously shows that a specific statement that it is a commercial communication, as well as the natural or legal person on whose behalf the communication is made. For unsolicited communications (B2B ed) there must be an indication that the message recipient may object to receiving such communications. " Never as in this case, in short, honesty pays.
Another suggestion is to send individual e-mail and targhettizzate with references to its Web site, without being aggressive and that they contain a complete and detailed data processing. Speed \u200b\u200bin the cancellation dei dati e cortesia sono altre carte vincenti.
"In base alla nostra esperienza - commenta Fulco - il Garante decide gli accertamenti dopo segnalazioni e queste ultime abitualmente scattano se gli interessati hanno percepito poca trasparenza o un comportamento "aggressivo" nella comunicazione. Per ridurre i rischi, bisogna raggiungere un ottimo livello di chiarezza privilegiando la sintesi. Se lo spazio a disposizione è troppo poco, meglio fare riferimento all'informativa sul sito Internet, prevedendo magari una pagina dedicata interamente a questa tematica".
Inoltre, è molto importante attrezzarsi dal punto di vista organizzativo e tecnologico per la gestione dei dati sensibili.
Nel In fact, the case of litigation, the Guarantor will immediately verify the roles and responsibilities (formalization of the tasks), the security systems implemented, organizational procedures put in place.
"We must go beyond simple bureaucratic exercise - says Lisi - to consider the value" strategic "privacy".
Finally, the basic philosophy of the legislature is to protect the privacy of the individual citizen, not to restrict trade between enterprises.
The more you get closer to the individual sphere (biometric data of children, trial data and so on) and much more these data are at risk of being stolen (identity theft), the more we must proceed with extreme caution.
0 comments:
Post a Comment