Da costo a risorsa
Transcription
Da costo a risorsa
CONTRIBUTI Da costo a risorsa Da costo a risorsa L A TUTEL A DEI DATI PERSONALI NELLE AT TIVITÀ PRODUT TIVE Questo volume si propone di valutare l’impatto della tutela dei dati personali nell’attività delle imprese e quale funzione essa può svolgere nell’economia dei mercati aperti. L’approccio vuole essere di natura di- A cura di Gaetano Rasi namica e non statica, nonché di confronto fra indirizzi ed esperienze diverse. Il volume è ripartito in quattro sessioni: la prima tratta della tutela dei dati personali nel mercato globale; la seconda della libertà di impresa e del diritto alla riservatezza; la terza della tutela dei dati personali nel rapporto tra impresa, utenti e consumatori e la quarta indica la nuova frontiera della privacy come risorsa per lo sviluppo economico. www.garanteprivacy.it Stefano Rodotà, Presidente Giuseppe Santaniello, Vice Presidente Gaetano Rasi, Componente Mauro Paissan, Componente Giovanni Buttarelli, Segretario generale Redazione Garante per la protezione dei dati personali Piazza di Monte Citorio, 121 00186 Roma fax 06 69677785 www.garanteprivacy.it www.dataprotection.org e-mail: garante@garanteprivacy.it Pubblicazione della Presidenza del Consiglio dei Ministri Dipartimento per l’informazione e l’editoria Direttore: Mauro Masi Via Po, 14 - 00198 Roma - tel. 06 85981 Stampa e distribuzione: Ufficio grafico dell’Istituto Poligrafico e Zecca dello Stato presso il Dipartimento per l’informazione e l’editoria Piazza di Monte Citorio, 121 00186 Roma www.garanteprivacy.it www.dataprotection.org Progetto grafico: Vertigo Design Si ringraziano quanti nella struttura del Garante hanno, per le rispettive competenze, contribuito alla pubblicazione di questo volume G.R. Da costo a risorsa LA TUTEL A DEI DATI PERSONALI NELLE AT TIVITÀ PRODUT TIVE A cura di Gaetano Rasi www.garanteprivacy.it Indice I contenuti del volume About this Book 1 3 Introduzione Cosa cambia per le attività produttive What Is Changing in Production Activities di Gaetano Rasi 7 Sessione I - La tutela dei dati personali nel mercato globale Session I - Personal Data Protection in the Global Marketplace 17 The Privacy Benefits and Costs from a US Perspective di Robert Gellman 29 The Impact of the Different Regulatory Models in the World Scenario 50 di George Radwanski Diritti fondamentali e libertà di iniziativa economica 63 The Effectiveness of Privacy Protection in Economic Systems di Orson Swindle 69 Balancing of Interests di Amitai Etzioni La tutela dei dati personali in una realtà multinazionale Personal Data Protection in a Multinational Framework di Umberto Paolucci New Privacy-Oriented Markets di Alejandra Gils Carbò New Privacy-Oriented Markets. Direct Marketing in Hungary di Attila Peterfalvi IV 57 Fundamental Rights and Freedom of Enterprise di Giovanni Buttarelli Da costo a risorsa - Attività produttive e protezione dei dati personali 78 82 88 93 98 Indice Sessione II - Privacy e Impresa Session II - Privacy and Business Sessione III - Impresa, utenti e consumatori Session III - Business, Users, Consumers Quale privacy? 105 What Privacy? di Mauro Paissan 110 Mercato: trasparenza e privacy 115 Marketplace: Openness and Privacy di Luigi Spaventa 119 Businesses, Users, Consumers: Toward a New Relationship di Giuseppe Santaniello 123 Competizione economica: i vantaggi della protezione dei dati The Impact of Privacy Policies on Business Processes di Martin Abrams Does Business Need In-House Self-Regulation? di Alfred Büllesbach Uso a fini privati dei dati personali in mano pubblica Impresa, Utenti, Consumatori: verso un nuovo rapporto 131 Business Competition: Advantages of Data Protection di Giuseppe Tesauro The Anonymous Consumer di Herbert Burkert 152 201 207 213 220 226 Prevenzione e risarcimento dei danni 234 156 Prevention of and Remedies for Damage di Piergiuseppe Monateri 240 Privacy e rapporti di lavoro 160 Analisi economica del diritto alla riservatezza Privacy in the Employment Context di Umberto Romagnoli 169 Privacy and Technological Innovation di Helmut Bäumler 178 Using Personal Data Held by Public Entities for Private Purposes di Vincenzo Zeno Zencovich Garanzie e nuove tecnologie 185 Safeguards and New Technologies di Giuseppe Casadio 188 La nuova consapevolezza dei consumatori 190 Consumers' New Awareness di Enrico Letta 194 246 An Economic Analysis of the Right to Privacy di Marco Maglio 260 Privacy in a Business: An Operational Model di Douwe Korff 273 Infomediazione come strumento dei consumatori Infomediation as a Consumer Tool di Carlo Formenti 283 293 V Indice Building Consumer Trust: Personal Data Protection as a Resource di Mel Peterson La Rete: fiducia degli utenti e sicurezza dei dati 302 311 The Network: Users’ Trust and Data Security di Claudio Manganelli 315 Quali regole tra libertà e sicurezza? 319 Freedom and Security: What Rules? di Maurizio Gasparri 324 Sessione IV - Privacy e sviluppo economico: soluzioni e prospettive Session IV - Privacy and Economic Development: solution and Outlook Globalizzare le garanzie 331 Globalising Safeguards di Stefano Rodotà 336 Collective Rights and Interests: How to Harmonise Approaches and Safeguards di Marc Rotemberg Investire in Privacy per lo sviluppo di nuovi prodotti e servizi Investing in Privacy to Develop New Products and Services di Maurizio Costa Growth Expectations for a Global Marketplace That is Mindful of Individuals di Mozelle W. Thompson The Privacy Resource di Spiros Simitis VI Da costo a risorsa - Attività produttive e protezione dei dati personali 342 348 356 363 367 I contenuti del volume Questo volume si propone di valutare l’impatto della tutela dei dati personali nell’attività delle imprese e quale funzione essa può svolgere nell’economia dei mercati aperti. L’approccio vuole essere di natura dinamica e non statica, nonché di confronto fra indirizzi ed esperienze diverse. A tal fine sono stati qui raccolti i contributi di autorevoli studiosi ed esperti che si sono espressi nel corso della Conferenza Internazionale “Privacy: da costo a risorsa” che si è tenuta a Roma, presso la sede dell’Autorità Garante, nel dicembre 2002. Gli intenti vanno oltre la pur impegnata trattazione scientifica. Si desidera infatti che abbia luogo un ampio confronto tra coloro che operano nelle attività imprenditoriali, professionali e della cultura economica e giuridica, per fare il punto non solo dottrinale sull’evoluzione della materia. Da tale dibattito il Garante italiano e, si ritiene, anche i colleghi di tutto il mondo che si occupano di protezione dati, potrebbero trarre utili indicazioni ed avere motivi di ulteriore avanzamento della normativa sulla protezione dei dati personali con particolare riferimento alla sua incidenza nella macro e nella microeconomia. Per dare conto di uno scenario oramai piuttosto complesso, si è deciso di rispettare l’articolazione della Conferenza Internazionale “Privacy: da costo a risorsa”. Il volume, pertanto, è ripartito in quattro sessioni: la prima, La tutela dei dati personali nel mercato globale, si è proposta di introdurre i temi di discussione, individuando quale funzione svolga, nella percezione attuale, la tutela dei dati personali rispetto ai meccanismi del mercato globale ed all’incontro tra domanda ed offerta. Particolare attenzione è stata data agli effetti sulle dinamiche economiche della coesistenza del modello di data protecion di stampo europeo e del sistema di protezione adottato dagli Usa. Oltre al punto di vista dei rappresentanti istituzionali si è dato spazio all’esperienza diretta di strutture multinazionali sia statunitensi che europee e sono state introdotte le testimonianze di esponenti del mondo asiatico e latino americano. Si parla anche delle aspettative dei consumatori in una dimensione continentale europea. • • La seconda sessione, Libertà di impresa e diritto alla riservatezza, ha inteso approfondire il ruolo della tutela dei dati personali nel quadro dell’attività d’impresa. Sono stati presi in considerazione due aspetti: quello statico, relativo alla struttura organizzativa delle aziende, analizzando l’impatto della protezione dei dati personali all’interno dell’impresa e sui problemi connessi con il rapporto di lavoro; 1 quello dinamico con un esame del principio del bilanciamento degli interessi come strumento per garantire l’equilibrio in concreto tra libertà, impresa e diritto alla riservatezza. Inoltre sono stati trattati i problemi del rapporto fra trasparenza e privacy e delle garanzie nei confronti delle nuove tecnologie. • La terza sessione, La tutela dei dati personali nel rapporto tra impresa, utenti e consumatori, ha preso in esame i problemi concernenti l’uso dei dati personali nella comunicazione commerciale e nelle azioni di fidelizzazione dei clienti. Particolare attenzione è stata prestata alle questioni relative ai problemi della sicurezza, alle modalità di raccolta dei dati utilizzati per attività di comunicazione e di marketing diretto, ai costi della raccolta di dati, alla relazione tra attività di vendita a distanza e trattamento di dati personali, all’utilizzabilità dei dati provenienti da elenchi pubblici, al ruolo del consenso come meccanismo di autotutela del consumatore ed alle possibili forme di protezione dei consumatori con particolare riferimento ai mercati sovranazionali. In questo quadro è stato esaminato anche il tema dell’allocazione dei costi derivanti per l’impresa dalla violazione delle norme per la tutela dei dati personali. La quarta sessione, Verso la nuova frontiera: la privacy come risorsa per lo sviluppo economico, anzitutto ha affrontato il tema di come universalizzare le garanzie di tutela dei dati, dal punto di vista dei popoli, dei territori, delle strutture mondiali produttive e distributive delle merci e dei servizi. Inoltre - prendendo spunto dall’analisi, condotta nelle sessioni precedenti - dei cambiamenti in corso nel mercato globale, nell’organizzazione dell’impresa e nel rapporto tra consumatori e produttori, ha cercato di individuare le possibili prospettive di sviluppo della tutela dei dati delle persone, intesa come valore verso il quale possono convergere tanto le aziende quanto i clienti per realizzare scelte consapevoli e libere. In questo quadro è stato messo in evidenza il ruolo che possono svolgere le tecnologie e l’autodisciplina (codici deontologici) per abbandonare una visione negativa (rispetto della privacy come mero costo o limite allo sviluppo) e per favorire l’affermazione della tutela dei dati personali come strumento in grado di generare valore aggiunto in una civiltà di cosciente, diffuso e superiore progresso. • 2 Da costo a risorsa - Attività produttive e protezione dei dati personali About This Book This book is aimed at considering the impact of personal data protection on business activities as well as the role to be played by data protection in the openmarket economy. A dynamic rather than a static approach will be followed, also based on the comparison of different views and experiences. The contributions submitted by authoritative scholars and experts on the occasion of the international Conference “Privacy: Cost to Resource” were collected in this book. The Conference was held in Rome, at the premises of the Italian data protection Authority, in December 2002. Publishing these contributions is meant to provide more than an opportunity for carrying out in-depth scientific analysis. Indeed, we hope that it will stimulate a broad-ranging discussion between industry, professionals and economic and legal actors, in order to assess the state-of-the-art situation in this sector not only in terms of jurisprudence. I believe that such a discussion may provide useful guidance not only to the Italian data protection authority, but to our colleagues worldwide that deal with data protection issues – in view of the further advancement of privacy legislation with particular regard to its macro- and microeconomic impact. In order to take account of a scenario that is by now quite complex, the book is organised according to the structure of the International Conference “Privacy: Cost to Resource”, i.e. it includes four Sessions: • session one, concerning Personal Data Protection in the Global Marketplace, aims at presenting the main issues to be debated, by identifying the role played currently by personal data protection in respect of the mechanisms featured in the global marketplace as well as of the demand-offer interplay. Special attention was paid to the effects produced on economic mechanisms by the co-existence of the European and US data protection models. In addition to the viewpoints of representatives from various institutions, the direct experience of both US and European multinational organisations was taken into consideration, and the opinions voiced by representatives from the Latino-American and Eastern European world were reported. Consumer expectations in the Europe-wide area were also addressed. Session two, concerning Freedom of Enterprise and Right to Privacy, addressed the role of personal data protection within businesses in greater detail from two viewpoints. From a static viewpoint, the organisational structure of businesses was considered and the impact of personal data protection on both business activi• 3 ties and employer-employee relationships was evaluated. From a dynamic viewpoint, the balancing of interests principle was taken into account as a tool to ensure that freedom, enterprise and right to privacy can be reconciled in concrete. The relationship between openness and privacy and the safeguards related to new technologies were also debated. Session three, concerning Personal Data Protection in the Relationships between Businesses, Users and Consumers, addressed the issues related to the use of personal data in commercial communications and customer loyalty initiatives. Special attention was paid to security issues, mechanisms for collecting data used for communication and direct marketing activities, costs of data collection, relationships between distance selling and personal data processing, re-use of data from public sources, the role of consent as a self-protection mechanism for consumers, and the safeguards available to consumers with particular regard to supra-national markets. In this connection, allocation of the costs incurred by businesses following breaches of personal data protection laws was also considered. • • Session four, concerning Towards the New Frontier: Privacy as a Resource for Economic Development, tackled the issue of how to globalise data protection safeguards in terms of peoples, territories, and world production and distribution facilities for goods and services. Additionally, based on the analysis carried out in the preceding sessions concerning the on-going changes in the world market, in business organisation as well as in the consumer-to-producer relationship, an attempt was made to outline the development outlook for data protection on the assumption that data protection is the focus of attention for both businesses and customers in order to make free, informed choices. The role to be played by technologies and self-regulation (codes of practice) was pointed out in this regard, so as to overcome the negative concept of privacy - i.e. privacy compliance regarded merely as a cost and/or a hindrance to development - and foster the establishment of personal data protection as a tool that can yield added value in a community seeking enlightened, widespread, and superior progress. 4 Da costo a risorsa - Attività produttive e protezione dei dati personali Introduzione C OSA CAMBIA PER LE ATTIVITÀ PRODUTTIVE Gaetano Rasi INTRODUZIONE Cosa cambia per le attività produttive Gaetano Rasi (1) Sommario: 1. Profondi cambiamenti – 2. La valutazione delle esigenze del mercato – 3. Incidenza nei rapporti fra soggetti economici – 4. La privacy come qualità – 5. L’analisi costi-benefici dello spamming – 6. Necessità di equilibrio tra protezione dati e libera iniziativa – 7. I termini della nuova sfida 1. Profondi cambiamenti Siamo tutti convinti che viviamo un’epoca di profondi cambiamenti che attraversano in modo sempre più intenso tutte le attività umane. I progressi tecnologici, da un lato, rendono possibili meccanismi di comunicazione un tempo impensabili e consentono quasi di annullare le distanze nei trasferimenti delle merci e dei servizi, dei capitali, delle persone e riducono i tempi di realizzazione delle scelte, influendo direttamente sulle modalità di produzione e di distribuzione dei beni; dall’altro lato, sempre gli stessi progressi tecnologici influiscono sul - oppure come nel caso di Internet si sottraggono al - tradizionale rapporto che collega l’efficacia di una normativa nazionale ad un ambito territoriale determinato. Tutto questo comporta, rispetto al tema della tutela dei dati personali, spunti di riflessione di varia natura che confermano giorno dopo giorno che una generale normativa sulla protezione dei dati personali è davvero il crocevia verso il quale convergono i possibili percorsi di sviluppo della società contemporanea. Solitamente l’analisi delle conseguenze derivanti da queste innovazioni e da queste possibilità si sofferma su formulazioni di carattere giuridico che individuano i limiti, positivi o negativi, rispetto al diritto ad esercitare un controllo sulle informazioni che ci riguardano. Ma, da economista, credo opportuno sottolineare che, insieme con le consapevolezze etiche e con le condizioni giuridiche da tutelare, si modifica il peso dei fattori produttivi e distributivi rispetto ai risultati e cambia l’organizzazione del lavoro all’interno delle aziende. (1) Componente Garante per la protezione dei dati personali - Italia Gaetano Rasi - Cosa cambia per le attività produttive 7 Una riflessione particolare merita la scomposizione dei processi produttivi. Mi riferisco al fenomeno sempre più diffuso della parcellizzazione delle fasi intermedie fra il varo del progetto riguardante un prodotto (merce o servizio) e la sua commercializzazione. E qui hanno luogo passaggi di dati personali. Il diffondersi delle fasi di scomposizione del processo non è deindustrializzazione bensì attribuzione all’esterno di funzioni specifiche e specialistiche di singoli elementi e ruoli per poi riassumere all’interno dell’impresa l’assemblaggio e dar luogo al prodotto finito. Ed anche qui vi sono passaggi fra diversi responsabili o titolari del trattamento dei dati personali Da tempo, poi, il concetto di innovazione come motore del progresso produttivo va oltre l’incidenza sui processi di fabbricazione o sull’invenzione di nuovi prodotti. È innovazione pure una nuova organizzazione (oltre la terziarizzazione esterna come l’outsourcing), l’impiego di sistemi automatici nella comunicazione ed elaborazione dei dati, la gestione consortile di settori aziendali comuni ad altre imprese, le iniziative pre e post vendita. 2. La valutazione delle esigenze del mercato Il successo di una innovazione dipende non solo dalla sua originalità, ma spesso dalla capacità di valutare le esigenze emergenti o latenti nel mercato. Questo ci porta a valutare l’elemento personale nella valutazione del venditore e dell’acquirente nella determinazione a concludere il negotio moderno. Nei contratti bilaterali – compresi quelli di pura adesione ad una offerta pubblica (per es. l’esposizione della merce in vetrina o su uno scaffale, oppure quella che viene reclamizzata sui media) – la determinazione ad operare dei singoli soggetti deriva sia dall’utilità perseguita dai consumatori, sia dalle certezze nelle modalità. Quindi emerge come decisivo nella formazione delle volontà del venditore e del compratore, oltre il calcolo della convenienza, anche quello della certezza. E questo ultimo è un elemento tipico del comportamento soggettivo. Analizziamo in sintesi le componenti in gioco nella formazione della volontà: a) il rapporto tra il sacrificio per il prezzo da pagare e l’utilità prevista per il bene da acquisire; b) la convenienza a privarsi del bene in relazione al guadagno calcolato nell’incasso del corrispettivo; c) il grado di rischio nelle modalità di vendita o di acquisto: fornitura immediata o differita, pagamenti in contanti o dilazionati; d) garanzie rispetto ad eventuali vizi occulti; e) bontà dei mezzi di pagamento; f ) fiducia nella assistenza post vendita (pezzi di ricambio, riparazioni, celerità intervento, ecc.); g) grado di affidabilità nella gestione del rapporto (professionalità, riservatezza, personalizzazione, continuità, grado del servizio, qualità della prestazione, adeguatezza delle informazioni, istruzioni per l’uso, ecc.). 8 Da costo a risorsa - Attività produttive e protezione dei dati personali I punti da c) e g) – 5 su 7 – riguardano possibili trattamenti di dati personali. Come appare evidente una corretta gestione delle informazioni riguardanti coloro che le raccolgono o le forniscono danno certezza al mercato: i venditori tendono ad espandere l’offerta e gli acquirenti sentono tutelati i loro diritti. La regolamentazione dell’elemento responsabilità nei comportamenti a prestazioni corrispettive fornisce fiducia e costituisce la base alle fasi espansive del ciclo economico. Non esiste attualmente un sistema di misurazione dell’influenza della qualità, derivante dal corretto trattamento dei dati personali, nelle attività economiche relative allo scambio tra bene e corrispettivo. Tuttavia appare essere rilevante in relazione all’importanza che, da un lato, le imprese attribuiscono alle informazioni sulla moralità e puntualità nei pagamenti da parte degli aspiranti clienti e, dall’altro, alla preoccupata attenzione che gli acquirenti pretendono circa l’esatta fornitura di notizie sul proprio comportamento. Mutano inoltre le relazioni tra le imprese ed i consumatori. I pubblicitari, come affermava Vance Packard negli anni Cinquanta, utilizzavano le tecniche tradizionali dei persuasori occulti che “non vendono prodotti ma comprano clienti” per l’industria standardizzata. Di fronte ad un mercato di massa anche la comunicazione commerciale tendeva alla massificazione. Il consumatore non era preso in considerazione in quanto individuo, ma come membro di un gruppo omogeneo, privo di diversificazioni. Al contrario oggi tendono ad affermarsi, anche a causa dei moderni sistemi di comunicazione interattiva, nuovi metodi di relazione fondati sulla personalizzazione dei messaggi pubblicitari e degli acquisti: il consumatore si trova così al centro di una rete di messaggi che convergono per indurlo all’acquisto facendo leva sui suoi specifici interessi e bisogni individuali. Si è ormai realizzato il passaggio dal “mercato rivolto alle masse” al “mercato rivolto agli individui”. Ma non sono solo i momenti del “contatto commerciale” e dell’“invito all’acquisto” ad essere mutati. Anche la fase post-vendita, e quindi i servizi offerti a chi è già diventato cliente, risente fortemente della possibilità tecnica di modulare l’assistenza assecondando le mutevoli e diversificate esigenze del consumatore. Non a caso da tempo ormai le aziende parlano di fidelizzazione del cliente e investono ingenti risorse per gestire con attenzione il rapporto con il cliente per protrarlo nel corso del tempo, secondo i metodi che la terminologia anglosassone qualifica come Customer Relationship Management (o Crm). Credo sia importante osservare che anche la Pubblica amministrazione, sia a livello centrale che locale, tende a utilizzare gli strumenti tecnologici per favorire i rapporti con i singoli cittadini al fine di offrire con celerità e trasparenza i propri servizi: mi riferisco in particolare a quel processo di modernizzazione dell’attività burocratica che va sotto il nome di E-government. Questo cambiamento complesso, che contiene in sé aspetti positivi per le imprese ed i soggetti pubblici e di vantag- Gaetano Rasi - Cosa cambia per le attività produttive 9 gio per il consumatore ed il cittadino, presenta però elementi di problematicità e di pericolo. 3. Incidenza nei rapporti fra soggetti economici In particolare, in questa prospettiva, la tutela dei dati personali assume una valenza centrale, incidendo profondamente nel quadro dei rapporti tra i soggetti economici. La privacy, quindi, mantenendo il suo ruolo essenziale nel contesto dei diritti fondamentali della persona (assurgendo a prerequisito per l’affermazione di altri diritti individuali costituzionalmente definiti), acquisisce anche una funzione strategica per determinare gli sviluppi futuri del mercato. Essa, meritoriamente, può individuare il limite invalicabile per difendere il cittadino da azioni condizionanti o invasive ad opera delle imprese oppure della Pubblica Amministrazione. Ma, negativamente, può anche costituire un limite per lo sviluppo di un’offerta che non riesca ad adeguarsi, per difficoltà di comunicazione, ai bisogni della domanda espressa dalla società civile e dal mercato, come vuole una fondamentale legge economica. Si tratta quindi di definire i termini necessari per fare in modo che la tutela dei dati personali divenga una leva di sviluppo economico e non un fattore di limite alla crescita. Posta la problematica in questi termini, appare evidente che il diritto alla tutela dei dati personali è in ogni caso destinato a svolgere una funzione fondamentale per disegnare i futuri assetti del rapporto tra imprese e consumatori oltre che tra gli enti pubblici ed i cittadini. Da una parte sta il rischio, reso possibile dalle nuove tecnologie, di un consumatore assediato, denudato ed influenzabile, conosciuto e scrutato quotidianamente dai “raccoglitori di informazioni personali” che, se non sono sottoposti a regolamentazioni e controlli – meglio ad autoregolamentazioni (i codici deontologici) potranno usare questi dati per sollecitare acquisti inutili o dannosi e stimolare bisogni non reali né attuali. Il rischio del plagio o del cedimento per stanchezza è la conseguenza finale. Dall’altra si può concretizzare la prospettiva di un mercato bloccato che, messo nell’impossibilità di dialogare con il consumatore e di stabilire un rapporto diretto con il cliente, sarebbe destinato a ritornare sui suoi passi ed a riutilizzare i metodi dei “persuasori occulti” per indurre a consumi di massa, ricorrendo a forme di pubblicità invadente e ridondante. Analoghe considerazioni si possono delineare nei confronti dell’operato delle amministrazioni pubbliche. 4. La privacy come qualità La tutela dei dati personali da parte delle pubbliche autorità ed il persegui- 10 Da costo a risorsa - Attività produttive e protezione dei dati personali mento della loro protezione da parte dell’individuo, collocati in un efficiente e consapevole contesto economico, possono invece offrire un utile supporto alla definizione di un corretto e più produttivo rapporto tra impresa e consumatore e, per l’altro aspetto, tra le Istituzioni ed i cittadini. L’esistenza di norme di tutela dei dati personali, infatti, può permettere di migliorare la qualità del rapporto con il cliente e con il cittadino: le aziende possono disporre di informazioni corrette e genuine, raccolte con il consenso dell’interessato, il quale desideri effettivamente essere contattato per finalità commerciali. Lo stesso discorso può essere effettuato rispetto ai dati trattati dagli enti che forniscono servizi di utilità generale. Si profila in tal maniera un contenuto di utilità sociale e di eticità diffusa per la moderna economia aperta che tende ad identificarsi con la società aperta e con un consapevole concetto di vantaggio collettivo. D’altra parte se si esamina l’evoluzione della privacy nel corso della sua storia ormai secolare, sembra di poter dire che la capacità di adattamento alle nuove esigenze sociali sia proprio l’elemento caratterizzante, il nocciolo di questa conquista giuridica. La tutela dei dati personali rappresenta comunque, da oltre trent’anni, un fenomeno normativo ampiamente codificato nell’area europea. La Data Protection si è inserita nella tradizione del diritto alla privacy che era nato alla fine del secolo XIX nel sistema giuridico statunitense come espressione elitaria del “diritto di essere lasciati soli”. Ma oggi essa è diventata la risposta ad un’esigenza diffusa trasversalmente nei diversi ceti sociali: quella di permettere ad ognuno di esercitare un controllo sulle informazioni che lo riguardano in modo da essere arbitro del rapporto, spesso conflittuale, che esiste tra l’individuo e la collettività. Così la protezione dei dati personali ha cessato di essere un diritto banalmente destinato a tutelare i privilegi di pochi ed è diventata un presupposto per lo sviluppo della personalità individuale di ciascuno, un prerequisito per l’esercizio dei diritti fondamentali di tutti i cittadini. Non a caso, proprio la protezione dei dati di carattere personale è inserita – nel capo dedicato alla Dignità della persona – tra i principi di apertura che definiscono la Carta dei diritti fondamentali dell’Unione Europea sottoscritta a Nizza nel dicembre 2000. Ed ora appare ripresa nell’art. 50 del Trattato di Costituzione europea che è opportuno riprendere nella sua interezza: “Ogni individuo ha diritto alla protezione dei dati di carattere personale che lo riguardano. La legge europea stabilisce le norme relative alla protezione delle persone fisiche con riguardo al trattamento dei dati di carattere personale da parte delle istituzioni, degli organi e delle agenzie dell’Unione, e da parte degli Stati membri nell’esercizio di attività che rientrano nel campo di applicazione del diritto dell’Unione, e le norme relative alla libera circolazione di tali dati. Il rispetto di tali norme è soggetto al controllo di un’autorità indipendente”. Gaetano Rasi - Cosa cambia per le attività produttive 11 È dunque una conquista sociale e culturale oltre che politica di assoluto rilievo. Questo è tanto più evidente in relazione all’impetuoso sviluppo tecnologico ed all’importanza, non solo sociale ma anche economica, che ha assunto il libero flusso delle informazioni. Se è diventato sempre più facile comunicare e raccogliere informazioni su ognuno di noi per le finalità più diverse, diventa essenziale stabilire entro quali limiti questi trattamenti di dati siano legittimi e secondo quali limiti possa essere esercitato il diritto all’autodeterminazione informativa del quale ognuno dispone. Da questa premessa emerge chiaramente che il quadro normativo della Data Protection ha fondamento, oltre che nel progresso etico e culturale, nelle analisi sociologiche ed economiche, superando gli aridi steccati dei tecnicismi giuridici. 5. L’analisi costi-benefici dello spamming Un filone particolarmente interessante per capire la dinamica di questa normativa in relazione ad un modello sociale in costante evoluzione è offerto dall’analisi economica del diritto. Anche il giurista non può esimersi dall’esaminare il rapporto costi-benefici che l’esistenza delle norme sulla privacy determina in una società evoluta. Se è certo che la tutela dei dati personali è una esigenza irrinunciabile nella società contemporanea, è altrettanto evidente che tale bisogno va commisurato con le conseguenze economiche che l’esistenza di questo diritto comporta. L’economista può portare un contributo di analisi particolarmente importante per capire quale impatto abbia prodotto la legge sulla tutela dei dati personali rispetto alle attività produttive. In un articolo di Maryfran Johnson (redattore capo di Computerworld Editorial Columns) su Computerworld del 25 febbraio 2002, si leggeva che era crescente nelle imprese e nei consumatori la consapevolezza che il rispetto della privacy offra l’occasione di maggiori guadagni e di una maggiore fidelizzazione dei clienti. A ciò si aggiunge il fatto che le imprese e gli enti anche pubblici, per il mancato rispetto delle norme, si rendevano sempre più convinte del rischio di dover pagare in sanzioni amministrative e in spese giudiziarie quanto non avevano pagato per garantire la sicurezza dei dati. Un sondaggio di Harris Interactive ha indicato, per l’appunto, che la diffusione dei dati personali senza il consenso del cliente, in particolare lo spamming, costituisce la maggiore fonte di preoccupazione per i consumatori, l’84% dei quali chiede una “verifica indipendente” della politica seguita dalle imprese in materia di privacy. La Forrester Research aveva stimato che il volume di affari online nel 2001 avrebbe potuto essere più consistente di 15 miliardi di dollari (rispetto ai 47,6 miliardi effettivamente conseguiti ) se i consumatori avessero avuto più fiducia nella privacy garantita dalle imprese. 12 Da costo a risorsa - Attività produttive e protezione dei dati personali Al centro del dibattito si pone dunque l’analisi costi/benefici dello spamming e il problema del bilanciamento di interessi, quelli della conquista del mercato e quelli della tutela (e soddisfazione) dei consumatori. A quanto detto sopra si vanno ora ad aggiungere nuovi elementi di valutazione, poiché a partire dal 2003 l’inversione di tendenza e il miglioramento dell’economia in rete ha portato a rivedere molte previsioni allarmistiche, se non talora persino catastrofiche, fornite allora dagli analisti dello spamming, cosí come quella citata della Forrester Research. Da un lato, si sono attivati, spontaneamente ed autonomamente, meccanismi difensivi del mercato volti a frenare il dilagante fenomeno dello spamming quali: - enormi investimenti dei provider in tecnologia anti-spamming, in informativa ed in attivitá di ricerca e di sviluppo di nuove strategie; - sensibili sforzi da parte delle aziende per riuscire ad instaurare un trasparente rapporto con i consumatori, basato anche e soprattutto su e-mail con preventivo e selezionato consenso; - crescita culturale ed informatica dell’utente in rete, sempre piú esigente ed informato. Dall’altro, le iniziative legislative dell’Unione Europea, volte alla salvaguardia dei dati personali sempre piú minacciati in rete, si sono estese agli Stati Uniti, seppur con diverso approccio, portando significativi miglioramenti in molte direzioni. È ormai certo, quindi, che solo un approccio multi-strategico al problema, ossia basato su interventi legislativi, auto-regolamentazione, tecnologia avanzata, e cooperazione internazionale sembrano essere la soluzione vincente per ridurre lo spamming. Riprendiamo quindi dallo studio condotto dalla Forrester Research nel 2001 secondo il quale il volume d’affari on-line avrebbe potuto essere maggiore se fosse stata rispettata maggiormente la “privacy” e valutiamo questa affermazione alla luce delle evoluzioni nel frattempo intercorse nell’economia della rete di Usa ed Europa. L’analisi si presenta complessa sia per l’accentuarsi delle differenze comportamentali che si registrano tra gli utenti della rete, ossia tra nordamericani ed europei, sia per le difficoltà interpretative dei sondaggi, spesso tanto ambigui e contradditori da prestarsi pericolosamente, all’occorrenza, a sostegno di opposte tesi. Recenti proiezioni prevedono un’esplosione del fenomeno spamming per il 2004, con un valore pari a cinque volte quello registrato nel 2003. Si è rilevato inoltre che a luglio 2003 le e-mail spazzatura rappresentavano il 50% dei messaggi inviati per posta elettronica(2). Questo significa la crisi dell’economia in rete o della rete stessa? Prima di procedere, si deve sottolineare che la definizione di spamming non trova unanime consenso in Europa e in Usa, cosí come non vi è unanimità nel pre(2) Secondo la Brightmail, come riportato da DSTI/ICCP(2003)10/FINAL Pubblicato dall’OCSE il 22/01/2004 Gaetano Rasi - Cosa cambia per le attività produttive 13 vedere l’incidenza che avrá lo spamming nello sviluppo dell’economia in rete e nella tutela della privacy. Piú ottimismo si riscontra negli Usa, maggiore preoccupazioni vengono registrate nei rapporti dell’Ocse e in quelli dell’Unione Europea. La Commissione Europea(3) ed altri paesi, come Francia(4) ed Australia, hanno adottato definizioni standard in cui gli elementi identificativi comuni sono dati dall’essere, lo spamming, “l’invio di messaggi commerciali non sollecitati, normalmente inviati ripetutamente e in gran quantitá, e ove l’identitá del mittente sia intenzionalmente nascosta o falsata per trarre in inganno il destinatario”. Piú sbrigativa ed ampia è la definizione che si ricava dallo studio del fenomeno spamming condotto dalla Federal Trade Commission nel maggio 2003(5), e la cui definizione viene utilizzata anche dall’Ocse(6), sia nel senso di e-mail spazzatura(7), sia di “qualsiasi messaggio che il cliente non gradisce”, indipendentemente dal fatto che abbia dato o meno il suo consenso. Quest’ultima definizione, che rappresenta una significativa modifica nella definizione concettuale del fenomeno, porta anche a ridefinire il problema della lotta allo spamming e a ridisegnare le relazioni tra aziende e consumatori. 6. Necessità di equilibrio tra protezione dati e libera iniziativa Dunque, una maggiore attenzione alla sicurezza delle informazioni ed alla corretta gestione dei flussi di dati è indispensabile per evitare conseguenze spiacevoli. Per quanto riguarda le imprese, sempre la citata Computerworld ha indicato, in particolare, tre elementi che esse dovrebbero tenere presenti a questo scopo: 1. assicurarsi che i dati sulla clientela siano accurati, aggiornati ed uniformi per tenere conto in modo adeguato, ad esempio, delle preferenze espresse in (3) Secondo il 2001 Europea Commision Report “Unsollicited Commercial Communications and Data Protection” “Spam is generally understood to mean the repeated mass mailing of unsolicited commercial messages by a sender who disguise or forges his identity”. (4)Secondo la definizione della Commission Nazionale de l’Informatique et des Libertés (5) Forum sullo Spamming, presieduto da Mozelle Thomson, dal 1997 membro della Federal Trade Commission, presidente all’ Ocse del Comitato dei Consumatori statunitensi. (6) Ved. in DSTI/ICCP(2003)10/FINAL, pubblicato dall’Ocse il 22/01/2004, a pag. 9 il riferimento al sondaggio della Mail Shel qui indicato nel par. 4.3. (7) Può anche essere rappresentato da annunci multipli dello stesso messaggio, inviati a Newsgroup o server di discussione, e che non sono relativi al tema in oggetto. Altri termini comuni per lo spam presenti su Internet sono Uce (Unsolicited Commercial Email) e UBE (Unsolicited Bulk Email) e corrispondono alla stessa definizione di spam. Gli individui o le aziende che inviano spam generalmente hanno acquistato o raccolto liste di indirizzi e-mail. Quindi, procedono all'invio di messaggi da diversi indirizzi verso ogni area del Web. Tutti i messaggi hanno un indirizzo IP incorporato nell'intestazione completa dell'indirizzo che consente di identificare l'identità del mittente del messaggio e quindi di rintracciare l'individuo presso il relativo gestore di posta o fornitore di accesso in rete. 14 Da costo a risorsa - Attività produttive e protezione dei dati personali materia di privacy; 2. evitare database sovradimensionati: “piccolo è meglio” per la privacy: 3. seguire gli sviluppi legislativi e regolamentari (che anche negli Usa si fanno sempre più importanti in questo settore). Ferma restando la necessità dell’attività sanzionatoria delle autorità garanti della privacy va peraltro sottolineato che questa funzione non deve in nessun caso trasformarsi in un ostacolo alla libera iniziativa economica, ma deve contribuire a rafforzare la certezza del diritto, oltre che la fiducia nei rapporti di scambio. La ricerca dell’equilibrio nel sistema di protezione dei dati personali è essenziale per rendere possibile uno sviluppo effettivo. La cultura della riservatezza nel nostro Paese sta sempre più diffondendosi. Dobbiamo quindi prendere atto – e ciò non vale solo per l’Italia – che l’“inglobamento” nelle merci e nei servizi del rispetto della privacy sta per diventare una esigenza proprio del mercato. L’impresa che non risponderà a questo tipo di nuova domanda rischierà di uscire da esso. Insomma si va verso un tipo di competitività per la quale l’offerta dei prodotti, che non corrispondono alla richiesta di rispetto della riservatezza, incontrerà sempre maggiori difficoltà a trovare e a mantenere fedeli gli acquirenti. Diventa quindi essenziale capire quale sia il costo economico (e come esso possa contribuire ad un prezzo competitivo perché comprensivo di questo nuovo tipo di qualità) della scelta di tutelare la riservatezza dei dati personali e quali benefici possa comportare - non solo dal punto di vista sociale, ma anche da quello strettamente economico - l’esistenza di un diritto alla tutela delle informazioni personali. Le più recenti evoluzioni del marketing, ed in particolare del cosiddetto permission marketing, che basa ogni iniziativa promozionale sul preventivo consenso dell’interessato, confermano che data protection e marketing efficace possono, anzi debbono, andare d’accordo e viaggiare di pari passo. Ripeto perciò che il rispetto della privacy può diventare una leva competitiva per le aziende che desiderano stabilire un rapporto di fiducia e trasparenza nei confronti dei propri clienti. I contributi pubblicati in questo volume si propongono di fare, per la prima volta in Italia, il punto su questi aspetti poco esplorati della tutela dei dati personali: l’obiettivo – mi sembra che sia chiaro da quanto finora detto - è quello di avviare una riflessione per definire quali siano i diversi criteri da tenere presenti per coniugare la effettiva protezione dei dati personali con l’efficienza di un sistema economico che punti allo sviluppo. Si tratta di una prospettiva di analisi finora trascurata, salvo lodevoli eccezioni, da parte degli studiosi ma che in realtà va esaminata per meglio comprendere e gestire i complessi cambiamenti sociali e tecnologici dei quali la tutela dei dati personali è una delle componenti essenziali. Gaetano Rasi - Cosa cambia per le attività produttive 15 7. I termini della nuova sfida La privacy, nella sua lunga evoluzione, è così chiamata ad affrontare una nuova sfida: quella di essere il punto di convergenza tra le esigenze di crescita delle imprese e quelle dello sviluppo civile appagando nel contempo il bisogno di protezione e di certezze che il singolo consumatore sollecita. In realtà si profila quella che la cultura anglosassone definisce una “win-win situation”, nella quale entrambe le parti in gioco hanno da trarre beneficio dalla sottoscrizione di un accordo. Così la privacy, considerata nel quadro delle relazioni tra soggetti economici, è destinata a delinearsi come il valore fondante di un patto tra imprese e consumatori che consentirà un ulteriore dinamismo di un mercato composto da soggetti in grado di realizzare scelte consapevoli e libere. È questa la nuova frontiera della tutela dei dati personali che si inserisce nel moderno concetto qualitativo dello sviluppo sociale ed economico in grado di valorizzare ad un livello superiore la mera crescita quantitativa nella produzione delle merci e dei servizi. Con questo spirito il Garante italiano ritiene che sia utile sottoporre alla comunità scientifica internazionale questo tema: l’auspicio è quello di aprire la strada nuove prospettive di ricerca e di confronto tra le ragioni del diritto e le esigenze dell’economia e che perciò possa fare da esca ad un ulteriore dibattito sul futuro della data protection. 16 Da costo a risorsa - Attività produttive e protezione dei dati personali What Is Changing in Production Activities Gaetano Rasi (1) Contents: 1. Deep-Ranging Changes – 2. Assessing Market Requirements – 3. Effects on the Relationships between Economic Actors – 4. Privacy as Quality – 5. Cost-Benefit Analysis Applied to Spamming – 6. Need for Balancing Data Protection and Freedom of Enterprise – 7. The Features of the New Challenge 1. Deep-Ranging Changes We all believe that we are living through an age of deep-ranging changes involving, to an ever-increasing extent, all human activities. Technological developments enable communication in a way that was unconceivable up to some time ago, indeed they allow almost doing away with distance in the transfers of goods, capitals, and persons and reduce decision-making time by directly influencing production and distribution mechanisms. On the other hand, technological developments produce effects on – or, as is the case with the Internet, go beyond – the relationship conventionally existing between effectiveness of domestic law and territorial scope of application. As regards personal data protection, this raises several issues for consideration – which confirm day after day that the overall framework of data protection legislation is really at the crossroads of the development paths followed by contemporary society. In analysing the consequences resulting from these innovations and opportunities, one usually dwells on the legal wording setting out the limitations that may apply, if any, to an individual’s right of being in control of the information concerning him or her. Being an economist, I think it is appropriate to point out that – jointly with the ethics principles and the legal conditions to be safeguarded – there is also a change in progress concerning both the weight of production and distribution factors as related to final results and work management policies inside enterprises. Specific attention should be paid to the de-composition of production processes. I am referring to the increasingly widespread practice of fragmenting the steps between launch of the project concerning a given product (good or service) and marketing of such product. This is where personal data are transferred. The widespread practice of process decomposition is not an instance of de-industrialisation; in fact, it entails conferring specific, specialised functions in respect (1) Member, Italian Data Protection Authority. Gaetano Rasi - What Is Changing in Production Activities 17 of individual components and positions that will be ultimately assembled to yield the finished product. Again, personal data are processed throughout the phases of this process. Moreover, innovation as the driver of production progress has long ceased being limited to the effects produced on manufacturing processes or else on the invention of new products. Indeed, innovation also means introducing new organisational patterns – such as the externalisation allowed by outsourcing -, using automated systems to communicate and process data, or jointly managing business sectors that are shared with other enterprises. 2. Assessing Market Requirements Innovations are successful not only to the extent that they are original, but also – quite often – insofar as they are based on the assessment of emerging and/or hidden market requirements. This consideration shifts the focus of discussion on the personal components of the assessment performed by seller and purchaser in the decision-making leading to conclusion of a “contract” in modern times. In bilateral contracts – including those based on the mere acceptance of a public offer, such as the exhibition of goods in a shop window or on a shelf, or an offer advertised on media – a party’s decision to enter the contract does not result exclusively from cost assessment as it is also based on the existence of some guaranteed certainties, in addition to the considerations relating to taxation and/or contractual constraints as well as to the immediate and/or future availability and accessibility of the relevant good. Therefore, a key role in shaping both the seller’s and the purchaser’s intent is played by the assessment of the certainty degree in addition to the evaluation of economic suitability. And the former item is a typical component of an actor’s individual personality. Let us briefly consider the components coming into play as regard intent formation. They are the following: a) the ratio between the sacrifice inherent in the price to pay and the expected benefit resulting from the good to be acquired; b) the economic suitability related to deprivation of the good as opposed to the profit resulting from payment of the relevant consideration; c) the degree of risk related to sale/purchase mechanisms, immediate/postponed delivery, and payment in cash or by instalments; d) guarantees against hidden flaws/defects; e) validity of payment means; f) trust in post-sales assistance (spare parts, repairs, time to repair, etc.); g) reliability in managing customer relations (professionalism, confidentiality, customisation, continuity, service levels, performance quality, adequacy of information, instructions for use, etc.). 18 Da costo a risorsa - Attività produttive e protezione dei dati personali Points c) and g) are related to the processing of personal data. It is quite clear that the appropriate management of the information concerning those collecting and/or providing such information means certainty for the market. Sellers tend to expand their offers and purchasers feel that their rights are safeguarded. Regulating liability in performance-based contracts is a source of trust as well as providing the foundations for the expansion phases of the economic cycle. There is currently no assessment system available as regards the quality resulting from the appropriate processing of personal data in the economic activities related to the exchange of goods against a consideration. However, this component would appear to play a key role by having regard to the importance attached by businesses to the information on their prospective customers’ conduct and timeliness in paying as well as, on the other hand, to the concern shown by purchasers in respect of the accuracy of the information describing their conduct. The protection of privacy is fundamental in connection with assessing reliability and creditworthiness. The relationships between enterprises and consumers are also changing. As maintained by Vance Packard in the ‘50s, advertising companies availed themselves of the techniques conventionally implemented by “hidden persuaders”, who “do not sell products, but buy customers” for mass-production industry. In the face of a mass market, commercial communication also tended to massification. Consumers were not taken into consideration as individuals, but rather as members of a homogeneous, non-diversified group. Conversely, new contacting methods based on customised advertising are getting increasingly common nowadays – partly because of the modern interactive communication systems. Each consumer is therefore becoming the focus of a network of messages converging on him/her to get him/her to purchase goods by leveraging his/her specific interests and individual requirements. The shift from “mass-oriented” to “individual-oriented” markets has already taken place. However, the change has not concerned “commercial contact” and “invitation to purchase” components only. The post-sales phase, i.e. the services provided to established customers, is also undergoing considerable modifications because of the technical possibility to fine-tune assistance by meeting the consumer’s ever-changing, diversified requirements. It is no chance that customer loyalty programs have long become the staple of business management and huge resources are being invested in order to carefully manage customer relationships and extend their duration – according to Customer Relationship Management (CRM) principles. I think it is important to point out that the public administration also avails itself increasingly of technological tools, at both central and local level, in order to facilitate contacts with citizens and provide its services speedily and transparently. I am referring, in particular, to the modernisation of bureaucratic activities that is of- Gaetano Rasi - What Is Changing in Production Activities 19 ten referred to as e-government. This complex change, though including positive features for both enterprises and public bodies and producing beneficial effects to consumers and citizens, is also fraught with some dangers and criticalities. 3. Effects on the Relationships between Economic Actors The protection of personal data – seen against this background – takes on key importance as it produces deep-ranging effects on the relationships between economic actors. Thus, privacy retains its fundamental role within the framework of fundamental personal rights – that is to say, it is established by now as a pre-requisite to ensure implementation of all other personal rights set out in constitutional instruments – and, at the same time, it is coming to play a strategic role in determining future market developments. Privacy can set the inviolable boundary defending citizens against undue influence and/or interference from enterprise and/or the public administration. However, in a negative perspective, privacy can also dampen the development of an offer that cannot adjust to the demand coming from markets and the society at large – as per a fundamental law of economics. Therefore, it is necessary to create the conditions for the protection of personal data to become a driver of economic development rather than a hindrance to growth. Given these premises, there is little doubt that the right to personal data protection is bound to play a fundamental role in shaping the future pattern of the relationships between enterprise and consumers as well as between public bodies and citizens. On the one hand, there is the danger – resulting from new technologies – that consumers are besieged, denuded and influenced, investigated and surveilled daily by “collectors of personal information” – who, in the absence of rules and checks, or preferably of self-regulatory tools such as codes of practice, might use this information to urge useless or downright harmful purchases and stimulate demand in a way that is unrelated to real, actual requirements. The ultimate risk is that customers may be exposed to undue influence or else give up in exhaustion. On the other hand, markets might end up being blocked and unable to get in touch with consumers to set up a direct relationship with them, which would oblige them to re-trace their steps and avail themselves of the methods used by “hidden persuaders” to induce mass consumption – via invasive, redundant advertising. Similar considerations apply to the activity of the public administration. 20 Da costo a risorsa - Attività produttive e protezione dei dati personali 4. Privacy as Quality The protection of personal data by public authorities and the attempt to protect personal data made by individuals – if placed in an efficient, knowledgeable economic context – can actually assist in developing appropriate, more productive relationships between enterprise and consumers as well as between institutions and citizens. Indeed, the existence of data protection legislation can allow improving the quality of relationships with customers and citizens: enterprises can be provided with accurate, truthful information that is collected with the data subjects’ consent where the latter are really interested in being contacted for commercial purposes. The same applies to the data that are processed by public utility bodies. In this manner, social usefulness and all-round ethicality can become components of today’s open economy, which tendentially goes hand in hand with the open society and the awareness of the community benefits to be achieved. On the other hand, if one considers the evolution of privacy over its centuryold history, one could argue that its peculiar feature, indeed the core of this major legal achievement, consists exactly in the capability to adjust itself to new social requirements. Personal data protection has been the subject of deep-ranging regulations throughout Europe for over thirty years. Data protection has sprouted from the privacy law tree, which had been first sown at the end of the 19th century in the US legal system as the expression of the elitarian “right to be left alone”. However, nowadays it has turned into the response to a requirement existing cross-wise in all social strata – i.e. the requirement that everyone should be in control of the information concerning him or her so as to be free to decide how to behave in the frequently strained relations between individuals and society. Personal data protection has ceased to be a right simply aimed at protecting the privileges of the happy few; it has become a pre-requisite for the development of everyone’s personality – a pre-requisite to exercise the fundamental rights pertaining to all citizens. It is no chance that exactly the protection of personal data is included – in the Chapter concerning “Dignity of Individuals” – among the opening principles of the Charter of Fundamental Rights of the EU signed in Nice in December 2000 – now corresponding to Article 50 of the Draft Constitution, which is appropriate to quote here in its entirety: “1. Everyone has the right to the protection of personal data concerning him or her. 2. A European law shall lay down the rules relating to the protection of individuals with regard to the processing of personal data by the Union’s Institutions, bodies and agencies, and by the Member States when carrying out activities which come under the scope of Union law, and the rules relating to the free movement of such data. Compliance with these rules shall be subject to the control of an independent authority.” Gaetano Rasi - What Is Changing in Production Activities 21 Therefore, we are confronted with a social, cultural and political achievement of the utmost importance. This is shown most clearly by considering the unrelenting technological development and the importance that is attached to the free flow of information both in social and in economic terms. Whilst it is increasingly easy to communicate and collect information on any of us for multifarious purposes, it is fundamental to set out the boundaries within which this type of processing is lawful and to what extent one may exercise the right to informational self-determination. I think it is quite evident that the regulatory framework applying to data protection rests not only on ethical and cultural developments, but also on the findings of sociological and economic analysis – which goes well beyond the dry ground of legal technicalities. 5. Cost-Benefit Analysis Applied to Spamming An especially interesting approach to better appreciate the development of this regulatory framework with regard to a continuously evolving social model can be found by considering the so-called law economics. No law scholar should actually refrain from assessing the cost-benefit ratio as resulting in an advanced society from the existence of privacy regulations. There is little doubt that personal data protection is a fundamental requirement in contemporary society; however, it is also obvious that this requirement should be gauged against the economic effects produced by its existence. Economists can provide an especially important contribution to this analysis in order to fully understand the impact produced by personal data protection legislation on production activities. In a paper by Maryfran Johnson (from Computerworld) of 25 February 2002, it was stated that businesses and consumers were increasingly aware that respect for privacy provided opportunities for increasing profit and customer loyalty. This is compounded by the fact that businesses and private/public bodies are increasingly mindful of the risk of having to pay the monies they had not invested to ensure data security in the form of administrative sanctions and legal costs following breaches of the relevant regulations. A survey by Harris Interactive showed actually that dissemination of personal data without the customer’s consent – in particular as related to spamming – was the first cause of concern for consumers, of whom 84% requested “independent verification” of the privacy policies adopted by businesses. According to estimates released by Forrester Research, the online business turnout in 2001 might have been higher by 15 billion dollars – compared with the 47.6 billion dollars achieved – if consumers had been more confident in the privacy afforded by businesses. 22 Da costo a risorsa - Attività produttive e protezione dei dati personali The discussion is therefore focused on the cost/benefit analysis applied to spamming as well as on balancing the interests at stake – those aimed at market expansion and those concerning consumer protection (and satisfaction). New items should be added to the above considerations, since a trend reversal and the improvement in network economy starting from 2003 prompted the revision of several alarming, at times downright catastrophic, forecasts made in previous years by spamming analysts – including the one by Forrester Research. On the one hand, market protection mechanisms were developed spontaneously and autonomously in order to curb the expansion of spamming, such as - huge investments by service providers in anti-spamming technology, information-raising and research and development of new strategies, - market efforts made by businesses to set up transparent relationships with consumers also based, in particular, on sending e-mails with their prior, specific consent, and - cultural growth and increased familiarity with computer science by increasingly discriminating, well-informed network users. On the other hand, the law-making policy followed by the EU with a view to safeguarding personal data – which are increasingly threatened on the Net – was also extended to the Usa albeit in accordance with a different approach, and this led to significant improvements in all respects. Therefore, there is by now little doubt that only a multi-policy approach to this issue, i.e. based on legislation, self-regulation, advanced technology and international co-operation, can yield a successful solution to reduce spamming. Let us get back to the study carried out by Forrester Research in 2001, showing that the online turnout might have been higher if privacy had been more respected. This finding should now be assessed in the light of the evolution that was subsequently experienced by network economy both in the Usa and in Europe. This is a complex analysis both on account of the enhanced behavioural differences applying to network users, i.e. Americans and Europeans, and because of the difficulties in interpreting survey findings – which are often so ambiguous and contradictory as to dangerously lend themselves to supporting opposite views. Based on recent forecasts, spamming is expected to boom in 2004 up to five times as much as the amount reported for 2003. Moreover, it was found that in July 2003 junk e-mail accounted for 50% of e-mail messages.(2) Will this jeopardise network economy, or the network itself? Before going forward, one should stress that the definition of spamming is not unanimously agreed upon in Europe and the Usa; nor is the impact produced by spamming on the development of network economy and privacy protection unanimously evaluated. (2) According to Brightmail, as quoted in DSTI/ICCP(2003)10/FINAL, published by OECD on 22.01.2004. Gaetano Rasi - What Is Changing in Production Activities 23 More optimistic views are held in the Usa, whereas the reports released by both OECD and EU voice increased concerns. The European Commission(3) as well as some countries including France(4) and Australia has adopted standard definitions, sharing the view that spamming consists in unsolicited commercial messages that are usually mass-mailed repeatedly, whereby the sender has intentionally disguised or forged his/her identity in order to deceive recipients. A more concise as well as broader definition can be found in the study on spamming carried out by the US Federal Trade Commission, released in May 2003,(5) and this definition was also used by the OECD(6) - spamming is considered to include both junk e-mail and “any message that is disliked by a customer” regardless of the latter’s consent. The latter definition significantly changes the conceptual framework of spamming and postulates a new definition of the fight against spamming as well as the re-configuration of the relationships between businesses and consumers. 6. Need for Balancing Data Protection and Freedom of Enterprise Therefore, increased attention to security of information and appropriate management of data flows is a fundamental prerequisite in order to prevent unpleasant consequences. As for businesses, Computerworld referred, in particular, to three items they should take into account in this regard, i.e. 1. Ensuring that customer data are accurate, updated and homogeneous in order to adequately take account, for instance, of privacy preferences; 2. Refraining from the establishment of oversize databases: “small is better” for privacy; 3. Keeping up with legislation and regulatory developments (which are becoming increasingly important in the Usa as well). Without prejudice to the need for supervisory authorities to impose sanctions as required, it should be pointed out that this should not turn out to be a hindrance to freedom of enterprise; in fact, it should contribute to strengthening the rule of law as well as trust in economic exchanges. The search for balance within the framework applying to personal data protection is fundamental to enable effective development. The privacy culture is get(3) According to the 2001 European Commission’s Report on “Unsolicited Commercial Communications and Data Protection”, “Spam is generally understood to mean the repeated mass mailing of unsolicited commercial messages by a sender who disguises or forges his identity”. (4) See the definition adopted by the Commission Nationale de l’Informatique et des Libertés. (5) Forum on Spamming, chaired by Mozelle Thomson. (6) See DSTI/ICCP(2003)10/FINAL, published by OECD on 22.01.2004. 24 Da costo a risorsa - Attività produttive e protezione dei dati personali ting increasingly widespread in our country. We should consider – which does not apply to Italy only – that the “incorporation” of privacy compliance into goods and services is soon to become a requirement dictated exactly by market. Any business that is not capable to meet this new demand will be in danger of being ousted from the market. In short, the competition pattern that is being developed is one in which it will be increasingly difficult to find and ensure loyalty of customers if the products on offer do not comply with the demand for respecting privacy. Thus, it is of the essence to appreciate the economic costs of protecting personal data and how they can contribute to setting a price that is competitive because it also includes this new qualitative feature. It is also fundamental to appraise the benefits resulting from the existence of a right to personal data protection, not only from a social viewpoint, but also in merely economic terms. Given the most recent developments in the marketing sector, in particular the so-called permission marketing whereby promotional initiatives are based on the recipient’s prior consent, one might reasonably argue that data protection and effective marketing can, indeed must go hand in hand. Therefore, let me say it once again, businesses can leverage respect for privacy in order to set up customer relationships based on mutual trust and transparency. The contributions collected in this book are aimed at providing an overview – never attempted before in Italy – of these largely unexplored issues related to personal data protection. The ultimate objective, as readers may have gathered from the above considerations, would consist in starting an exercise with a view to identifying the criteria to be taken into account to reconcile effective data protection with efficiency of a development-oriented economic system. Apart from a few commendable exceptions, scholars have not yet addressed privacy issues in this perspective; in fact, it is a necessary step in order to better understand and manage the complex social and technological changes of which personal data protection is a fundamental component. 7. The Features of the New Challenge Privacy is therefore called upon to cope with a new challenge, i.e. how to be at the crossroads between businesses’ growth and civil society’s development by simultaneously meeting the protection demand coming from individual consumers. Actually, we are facing what is termed a “win-win situation” in the Anglo-Saxon world, in which both parties can benefit from the stipulation of an agreement. Within the framework of the relationships between economic actors, privacy is bound to be the founding value of a covenant between businesses and consumers that will enhance the dynamic features of a market comprised of entities making free, informed deci- Gaetano Rasi - What Is Changing in Production Activities 25 sions. This is the new frontier for personal data protection as an instance of nowadays’ qualitative concept of social and economic development, which must be capable to raise merely quantitative increases in the production of goods and services to a higher level. This is the spirit in which the Italian data protection Authority considers it useful to draw the international scientific community’s attention to the issue at stake. We do hope that in so doing we will manage to pave the way to new approaches to research and confrontation between law and economics, and thereby spark further debates on the future of data protection. 26 Da costo a risorsa - Attività produttive e protezione dei dati personali Contributi S ESSIONE I L A TUTEL A DEI DATI PERSONALI NEL MERC ATO GLOBALE Sessione I – La tutela dei dati personali nel mercato globale Privacy Benefits and Costs From a U.S. Perspective Robert Gellman (1) Contents: I. Introduction - II. Privacy Protections Benefit Record Keepers – III. The Absence of Privacy Protections Costs Record Subjects – IV. Challenges in Assessments of Privacy Costs and Benefits – V. Conclusion Protecting the privacy of personal information involves costs and results in benefits. Most analysts in the United States would probably agree with that statement, but there is little agreement on much else relating to privacy costs and benefits. The purpose of this paper is to identify some cost and benefit elements that should be considered in evaluating the economics of privacy protection in the United States. No comprehensive model is proposed. A major preliminary issue is defining privacy. This is much more of a problem in the United States than elsewhere. Most of the world accepts Fair Information Practices (FIPs) as describing the basic elements of information privacy. Support of FIPs by the American government and American record keepers has been fitful. Privacy protections may benefit record keepers as well as record subjects. The types of benefits that may accrue to record keepers include an increase in sales, a reduction in transaction costs, record keeping efficiencies, reduced costs through greater uniformity of privacy requirements, and other benefits. Privacy rules – and the absence of privacy rules – also have consequences for consumers. One way to measure the importance of privacy to consumers is to observe actions that consumers take to protect their personal information. An American family seeking to protect the privacy of its information could spend hours of time and several hundred dollars annually in out-of-pocket expenses plus other intangible and unmeasurable costs. Some will pay higher prices for goods and services to protect privacy. Avoidance of identity theft, a crime fueled by the availability of personal information, imposes other costs for consumers. Assessing privacy costs and benefits in a formal way is difficult anywhere. Challenges include: (1) Privacy and Information Policy Consultant - Usa Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective 29 - Establishing a baseline from which to measure the actual or likely effect of a rule. - Identifying benefits from privacy rules and quantifying the benefits, whether the benefits accrue to record keepers or record subjects. - Identifying and valuing record keeper costs. Future work will benefit greatly from agreement on the definition of privacy; on whether and how to account for secondary and tertiary effects of processing practices; on how to find fair ways to share costs and benefits between record subjects and record keepers; and on how to measure baselines internationally in light of significantly different privacy regimes. I. Introduction Protecting the privacy of personal information involves costs and results in benefits. Most analysts in the United States would probably agree with that statement, but there is little agreement on much else relating to privacy costs and benefits. The United States, with its highly developed marketplace for personal data and lack of legislative protection for many types of personal data, presents a particular challenge for evaluating costs and benefits. It is difficult to find agreement in the United States on basic definitions of privacy or on the categories of costs or benefits that might be measured. Unlike countries that have omnibus privacy laws, the United States has occasional and uncoordinated state and federal privacy laws; selfregulatory activities that range from meaningful to insincere; and no response to privacy at all. Professor Spiros Simitis once described the American approach to data protection as “an obviously erratic regulation full of contradictions, characterized by a fortuitous and totally unbalanced choice of its subjects.”(2) Simitis’s characterization remains true ten years later. The purpose of this paper is to identify some cost and benefit elements that should be considered in evaluating the economics of privacy protection in the United States. No comprehensive model is proposed. The goal is simpler. First, some of the benefits from privacy that accrue to record keepers (rather than record subjects) are identified. Some American record keepers have been vocal about the costs of privacy, while ignoring the benefits. Their controversial privacy cost studies are only mentioned here in passing. Second, some of the costs that consumers bear when privacy is not protected at law or by business practice are discussed. Third, several challenges of assessing costs and benefits are reviewed. The conclusion considers some of (2) Spiros Simitis, New Trends in National and International Data Protection Law, in Recent Developments in Data Privacy Law 22 (J. Dumortier ed. 1992). 30 Da costo a risorsa - Attività produttive e protezione dei dati personali the fundamental difficulties that arise in assessing privacy costs and benefits. A major preliminary issue is defining privacy. This is much more of a problem in the United States than elsewhere. Most of the world accepts the Fair Information Practices (FIPs) defined in the Guidelines of the Organization for Economic Cooperation and Development(3) as describing the basic elements of information privacy.(4) The eight OECD FIPs are: Collection Limitation, Data Quality, Purpose Specification, Use Limitation, Security Safeguards, Openness, Individual Participation, and Accountability. Although FIPs were first proposed as a framework for privacy in the United States in 1973,(5) and although the US Government embraced the OECD Guidelines during the early years of the Reagan Administration,(6) active support of FIPs has been fitful. American companies, trade associations, and even federal agencies significantly restate FIPs to suit their own interests. The result is that it is difficult to find any broad consensus on privacy policy, goals, or language in the United States. For example, in 2000, the Federal Trade Commission recommended that consumer-oriented commercial websites that collect personal identifying information from or about consumers online should be required to comply with “the four widely-accepted fair information practices.”(7) The FTC’s version of FIPs includes notice, choice, access and correction, and security. Choice is not a core element of traditional FIPs. Choice means that consumers would have to be offered some ability to say how their personal data may be used for secondary purposes. It appears that the FTC modeled its choice principle on privacy policies from elements of the American business community. (3) Organization for Economic Cooperation and Development, Council Recommendations Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 20 I.L.M. 422 (1981), O.E.C.D. Doc. C (80) 58 (Final) (Oct. 1, 1980), at <http://www.oecd.org//dsti/sti/it/secur/prod/PRIV-EN.HTM>. See also Council of Europe, Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, 20 I.L.M. 317 (1981), at <http://conventions.coe.int/treaty/en/treaties/html/108.htm>. (4) Colin J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (1992). (5) Secretary’s Advisory Committee on Automated Personal Data Systems, Records, Computers, and the Rights of Citizens (1973) (Department of Health, Education & Welfare) <http://aspe.os.dhhs.gov/datacncl/1973privacy/tocprefacemembers.htm>. (6) See Report on OECD Guidelines Program, Memorandum from Bernard Wunder, Jr., Assistant Secretary for Communications and Information, Department of Commerce, to Interagency Committee on International Communications and Information Policy (Oct, 30, 1981), reprinted in International Telecommunications and Information Policy, Hearings before a Subcommittee of the House Committee on Government Operations, 97th Congress at 27-58 (1981-82). Official supporting activities were part of an effort to show interest in privacy through voluntary action rather than legislation. See General Accounting Office, Privacy Policy Activities of the National Telecommunications and Information Administration, (Aug. 31, 1984) (GGD-84-93). More than 180 major U.S. multinational companies and trade associations endorsed the guidelines. The Reagan Administration dropped its interest in the Guidelines by 1983. The sincerity of the effort has been questioned, and the effect of the endorsements was unclear at the time. Robert M. Gellman, Fragmented, Incomplete, and Discontinuous: The Failure of Federal Privacy Regulatory Proposals and Institutions, 6 Software Law Journal 199, 227-233 (1993). (7) Federal Trade Commission, Privacy Online: Fair Information Practices in the Electronic Marketplace, (May 2000), at <http://www.ftc.gov/reports/privacy2000/privacy2000.pdf>. Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective 31 The FTC statement of FIPs does not address the collection limitation or data quality principles. The accountability principle is not mentioned, but it is part of the FTC’s proposal by implication since the Commission would have an enforcement role. The other missing principle is that of purpose specification. The Commission’s choice principle appears to be a partial substitute. What is absent is any requirement that a record keeper specify the purposes for data collection and that subsequent use or disclosure be limited to those purposes and other closely related purposes. Other restatements of FIPs by American businesses contain even fewer FIPs elements than the FTC’s version. The importance of a definition is that the costs and benefits of privacy depend on what elements are being assessed. Selective review of either costs or benefits produces an incomplete picture. Those who seek to assign a high price tag to privacy sometimes focus on cost without considering the corresponding benefits or methods for mitigating the costs or consequences. II. Privacy Protections Benefit Record Keepers Privacy protections benefit consumers.(8) However, it is often overlooked that protecting privacy may be good for record keepers as well as record subjects. In the United States, self-regulatory activities are evidence that some businesses recognize that offering privacy protections is important to attracting and satisfying customers. Protecting privacy may be another factor in business success, along with free parking, competitive prices, convenient hours, and good service. For some in the American business community, the principal motivation for self-regulation is a desire to avoid additional privacy legislation at the federal or state level. However, some companies sincerely believe that privacy is important to their customers and therefore to business operations. For activities such as health care, customers expect a higher degree of privacy protection, and privacy is an inherent characteristic. The types of benefits that may accrue to commercial record keepers include an increase in sales, a reduction in transaction costs as privacy-sensitive consumers agree to use less expensive Internet facilities, record keeping efficiencies, and reduced costs through greater uniformity of privacy requirements. A. Increased Sales The lack of adequate controls over the use and disclosure of personal information appears to take a significant toll on Internet sales. Internet users fill and (8) This paper uses the terms record subject, consumer, and customer interchangeably. In some contexts, the terms can have different meanings or connotations. 32 Da costo a risorsa - Attività produttive e protezione dei dati personali then abandon shopping carts in huge numbers. One study suggests that four out of five consumers try to purchase online and give up. The two leading reasons are 1) too much information has to be provided, and 2) unwillingness to enter credit card details.(9) Other studies and surveys show the importance of privacy in the online environment. In a recent report to the Congress, the Federal Trade Commission estimated that lost online retail sales due to privacy concerns may be as much as $18 billion. The FTC also cited a study showing that 92% of respondents from online households stated that they do not trust online companies to keep their personal information confidential.(10) Marketplace effects are sometimes most apparent when consumers react angrily to privacy policies. In 1998, a newspaper story revealed that two pharmacies in the Washington, D.C., area were sending prescription information to an independent company that mailed patients reminders about prescription refills. Within a few days, both pharmacies stopped the programs because of customer complaints.(11) Another illustration comes from a change in a privacy policy announced in 2002 by Qwest Communications, a large regional telecommunications company in the Western United States. Qwest told customers that their personal data would be disclosed to subsidiaries and to others unless the customers took steps to opt-out. In response to complaints from customers, regulators, and consumer groups, Qwest revoked the new policy within weeks and substituted a policy more acceptable to consumers.(12) The extent to which good privacy policies or practices increase sales, whether in an online or offline environment, is hard to measure directly. Anecdotal evidence suggests that consumers sometimes object when they become aware of data practices, and these objections may result in a loss of business or a tarnished reputation for the company. A headline from a recent report from a business research company makes the point clearly: Enterprises That Stray From Best Practices When Dealing With Personal Information Risk Customer Backlash or Worse.(13) (9) A.T. Kearney, Satisfying the Experienced On-Line Shopper at 8 (2000) <http://www.atkearney.com/pdf/eng/Eshopping_survey.pdf>. (10) Federal Trade Commission, Privacy Online: Fair Information Practices in the Electronic Marketplace 2 (2000) <http://www.ftc.gov/reports/privacy2000/privacy2000.pdf>. (11) Robert O’Harrow Jr., Prescription Sales, Privacy Fears: CVS, Giant Share Customer Records With Drug Marketing Firm, Washington Post, Feb. 15, 1998 at Page A01; Robert O’Harrow Jr., Giant Food Stops Sharing Customer Data, PrescriptionMarketing Plan Drew Complaints, Washington Post, Feb. 18, 1998 at Page A01. (12) Lisa M. Bowman, Qwest Backpedals on Privacy Plan, ZDNet News, Jan. 28, 2002 <http://zdnet.com.com/2100-1105824663.html>. (13) W. Janowski, Worst Practices in Customer Privacy Management (2002) (Gartner Group) (TU-16-6918) retrievable at <http://www3.gartner.com/pages/story.php.id.2367.s.8.jsp>. Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective 33 B. Reduced Transaction Costs Internet transactions offer the benefit of reduced transaction costs. It is widely reported, for example, that bank transaction costs greatly diminish when customers shift to the Internet. A typical transaction involving a bank teller may cost from $1.00 to $1.44. A transaction at an automatic teller machine may cost 25 to 30 cents. However, estimates of the cost of an Internet transaction range between 1 and 4 cents.(14) The reduction in cost from an Internet transaction may exceed 95 percent. Assessing the level of consumer concerns about privacy and the marketplace effects of those concerns is difficult and controversial. However, even if only a relatively small percentage of consumers decline to engage Internet transactions because of privacy concerns, privacy protections that would induce more customers to use the Internet can still result in a net benefit for companies through a reduction in cost. The savings may be sizeable enough to outweigh the revenues that a bank may realize by exploiting customer records for other purposes. C. Record Keeping Efficiencies Many good privacy practices are good record management policies as well. Evidence suggests that privacy laws sometimes force record keepers to do things that they should have done otherwise. The effect of a privacy law can be better protections for data subjects as well as greater efficiency and lower costs for record keepers. Clear examples with firm cost savings are hard to find without considerable research and cooperation from record keepers. However, experience with a governmental privacy law offers some useful anecdotal evidence. The Privacy Act of 1974(15) was one of the first generation of privacy laws.(16) It applies only to federal agencies in the United States, and it requires agencies to implement Fair Information Practices in a systematic way. The combined effect of the law’s provisions requiring publication of notices of data systems, inclusion of privacy notices on forms that collect information from individuals, and other privacy protections forced agencies to review and reconsider their data processing practices. In a 1977 review of the law, the Privacy Protection Study Commission reported these results: - Some agencies eliminated systems of records in order to avoid the requirement to publish a descriptive notice. (14) See, e.g., Juan Hovey, Bank On It, Entrepreneur Magazine (April 2000) <http://www.Entrepreneur.com/article/0,4621,268144,00.html>. (15) 5 U.S.C. §552a. (16) For a discussion of the generations of privacy laws, see Viktor Mayer-Schönberger, Generational Development of Data Protection in Europe in Technology and Privacy: The New Landscape, 218-241 (Philip E. Agre & Marc Rotenberg eds., 1997). 34 Da costo a risorsa - Attività produttive e protezione dei dati personali - Some agencies disposed of records to avoid the responsibility of managing them. - The Foreign Service reduced the amount of material in its personnel records by 50 to 60 percent. - The Drug Enforcement Administration destroyed some records after discovering that it has no statutory authority to maintain them. - The United States Information Agency eliminated 9300 personnel records. The Community Services Administration also disposed of outdated personal records. - The Department of Housing and Urban Development and the National Center for Health Statistics eliminated personal identifiers from research records. - Some agencies stopped publishing directories with the home addresses and telephone numbers of employees. - One agency removed Social Security Numbers and other irrelevant information from carpool application forms. - The Civil Service Commission revised the government’s standard employment application form and eliminated 20 subsystems, including unnecessary records on 1.3 million individuals. - The Department of Labor stopped collecting Social Security Numbers from two million people each year, changing the records from identifiable to non-identifiable. - The Department of Defense eliminated more than 58,000 forms, and simplified another 22,000 forms. Hundreds of data elements were eliminated from some personnel systems.(17) These actions taken to comply with privacy requirements resulted in cost savings, greater efficiency, better management, improved compliance with legal obligations, or other benefits to the record keepers. Improving controls over information systems with personal data helps both the record keeper and the record subject. A measurement of the benefits, however, is not available. Some evidence of commercial benefits from privacy regulations can also be found. Perhaps more than any other industry, the American credit reporting industry is heavily regulated for privacy. The Fair Credit Reporting Act,(18) which dates back to 1970, is the oldest federal commercial privacy law. Equifax, one of the three major American credit bureaus, acknowledged the benefits of privacy in a 1992 annual report. Equifax said that greater attention to customer concerns for fair infor(17) Privacy Protection Study Commission, The Privacy Act of 1974: An Assessment 51-55 (1977) (Appendix 4 to the Report of the Privacy Protection Study Commission) <http://aspe.hhs.gov/datacncl/77apdx4/index.htm>. (18) 15 U.S.C. §1681 et seq. Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective 35 mation practices “has reduced operating costs and increased profit margins.”(19) When companies that use records to make decisions about consumers maintain those records with greater accuracy, the result will be fairer and better decision-making as well as lower costs. D. More Efficient Compliance through Greater Uniformity The European Union long ago realized the importance of privacy laws to its common market for goods and services. Few Americans recognize that the EU Data Protection Directive has two separate purposes: one regarding the protection of personal privacy, and one on the free movement of personal data. The Directive recognizes that a uniform level of privacy is vital to the transfer of personal data within the EU internal market.(20) In the United States, recognition of the same principle continues to grow in other ways. Perhaps the single most important privacy issue for the American business community is the desire for uniform federal rules that preempt state laws. American companies that operate in interstate commerce do not want to face having to comply with fifty different state laws. They argue that differences in state laws as well as differences in national laws create barriers to commerce. While some in the American business community still wish that privacy would disappear as a public concern, it is apparent that privacy is here to stay. Record keepers will be forced by laws, self-regulatory mechanisms, or market pressure to address privacy. Thus, the choice is not whether to have privacy rules, but who will impose the rules. Whether self-regulation is effective is an open question. However, self-regulation may not dissuade legislators from enacting privacy laws so the jurisdiction issue may be unavoidable.(21) Laws govern international personal data processing activities in many countries, and those laws are also unavoidable. Companies that do not meet international standards for privacy face the prospect of either lost business or increased costs to meet those standards. It is difficult to put a price tag on the potential losses and costs, but the strong objections from parts of the business community suggest that the stakes are significant. The Safe Harbor agreement(22) between the US Department of Commerce and the European Commission offers one way for American companies to meet EU standards. Meeting the terms of Safe Harbor imposes costs on American record keepers, with (19) Equifax, Inc., Annual Report to Stockholders 17 (1992), quoted in Paul M. Schwartz & Joel R. Reidenberg, Data Privacy Law 264-65 (1996). (20) Recital 8. (21) Even self-regulation raises its own jurisdictional problems. See Robert Gellman, Can Privacy Be Regulated Effectively on a National Level? Thoughts on the Possible Need for International Privacy Rules, 41 Vill. L. Rev. 129 (1996). (22) <http://www.export.gov/safeharbor/>. 36 Da costo a risorsa - Attività produttive e protezione dei dati personali corresponding benefits to the data subjects whose personal information is exported to the United States. If the United States enacted privacy legislation that allowed American companies to conduct international business activities without the need for individual company compliance with privacy standards of other countries, more uniform and less expensive privacy obligations would be one result. As the EU Member States already learned, a degree of uniformity in privacy regulation opens markets, reduces barriers, and lowers costs. The benefits to business of privacy harmonization can be significant, although the benefits may be hard to quantify. The same benefits might flow to businesses if American legislation established either common or minimum standards within the United States. Preemption of state laws is one of the most controversial privacy issues in the United States. Privacy advocates generally oppose federal laws that prevent states from enacting laws with higher standards. Advocates tend to favor federal privacy laws that establish a floor of protection with the possibility that state laws that offer addition protections can remain in force. Businesses tend to favor federal laws that completely preempt state laws so that there is a single uniform rule throughout the country.(23) Resolution of competing demands about preemption will not happen quickly or easily. However, either approach toward uniform or minimal privacy standards bring with it some promise of cost savings for record keepers. E. Other Benefits Other potential benefits include avoidance of lawsuits and reputational damage. Even more than other benefits, these benefits are particularly difficult to quantify. However, some companies with inadequate privacy policies or practices have been the subjects of private lawsuits, government investigations, and negative press. The immediate cost of responding to an unexpected and negative media story can be measured in the millions of dollars in out-of-pocket costs and lost sales. In one highprofile case, the market value of a company that ran into privacy problems dropped precipitously when the problems became the subject of public controversy.(24) Another benefit from privacy can be better information from consumers. Consumers concerned about privacy, spam, or other consequences of information sharing have learned to lie.(25) Privacy protections may induce consumers to disclose accurate information so that record keepers will have better quality data. (23) See, e.g., John Dugan, Financial Services Coordinating Council, Testimony before the Senate Banking Committee (Sept. 19, 2002) <http://banking.senate.gov/02_09hrg/091902/dugan.htm>. (24) See, e.g., Chris Oakes, A Turning Point for E-Privacy, Wired News, Mar. 4, 2000 (discussing DoubleClick) <http://www.wired.com/news/politics/0,1283,34734,00.html>. (25) See, e.g., Leslie Miller, Web Surfers Keen on Politics and Privacy, USA Today, June 30, 1996 (“More than on fourth (26%) say they’ve given false information about themselves when asked to register at Web sites.”) Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective 37 III. The Absence of Privacy Protections Costs Record Subjects Any discussion of privacy costs and benefits must take a comprehensive look at costs and benefits to all participants. Privacy rules impose costs on record keepers. Privacy rules can also result in benefits to record keepers through increased sales, reduced costs, greater efficiencies, or in other ways. Privacy rules – and the absence of privacy rules – also have consequences for consumers. One way to measure the importance of privacy to consumers is to observe actions that consumers take to protect their personal information. When people perceive threats to privacy and insufficient systemic responses, they are left to protect themselves. An American family seeking to protect the privacy of its information could spend hours of time and several hundred dollars annually in out-of-pocket expenses plus other intangible and unmeasurable costs.(26) A. Higher Prices American merchants increasingly offer frequent shopper programs that offer lower prices to consumers who register, provide personal information, and allow their purchases to be tracked. One opponent of the cards calls them registration and monitoring programs.(27) The most common examples are supermarket frequent shopper cards. Before the cards were in common use, supermarkets usually offered sales and discounts to all customers. The ability of merchants to set prices and limit discounts to registrants places tremendous pressure on consumers to participate in the programs. Any customer who refuses to use a frequent shopper card – or is unaware of the requirement – will pay more. Individuals may object to these programs for different reasons, including inadequate privacy policies from the merchants and the lack of statutory protections. Some merchants address these concerns, at least in part, by allowing anonymous registration. Some individuals lessen the consequences by acquiring cards using pseudonyms, by lying, or through other tactics. However, merchants sometimes require identification. The number of people who refuse to use frequent shopper cards is unknown. The higher prices paid by those who reject frequent shopper cards represent a direct financial sacrifice for privacy. For consumers as a whole, it is likely that frequent shopper programs represent a net expense from the previous regime where sale prices were available to everyone. Under the programs, some consumers receive discounts while others pay higher prices. A group that opposes the cards suggests that <http://www.cc.gatech.edu/gvu/user_surveys/>. (26) See Privacy, Consumers, and Costs. (27) Consumers Against Supermarket Privacy Invasion and Numbering <http://nocards.org/essays/nofakes.shtml>. 38 Da costo a risorsa - Attività produttive e protezione dei dati personali supermarkets may make a profit on the programs from the higher prices that some consumers pay.(28) B. Junk Mail Recipients of unsolicited advertising (junk mail) through the Postal Service bear some costs. Recipients spend time sorting through the mail and discarding it. They pay to have the trash removed, not a trivial expense on a nationwide scale. The basic numbers indicate the vast scale of junk mail sent and received in the United States: - The average person receives 10.8 pieces of junk mail each week or nearly 560 pieces per year. For a household, the amount of junk mail received annually can easily exceed 1000 pieces a year. - The total volume of junk mail produced each year in the United States is approximately 4.5 million tons. - Each year, 100 million trees are used to produce junk mail. - Estimates are that 44% of junk mail is discarded unopened and unread.(29) - A 1995 survey by the US Postal Service found that 50% of households wished that they received less “advertising” mail, up from 30% in 1987.(30) Some junk mailers allow consumers to opt-out of the sharing of their personal information for marketing purposes. Those who do opt-out may receive less unwanted mail. The burden on consumers of opting-out is significant. Many companies require those seeking to opt-out to write letters. Writing a letter is a significant burden on most individuals, and the cost for paper, postage, and time is not trivial.(31) If the cost to a consumer of sending an opt-out letter were 50 cents, the consumer who opted out of one type of junk mail each week would spend $26.00 in the course of a year. Some broader opt-outs are available, but not all are free. Individuals who want to use the Mail Preference Service run by the Direct Marketing Association to optout of junk mail must pay a five dollar “processing fee” and pay by credit card if they want to register for the service online.(32) The reticence of privacy-sensitive consumers to disclose their credit card numbers online is well known, so the demand (28) See Consumers Against Supermarket Privacy Invasion and Numbering, Supermarket Cards: The Pricing Issues <http://nocards.org/savings/index.shtml>. (29) Native Forest Network <http://www.nativeforest.org/stop_junk_mail/nfn_junk_mail_guide.htm>. (30) Direct Marketing Association, Statistical Fact Book 1998 at 37. (31) In regulations issued under Gramm-Leach-Bliley governing opt-outs offered by financial institutions, the Federal Trade Commission distinguished between reasonable and unreasonable opt-out methods. The Commission said expressly that it is an unreasonable method if the only way for a consumer to opt-out is to write a letter. The Commission favored check-off boxes, reply forms, and electronic means to opt-out. 16 C.F.R. §313.7(a)(2). (32)< http://www.dmaconsumers.org/cgi/offmailinglistdave >. Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective 39 for disclosure of a credit card is a seemingly intentional barrier on the use of this service. The DMA’s email opt-out service has no processing fee.(33) However, it is only effective for two years and must be affirmatively renewed. Exercising these optouts imposes a cost on consumers that must also be attributed, at least in part, to the lack of adequate privacy protections. C. Telemarketing Telemarketing is highly unpopular among consumers. Polls confirm that people find telemarketing calls annoying, unacceptable, invasive, and offensive.(34) The Privacy Rights Clearinghouse makes the point with the subtitle of its fact sheet on telemarketing calls: Whatever Happened to a Quiet Evening At Home?(35) There are many ways to measure consumer unhappiness with telemarketing. Connecticut is one of many states that operates a state do-not-call list. Recent statistics show that nearly half of Connecticut households have placed their telephone number on the list.(36) When AOL announced in 1997 that it would begin to sell the telephone numbers of its members, the move “unleashed a storm of criticism.”(37) It took only one day for AOL to hear the complaints and reverse its decision. The Telephone Consumer Protection Act(38) gives recipients of unwanted calls a limited legal remedy. Several websites help people to exercise these remedies. One reports that its members have recovered more than $800,000 in damages over the calls.(39) However, the courts are beyond the reach of most, and consumers use other techniques and technologies to avoid, evade, and stop telemarketing calls. Consumers spend time, effort, and money in their efforts, and these are costs that result in part from the lack of adequate protections for the privacy of personal information. Many consumers simply suffer the aggravation and disruption of unwanted telemarketing calls. Both the Federal Trade Commission and the Federal Communications Commission are considering stronger rules on telemarketing that would enhance the ability of consumers to stop unwanted calls.(40) Telephone companies and device manufacturers use objections to telemarket(33) <http://www.dmaconsumers.org/optoutform_emps.shtml>. (34) For a collection of polls on the subject, see <http://telejunk.norman.ok.us/surveys.html>. (35) <http://www.privacyrights.org/fs/fs5-tmkt.htm>. (36) DM News, Connecticut DNC List Doubles in Size at 6 (June 11, 2001). (37) Associated Press, AOL Backs Off Plan to Give Out Phone Numbers (July 25, 1997). (38) 47 U.S.C. §227. (39) See Private Citizen, <http://www.private-citizen.com/>. See also <http://www.stopjunkcalls.com/links.htm>. (40) Federal Trade Commission, Request For Information on Proposed National Do-Not Call Registry (2002) <http://www.ftc.gov/os/2002/05/16cfrpart310.htm>; Federal Communications Commission, Notice of Proposed Rulemaking, In the Matter of Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991 (2002) <http://www.fcc.gov/Daily_Releases/Daily_Business/2002/db0918/FCC-02-250A1.pdf>. 40 Da costo a risorsa - Attività produttive e protezione dei dati personali ing as a selling point for enhanced telephone services. In other words, consumers who want to avoid telemarketing calls can buy protection. Here are some examples: - Caller ID is often promoted as a privacy protection and a way to avoid unwanted calls. Qwest’s version is called Caller ID with Privacy+.(41) Verizon offers a service under the name Call Intercept.(42) The prices for these services vary. Listed price in 2001 for Verizon Call Intercept service as described on its website was $5 per month. The cost for Caller ID with Name was an additional $7.50 per month. - Answering machines and voice mail have long been used to screen calls. A 1997 survey found that about 3 in 4 households had answering machines. The firm that conducted the survey took special note of the role of answering machines in avoiding telemarketing calls, describing the answering machine as particularly “valuable in screening out those annoying telemarketing calls that we all like to avoid, as well as capturing those calls and messages that we don’t want to miss.”(43) Answering machines can also serve another purpose in protecting consumers. State securities regulators consider answering machines to be the consumers’ best weapon in the fight against telemarketers selling fraudulent investment schemes.(44) The advice is a reminder that not all telemarketers offer legal products and services. - Another product expressly and exclusively aimed at telemarketers is EZ Hangup by Zenith. This telephone accessory allows a the user to hang up on an unwanted sales call and press a button to play a recording rejecting the call and asking to be removed from a calling list. The product lists for around $25.00.(45) - Verizon, like other telephone companies, offers customers several ways to keep telephone numbers private. Customers can pay for non-listed numbers (not in the telephone directory but listed for directory assistance) or non-published numbers (not in the directory or directory assistance). Each service has a monthly charge.(46) A 1995 study found that 31.5% of households had unlisted or unpublished numbers. In some communities, the percentage exceeds 60%.(47) Another estimate is that a quarter of households pay an average of $1.50 a month to be unlisted. The total cost to (41) <http://www.qwest.com/pcat/for_home/product/1,1354,431_1_8,00.html>. (42) <http://www22.verizon.com/ForYourHome/SAS/ProdDesc.asp?ID=6063&state=P1>. (43) Decision Analyst, Inc., More Households Using Answering Machines (Press Release, October 15, 1997) <http://www.decisionanalyst.com/publ_data/1997/ansmachi.htm>. (44) ABP News, Regulators: Answering Machines Can Foil Telemarketing Fraud, (Oct. 17, 1999) <http://www.apbnews.com/safetycenter/business/1999/10/17/securitiesfraud1017_01.html>. (45) Full Life Products, EZ Hangup <http://www.superproducts.com/anti-telemarketing/ez/index.htm>. (46) <http://www.opc-dc.gov/bdcrates.html>. (47) Brad Edmonson, Unlisted America, American Demographics (June 1995) <http://www.demographics.com/publications/ Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective 41 telephone subscribers for these privacy-protecting services is more than $400 million a year.(48) Techniques to avoid telemarketing are not practices only for those who are especially privacy sensitive. Anti-telemarketing techniques are a recognized activity recommended by governments and other mainstream organizations as a way of protecting privacy and avoiding unwanted calls. A consumer guide published by the Commonwealth of Massachusetts advises consumers to register for all do-not-call lists, to consider having an unlisted number, to avoid disclosures through contests, surveys, and sweepstakes, to use blocking technology to avoid disclosing a telephone number when making a call, and to screen calls with an answering machine.(49) Consumers spend time and money to avoid telemarketing calls. Even an individual with a casual objection to telemarketing could spend a considerable sum on equipment or monthly charges. These represent costs that consumers pay because they are unable to control how their personal information is used and disclosed. Some telephone capabilities, such as answering machines, voice mail, and unlisted numbers serve other goals beyond the protection of privacy. A fair cost accounting would allocate only some of the expense to privacy protection and some to other objectives. Nevertheless, the telephone costs consumers incur for privacy reasons are significant. Society faces other consequences when consumers are forced to act in their personal interest to keep their telephone numbers secret. Telephone directories help to make the telephone network inclusive, efficient, and useful. When large percentages of the population have unlisted numbers because of concern about misuse, every telephone directory user suffers from the lack of an effective, interconnected universal telephone system. D. Identity Theft Identity theft occurs when an individual appropriates another’s name, address, Social Security number, or other identifying information to commit fraud. Identity thieves may use consumers’ identifying information to open new credit card accounts, take out loans, or steal funds from existing checking, savings, or investment accounts.(50) The financial and emotional harm to victims of identity theft is significant ad/95_ad/9506_ad/AD767.htm>. (48) Jay Chris Robbins, Phone Book “Non-Service”Dials up Huge Profit (Jan. 14, 2000) <http://tampabay.bcentral.com/tampabay/stories/2000/01/17/editorial3.html>. (49) A Massachusetts Consumer Guide: Stopping Junk Mail, Phone Calls, And Email <http://www.state.ma.us/consumer/pubs/stopjunk.htm>. (50) Testimony of David Medine, Associate Director for Credit Practices, Bureau of Consumer Protection, Federal Trade Commission, before the Subcommittee on Technology, Terrorism and Government Information, Senate Committee On The Judiciary (May 20, 1998) <http://www.ftc.gov/os/1998/9805/identhef.htm>. 42 Da costo a risorsa - Attività produttive e protezione dei dati personali and long lasting.(51) It can take years of hard work and hundreds or thousands of dollars in out-of-pocket expense to remove all vestiges of identify theft from a victim’s record.(52) In the interim, a victim may be unable to obtain a job, purchase a car, or qualify for a mortgage.(53) The number of victims is hard to measure, but some estimate that the numbers range into the hundreds of thousands annually in the United States.(54) - The costs to financial institutions are also significant. Definitional problems and lack of data make it difficult to estimate costs with precision, but the losses appear to be measured in the hundreds of millions of dollars.(55) Consumers may ultimately pay for many of these losses through higher prices and higher interest rates. Identity theft also undermines consumer confidence in the credit system and the Internet, deterring the growth of electronic commerce.(56) - Identity theft mushroomed in the 1990s. It may not be a coincidence that the growth of identity theft roughly parallels the growth of the Internet. Personal information is available from many commercial and public sources on the Internet. The widespread availability of consumer data makes it easier for criminals to engage in identity theft. Identity theft occurs for many reasons, and the routine trafficking in personal data is a contributing cause. Several independent studies support the relationship between personal data availability and identity theft. In a 1998 report, the General Accounting Office said that “[m]any of the officials we contacted said that Internet growth, which enhances the availability and accessibility of personal identifying information, obviously creates greater risks or opportunities for criminal activity, including identity fraud.”(57) Industry argues that the availability of personal data helps to reduce fraud.(58) This is undoubtedly true to some extent. Yet the vast amount of consumer data avail(51) Id. (52) The Identity Theft Resource Center reports that, on average, victims spend 175 hours and $808 in out-of-pocket expenses to clear their names <http://www.idtheftcenter.org/html/facts_and_statistics.htm>. (53) General Accounting Office, Identity Fraud: Information on Prevalence, Cost, and Internet Impact Is Limited at 4 (GAOGGD-98-100BR) (1998) [hereinafter cited as GAO Identity Fraud]. (54) See id at 24-41 (discussing information sources and lack of comprehensive national statistics). The Identity Theft Resource Center estimates that there were 700,000 to 1.1 million victims in 2001. <http://www.idtheftcenter.org/html/ facts_and_statistics.htm>. (55) GAO Identity Fraud at 4. (56) See, e.g., National Fraud Center, National Fraud Center White Paper Says Internet Driving Dramatic Increase in Identity Theft - Balanced Approach Required to Address Issue (Press Release, March 16, 2000) <http://www.nationalfraud.com/pressrelease/IDTheft.htm>. (57) GAO Identity Fraud at 4. See also National Fraud Center, Inc., Identity Theft: Authentication As A Solution (2000) <http://www.nationalfraud.com/identity%20theft%203.13.htm>. (58) Ernst & Young, Customer Benefits of Information Integration by Financial Services Companies 5 (2000) <http://www.privacyalliance.org/resources/research.shtml>. The survey of Financial Services Roundtable members found that 63% of respondents Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective 43 able today to credit grantors has not stopped the growth of identity theft. The value of more data as a protection against identity theft is limited. At the same time, extensive and largely unregulated trafficking in personal data – typically without consumer knowledge or consent – makes it easier for some identity thieves to operate. Privacy laws that would give individuals more control over the use and disclosure of their personal information have potential to limit identity theft.(59) Stronger security protections might also protect against misuse of personal data. The lack of protections thus appears to contribute to identity theft. More importantly, activities that individuals take on their own initiative to protect against identity theft impose costs that can be attributed in significant part to the absence of privacy protections. Some companies profit by selling personal information to detect or avoid fraud. At the same time, they also sell personal data that may be used directly or indirectly to support identity theft. These companies profit from both sides. Now the same companies seek to profit in a third way as well. The companies want consumers to pay to protect themselves against identity theft. An example comes from a recent Equifax press release about a Credit Watch service that costs $39.95 a year. The service promises to “quickly detect possible identity theft and minimize its potentially devastating consequences.”(60) Costs incurred by individuals who are afraid of being victims of identity theft represent costs that result from the lack of adequate privacy protections. The New York State Attorney General is one of many authorities suggesting that consumers buy a copy of their credit report each year.(61) For a family with two adults, the cost is $51 a year to buy reports from three credit bureaus. Better privacy protections for personal data might lessen the risks, reduce the need for monitoring credit reports, or provide equivalent data directly to consumers at no cost to them. The Federal Trade Commission suggests that consumers take other actions to protect their information.(62) These include exercising opt-out rights, such as prescreening for credit offers. This strategy can have only limited benefits. Many comthought that restrictions on information sharing included in the Gramm-Leach-Bliley (GLB) law would restrict their ability to detect fraud. A second question found that 79% thought that potential new restrictions on information sharing would restrict their ability to detect fraud. The second question left the nature of any information restrictions to the imagination of the respondent. Even so, 21% did not see a connection between information restrictions and ability to detect fraud. In a survey designed to elicit positive responses to these questions, the presence of a sizeable minority view may be more telling than the opinion of the majority. (59) The same point could be made that privacy laws would limit telemarketing fraud and other forms of consumer fraud that benefit from the ready availability of personal information. (60) Equifax, Inc., Equifax Credit Watch Provides Early Warning Of Identity Theft To Consumers (Press Release 4/10/01) <http://www.equifax.com/press_room/press_releases2001/2001_04_10.html>. (61) <http://www.oag.state.ny.us/consumer/tips/identity_theft.html>. (62) <http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm#risk>. 44 Da costo a risorsa - Attività produttive e protezione dei dati personali panies that traffic in personal information do not notify data subjects that their records are being sold, do not allow consumers to opt-out, or allow narrow opt-out choices. The number of telephone calls and letters required for a family that elects all available opt-outs is uncertain, but it could be measured in the dozens. The time, trouble, and expense of opting out are costs that consumers incur. A recent development is the offering of insurance to protect individuals against losses due to identity theft and to provide reimbursement of expenses incurred to deal with the consequences of being an identity theft victim. For example, one policy offers to reimburse up to four weeks lost wages resulting from dealing with fraud. This policy costs $85 per year for coverage of $10,000.(63) IV. Challenges in Assessments of Privacy Costs and Benefits Assessing privacy costs and benefits in a formal way is difficult anywhere. An assessment in the United States is even harder because of the widespread lack of consensus about nearly everything relating to privacy. What follows is a discussion of some of the problems for any privacy cost benefit analysis. A. Baseline When assessing costs or benefits of a privacy rule, it is important to establish a baseline from which to measure the actual or likely effect of a rule.(64) A rule that prohibits conduct that no one engages in will likely have no direct costs. A rule that requires conduct that is already common practice will have little marginal cost. It is difficult to determine a baseline because of the great variation in privacy practices in the United States. For example, it is increasingly common for major American commercial websites to maintain a privacy policy. Legislation requiring the adoption of online privacy policies would have a smaller cost because some websites are already be in compliance. The Gramm-Leach-Bliley law that requires financial institutions to adopt limited privacy protections offers an interesting example. Financial institutions covered by the law must give customers the right to opt-out of data sharing with nonaffiliated third parties.(65) A cost is associated with implementing this requirement. However, some financial institutions never shared customer data with third parties. The reasons for not sharing vary. Some companies would not benefit from data sharing, (63) Travelers Insurance <http://www.travelerspc.com/personal/theft/?>. (64) See Peter Swire, New Study Substantially Overstates Costs of Internet Privacy Protections (May 9, 2001) <http://www.osu.edu/units/law/swire1/hahn.doc>. (65) 15 U.S.C. §6802. Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective 45 some may be avoiding adverse customer reaction, and others may be more protective of customer privacy. For these companies, the cost of administering an opt-out program is zero. Another example comes from the Video Privacy Protection Act,(66) a law that limits the disclosure of videotape rental or sale records for marketing and other purposes. The law was enacted at a time when the video rental industry did not routinely sell detailed customer data. The effect of the law was to prevent the development of commercial practices that would have negatively affected the privacy of customers. If the law had associated costs, they were probably minor. However, had the law also covered the rental or sale of magazine subscribers, the costs would have been much greater because magazine publishers make extensive use of their lists. B. Identifying and Valuing Benefits Identifying benefits from privacy rules and quantifying the benefits is difficult whether the benefits accrue to record keepers or record subjects. A recent attempt by the US Department of Health and Human Services (HHS) at assessing privacy costs and benefits for a health privacy rule may be one of the most comprehensive and independent attempts to determine both the costs and benefits of privacy regulation. HHS found a lack of data, models, or empirical studies that provide credible measures of benefits for record subjects.(67) HHS summarized some of the difficulties in valuing confidentiality in health care: There are important societal benefits associated with improving health information privacy. Confidentiality is an important component of trust between patients and providers, and some studies indicate that a lack of privacy may deter patients from obtaining preventive care and treatment. For these reasons, traditional approaches to estimating the value of a commodity cannot fully capture the value of personal privacy. It may be difficult for individuals to assign value to privacy protection because most individuals view personal privacy as a right. Therefore, the benefits of the proposed regulation are impossible to estimate based on the market value of health information alone. However, it is possible to evaluate some of the benefits that may accrue to individuals as a result of proposed regulation, and these benefits, alone, suggest that the regulation is warranted. Added to these benefits is the intangible value of privacy, the security that individuals feel when personal information is kept confidential. This benefit is very real and very significant but there are no reliable means of measuring dollar value of such benefit.(68) (66) 18 U.S.C. §2710. (67) Final Rule, Standards for Privacy of Individually Identifiable Health Information, 65 Federal Register 82461, 82776 (Dec. 28, 2000). (68) Id. (footnote omitted). 46 Da costo a risorsa - Attività produttive e protezione dei dati personali HHS offered examples of benefits for which it was able to assign a monetary benefit. The analysis began with evidence that fears about disclosure of health information dissuades some individuals from seeking treatment. Consequences of postponing treatment include preventable spreading of infectious diseases, reduction in the quality of life, and lost wages that might have been avoided if people sought early treatment of cancer and other diseases.(69) For cancer alone, HHS calculated that encouraging people to seek early cancer treatment through enhanced privacy protections could save $1.6 billion in lost wages. The specificity of the calculation is not especially convincing, but it is believable that there would be some benefit. Even if HHS’s lost wage number were accurate, its relevance is not entirely clear. Wages lost by one worker might be paid to another so the systemic effect might be less than the calculation suggests. On the other hand, a healthier workforce produces benefits for employers through lower health insurance costs and greater productivity. Another benefit may be lower health care costs from early treatment. Whether secondary and tertiary effects of privacy protection can be measured or should be counted in a cost-benefit analysis is uncertain. C. Identifying and Valuing Record Keeper Costs In the United States, the quantification of privacy costs and benefits has rarely been undertaken in any systematic or objective manner. Some examples illustrate the point. The Congressional Budget Office of the US Congress estimates the cost of bills passed by congressional committees. In recent years, CBO prepared cost estimates for several bills with privacy implications. Not all privacy bills impose costs on the private sector, so not all CBO estimates address private sector costs. However, for estimates that included costs for the private sector, CBO has not been able to offer firm privacy cost estimates. At best, CBO estimates include a general discussion of the types of costs that the bills might entail. The consistent inability of CBO to provide more detailed cost estimates strongly suggests the lack of any meaningful privacy cost methodology.(70) CBO has no obligation to attempt to calculate the benefits of legislation for secondary beneficiaries. In promulgating its health privacy rule, the US Department of Health and Human Services attempted to assess the costs and benefits of the rule in a systematic (69) Id. at 82776-79. (70) See, e.g., Congressional Budget Estimate, Cost Estimate for S. 2201, Online Personal Privacy Act (June 18, 2002) <http://www.cbo.gov/showdoc.cfm?index=3549&sequence=0>; Cost Estimate for H.R. 4585, Medical Financial Privacy Protection Act (July 14, 2000) <http://www.cbo.gov/showdoc.cfm?index=2249&sequence=0>; Cost Estimate for H.R. 4857, Social Security Number Privacy and Identity Theft Prevention Act of 2000 (Oct. 6, 2000) <http://www.cbo.gov/showdoc.cfm?index=2583&sequence=0>. Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective 47 way.(71) The detailed cost estimates generally reviewed each of the rule’s requirements, identified the employees who would carry out their responsibility, determined their average wage, and calculated the cost. The attempt is instructive, but of limited relevance to a comparable analysis of commercial activities that involve the sale, rental, and sharing of personal data for profit. Significant parts of the health care system in the United States are governmental or non-commercial. In addition, many health care activities are governed by ethical rules that protect the confidentiality of health data and prohibit commercial exploitation of the data. As part of the American political debate about privacy, elements of the business community have offered a series of commissioned “studies” written or sponsored by the Financial Services Roundtable, the Direct Marketing Association, the Association for Competitive Technology, and others.(72) The cost of privacy is a legitimate issue, but the studies and the conclusions drawn from them have serious flaws, poor definitions, and questionable methodology. Some criticisms of these studies can be found elsewhere.(73) V. Conclusion Like many other human endeavors, the protection of privacy imposes costs and produces benefits. Both costs and benefits are relevant to decisions to impose privacy rules on record keepers. One problem is defining the scope of privacy. If privacy is viewed solely as an individual right, the identification and calculation of benefits will be determined in one way. If, however, privacy is viewed as a common good,(74) the process and the result will be different. Definitions matter to a cost-benefit analysis. In the privacy arena, agreement on definitions is unlikely, but it may be possible to agree on some elements relevant to costs and benefits. A second problem involves consequential effects. If a lack of privacy dissuades individuals from seeking medical treatment, how many of the consequences of that lack of treatment count in the calculation? If privacy laws limit direct mail solicitations of customers so that direct mail sales diminish but other sales increase, does the calculation consider only the losses and not the gains? If privacy laws create new industries,(75) do the resulting jobs and profits count as benefits or costs? Should (71) Final Rule, Standards for Privacy of Individually Identifiable Health Information, 65 Federal Register 82461, 8275982779 (Dec. 28, 2000). (72) Many of these papers are available at <http://www.privacyalliance.org/resources/research.shtml> or at <http://www.bbbonline.org/UnderstandingPrivacy/library/whitepapers.asp>. (73) See, e.g., Privacy, Consumers, and Costs. (74) See, e.g., Priscilla M. Regan, Legislating Privacy: Technology, Social Values, and Public Policy 214-243 (1995). (75) See, e.g., Call Compliance, a company that provides tools for telemarketers to ensure regulatory compliance with donot-call lists. <www.callcompliance.com>. 48 Da costo a risorsa - Attività produttive e protezione dei dati personali these secondary and tertiary effects be included? A third problem involves the best way to share costs and benefits. If privacy protections impose costs on record keepers and the absence of privacy protections imposes costs on record subjects, then a reasonable inquiry is who can and should bear the costs most efficiently and most fairly. From a societal perspective, it may be more efficient to ask record keepers to bear some costs because the collective expenditure is less than the expenditures that individuals incur to protect their own privacy. On the other side, if the number of individuals interested in privacy protections is small, it may be more efficient for those individuals to bear some of the costs. A fourth problem that complicates international comparisons of privacy costs and benefits involves the baseline. Privacy law and personal data processing vary considerably between the United States and Europe. A privacy rule could have minimal effect in Europe because it does not change existing policies or practices greatly. In the United States, the same rule could force a major change in practices for a much larger range of commercial activities. In the United States so date, discussions of privacy costs have been mostly driven by political considerations. Privacy benefits are rarely considered. Participants in privacy debates have not agreed on any terms or framework for a fair assessment of the costs, and no formal assessment of the benefits has been undertaken. Without agreement on terms and methodology, American debates over privacy costs and benefits are likely to remain unenlightening. Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective 49 The Impact of the Different Regulatory Models in the World Scenario George Radwanski (1) I’m very happy to be able to participate in a conference on the advantages to business of respecting privacy. That’s a subject about which I speak frequently to business audiences in Canada. It is my firm belief that respect for the privacy of customers and employees is a fundamental element of competitive advantage for businesses. It’s also a great pleasure to be at a conference hosted by the Italian Data Protection Commission, which is headed by one of the most respected Data Protection Commissioners on the international stage, Dr. Stefano Rodota. You here in Italy are very lucky to have privacy and data protection in such capable hands. That is of the greatest importance, because privacy is a fundamental human right, recognized as such by the United Nations. Privacy is often described as the right from which all our other freedoms flow—freedom of speech, freedom of association, freedom of thought, virtually any freedom you can name. As Justice Gérard La Forest of the Supreme Court of Canada has written, “privacy is at the heart of liberty in a modern state.” To me, that’s almost self-evident: How can we be truly free if our every move can be watched, our every activity known, our every preference monitored? Privacy lets us live as free individuals. It means we have a right to a private sphere of thought and action that is our own business, and no one else’s. It means that we don’t have to go through life with persons unknown watching over our shoulderswatching and assessing every move, every purchase, and every human interaction. And privacy is more than a fundamental human right. It’s also an innate human need. When you go home at night, you probably close the curtains. It’s not that you’re trying to hide something. You just instinctively need your privacy, your freedom from being observed. If you’re on a bus or a plane, and someone starts reading over your shoulder, you probably feel uncomfortable. What you’re reading isn’t secret; it’s just that your privacy is being invaded. If you’ve ever had your home or even your car broken into, you’ll know that the sense of intrusion, of having your privacy violated, can be even more painful than the loss of whatever was stolen. And yet, almost every day, in some new and creative way, that innate human need, that fundamental human right–the right to privacy–is being chipped away. (1) Privacy Commissioner of Canada 50 Da costo a risorsa - Attività produttive e protezione dei dati personali Individuals have the sense that businesses and governments have more curiosity about them than ever before. Every day someone wants more information about them. Every day someone has some new use for their personal information, or some new way of collecting it without their consent. That thirst for personal information has become almost insatiable, and the pressures on privacy almost overwhelming, since the terrorist attacks of last year in the U.S. While this is primarily a business conference, it is difficult to talk of privacy and the need to protect it without referring to this broader context. As many of you will know, since September 11, 2001, Dr. Rodotà has been very much a leader in the ongoing struggle to protect and enhance privacy while ensuring security. I’m very proud to be alongside him in that struggle. It’s certainly the most difficult privacy challenge facing us all right now. The essence of the problem is that privacy is not an absolute right. All of us involved in privacy protection acknowledge that fact. We all accept that there may be a need for privacy-invasive measures to meet the kinds of security threats our world is facing. But these choices must be made calmly, carefully and case by case. The burden of proof must always be on those who suggest that some new intrusion or limitation on privacy is needed in the name of security. In Canada, I have suggested that any such proposed measure must meet a fourpart test. It must be demonstrably necessary to meet some specific need. It must be demonstrably likely to be effective–in other words, it must be likely to actually make us significantly safer, not just make us feel safer. The intrusion on privacy must be proportional to the security benefit to be derived. And it must be demonstrable that no other, less privacy-intrusive, measure would suffice to achieve the same purpose. Necessity, effectiveness, proportionality, and lack of a less privacy-invasive alternative–that’s the test that I believe can allow us to take all appropriate measures to enhance security, without unduly sacrificing privacy. Compared to the threat that governments pose to privacy, the risks of private businesses collecting, using, and disclosing and our personal information may seem minor. But they should not be underestimated. The threat may be less dramatic, but the fact is that a vast amount of our personal information finds its way into the hands of private businesses. Of course, it’s perfectly understandable why businesses want personal information. They depend on it. In an increasingly competitive globalized marketplace, they rely on personal information to identify and stay in touch with their customers. They want to use it to seek out new customers who might be interested in their products. They want to find out what the market is looking for and what it G e o r g e R a d w a n s k i - T h e I m p a c t o f t h e D i f f e r e n t Re g u l a t o r y M o d e l s i n t h e Wo r l d S c e n a r i o 51 will bear. And they want information about their employees, so that they can administer benefits and ensure a safe and productive workplace. Getting that personal information, and using it, in ways that don’t offend the fundamental human right of privacy–that’s the challenge for modern businesses. And they have to rise to that challenge, or they will alienate their workforces and drive away their customers. This challenge is complicated by the fact that people more than ever insist on control over their personal information. In a world where so much is taken out of our control, one of the few things that people still feel that they can control is their personal information. So they’re sensitive on the subject of businesses collecting it. They want to know what happens to it and how it’s used when they deal with businesses. When businesses don’t respect our rights, it strikes at our sense of control over our lives. And people respond very, very negatively to that. Let me give you a couple of examples from Canada. Air Canada, our major airline, operates a program called Aeroplan, where people earn and redeem “points” every time they fly on Air Canada planes or do business with partners in the program. Some six million people participate. In June 2001, Aeroplan sent 60,000 of them–about one per cent–a brochure called “All about your privacy.” That brochure caused Aeroplan a lot of problems. It didn’t communicate clearly, simply, in plain language what Aeroplan would do with members’ personal information. It was vague about what information was to be shared, with whom, and for what purpose. It appeared to say that potentially highly sensitive information about personal and professional interests, use of products and services, and financial status would be shared. Members could opt out, by indicating each situation where they did not want their information shared, and then mailing the brochure back to Aeroplan. If they didn’t opt out, Aeroplan would consider them to have consented. Not surprisingly, members objected when they received Aeroplan’s brochure. In fact, my Office was flooded with e-mails from people objecting. As a result of the overwhelming public interest, I had to publicly state my own concerns about the program. That didn’t make things pleasant for the people at Aeroplan. The good news is that my Office was able to work with Aeroplan to remedy the situation. It was a painful lesson for them. In spite of all their efforts to ensure that they were respecting privacy, they fell down on this very basic requirement–the requirement to communicate their practices clearly to their members and get their informed consent. 52 Da costo a risorsa - Attività produttive e protezione dei dati personali A similar situation happened with Canada Post, the public sector corporation responsible for moving the mail in Canada. It offers a change of address service, for a fee, if people want their mail redirected from their old address to their new one. That’s a useful service, but with a significant privacy price-tag. The problem was that, unless people had read the fine print, they wouldn’t know that Canada Post did more with their names and addresses than just redirect their mail. It sold their new addresses, and the buyers included list brokers, mass mailers, and direct marketers. So when they moved to their new addresses and asked Canada Post to redirect their mail, they would get their mail, alright–and they’d also get marketing brochures, junk mail, and telephone solicitations. To avoid this, they had to opt out in writing. When this came to light, the public was utterly indignant. As had been the case with Air Canada, corporate good sense prevailed. Canada Post moved to make the process more transparent and switch to a system of opt-in consent. These are the types of incidents than can plague a company that is not respectful of privacy. People are getting angrier and angrier. They want control over their personal information, including, and maybe especially, when it’s connected with their financial transactions. Think about what it means for a company that’s seeking a competitive edge, if its customers perceive it as careless about privacy. And you have to ask yourself: what are some of these companies thinking? What use is a mailing list made up of names of people who may very well not want to be marketed to? Why would any marketer want a list like that? Organizations collect and analyze personal information to find out who is going to want their products and promotions. The key to that is getting people’s solid, affirmative consent to the use of their personal information. If people don’t trust businesses, if they see businesses twisting consent or unjustifiably inferring it, they’ll undermine the system. They’ll refuse to give information, or give false information. They’ll inundate companies with complaints. They’ll reject things that might be of benefit to them, out of sheer anger and frustration and resentment. And they’ll look for competitors who do respect their privacy. That, to my mind, is the largest single reason why respecting privacy is less and less regarded as a business cost. Smart businesses are coming to see that respecting privacy is a key element of good customer relations–and that makes it a key element of competitive advantage. And what, fundamentally, is respect for privacy? In the business world, it’s really nothing more complicated than respect for the golden rule–do unto others as G e o r g e R a d w a n s k i - T h e I m p a c t o f t h e D i f f e r e n t Re g u l a t o r y M o d e l s i n t h e Wo r l d S c e n a r i o 53 you would have them do unto you. It’s not an abstract legal concept. It’s simple consideration, respect, and courtesy–the essence of a good relationship with your customers and employees. Of course, protecting privacy is more than just a wise business move. And privacy is more than just an individual right. Privacy is a public good. It goes to the heart of decisions that people make collectively about how they want to live as a society. That’s why privacy and data protection legislation are so fundamental to the fabric of our societies. In Canada, we’ve had privacy protection in the public sector since 1983. The Privacy Act puts important limits on the Federal government’s ability to collect, use, and disclose information about Canadians. It gives Canadians the right to see what information federal government institutions hold about them. And it gives me, as Privacy Commissioner, broad powers to initiate and investigate complaints and audit compliance. Most of our provinces have followed the example of the federal government, and enacted similar laws applying to their public sectors. But for a long time Canadians have been concerned about privacy in their dealings with the private sector, too. Computer networking, sophisticated surveillance technologies, commercial trade in customer information, and the explosive growth of the Internet have heightened their concerns. That’s why, over the past fifteen years or so, Canada has worked on developing privacy protection that will apply to the private sector. In 1984, we adopted the OECD’s Guidelines for the Protection of Privacy and Transborder Flows of Personal Data. The Canadian Standards Association, with representatives from business, government, labour, and consumer groups, used the OECD Guidelines as the starting point for a model privacy code for the private sector. The Code was completed in 1996, and incorporated by the government into the Personal Information Protection and Electronic Documents Act, which came into effect in January, 2001. This law strikes a balance between the legitimate information needs of the private sector and the fundamental privacy rights of individuals. It has been able to achieve that balance partly because the Canadian Standards Association’s Code on which it is based was the result of a consultative, cooperative process. The Act incorporates provisions that are common to data protection laws around the world—the requirement for consent to collection, use, or disclosure of personal information; the requirement that personal information collected for one purpose not be used or disclosed for other purposes without consent; the right of individuals to see the personal information that an organization holds about them and to correct inaccuracies; oversight, through me and my office, to ensure that the law is respected, and redress if people’s rights are violated. 54 Da costo a risorsa - Attività produttive e protezione dei dati personali In addition, the Act contains a very important provision that is not always found in data protection laws. Even with consent, an organization can only collect, use, or disclose information for purposes that a reasonable person would consider appropriate under the circumstances. That provision– “the reasonable person test” as it’s known–is what makes the Act a true privacy protection statute, rather than just a code of fair information practices. It’s particularly important in situations like employment, where there’s a power imbalance between an individual and an organization that wants to collect, use, or disclose his or her personal information. The organization can’t use its greater bargaining power to coerce the individual to consent. It has to be able to justify what it wants to do, and show that it’s reasonable. Of course, what’s reasonable varies from one situation to another. Video surveillance of employees in a diamond polishing operation, for example, might be reasonable. But it’s not likely to be reasonable in an insurance company–whether or not employees consent to it. The Act applies at the moment to industries that, under the constitution, are the responsibility of the federal government–primarily banks, airlines, telecommunications companies, broadcasters, and transportation companies. It also applies to personal information held by any organization if it’s sold, leased, or bartered across provincial or national boundaries. Beginning in January 2004, the Act will apply across the board–to all personal information collected, used, or disclosed in the course of commercial activities by all private sector organizations–except where provinces have passed their own privacy legislation. At that point, we’ll have seamless privacy protection in Canada. As I’m sure you’re aware, Canada’s privacy law is one of the few outside the European Union that the EU considers adequate to protect the personal information of its citizens. Last December, the European Commission recognised that the Act meets the demands of the EU’s Data Protection Directive and provides adequate protection for personal information transferred from the EU to Canada. This is a major step forward for Canada. It’s an important element in the competitive strength of Canadian businesses. But when I say that, in fact I’m selling privacy a little short. As important as it is to affirm that good privacy is good business, it’s not enough. Privacy is much, much more. Privacy is a fundamental human right, and it’s the safeguarding of that fundamental right that is the real achievement of our privacy laws, in your country as in mine. G e o r g e R a d w a n s k i - T h e I m p a c t o f t h e D i f f e r e n t Re g u l a t o r y M o d e l s i n t h e Wo r l d S c e n a r i o 55 And so, when businesses respect the privacy of their customers and employees, yes, they are improving their own competitive position. Yes, they are demonstrating consideration and courtesy and basic respect. But they are doing much more. When businesses respect privacy, they are enhancing individual autonomy, and advancing the cause of freedom and human dignity. That is what privacy really means. This presents businesses, not with a burden, but with an opportunity, a duty and a challenge. It is an opportunity, a duty and a challenge that I’m sure the Italian business community, with the help of my esteemed colleague Dr. Rodotà, will be able and eager to meet. 56 Da costo a risorsa - Attività produttive e protezione dei dati personali Diritti fondamentali e libertà di iniziativa economica Giovanni Buttarelli (1) Il dibattito giuridico sul rapporto che intercorre tra la libertà di iniziativa economica e i suoi limiti sembra datato e aver perso di attualità. Ho voluto però sfiorare questo tema perché vi ho trovato elementi utili per la Conferenza. Prenderò spunto dal contesto italiano, cercando di globalizzare alcune riflessioni e di tener presenti le problematiche del mercato interno europeo e dei flussi internazionali di dati. L’art. 41 della Costituzione italiana afferma che l’iniziativa economica privata è “libera” e non deve svolgersi in contrasto con l’“utilità sociale” o recando danno alla libertà e alla dignità umana. Qualcuno ha sostenuto che l ‘iniziativa economica privata dovrebbe perseguire non tanto il fine particolare del singolo operatore di mercato, quanto una “funzione sociale” ed essere pertanto orientata a conseguire i beni dell’utilità sociale e della dignità umana. In alcuni casi la Corte costituzionale ha interpretato l’espressione “utilità sociale”, ma non è stata enucleata una nozione generale e unitaria. “Utilità sociale” è anzi un concetto indeterminato e in costante evoluzione, da adattare ai tempi, al punto che Massimo Severo Giannini ritenne che l’art. 41 non sia tra le disposizioni più “perspicue” della nostra Costituzione. Una cosa è più chiara: dietro le espressioni “utilità sociale” e “dignità umana” vi sono non tanto singoli beni individuali dell’uomo quanto i valori costitutivi della soggettività umana e della personalità, che sono inscindibili. In norme di questo tipo, anche in altri Paesi, abbiamo quindi una garanzia unitaria dei diritti e delle libertà fondamentali della persona e non di singoli suoi frammenti. Non siamo oggi qui per sostenere il primato dell’intervento pubblico sul principio di libertà imprenditoriale. Del resto, diritti e libertà fondamentali della persona vanno rispettati “a monte” da chi esercita un diritto di libertà quale quello di iniziativa economica (che è anch’ esso tutelato costituzionalmente, ma che non è agevolmente riconducibile ai “principi fondamentali” della prima parte della Carta costituzionale). In platea sono rappresentate molte imprese. Permettetemi quindi di assicurarvi che non intendiamo chiedervi di non perseguire un fine di profitto, di divenire “be(1) Garante per la protezione dei dati personali Giovanni Buttarelli - Diritti fondamentali e libertà di iniziativa economica 57 nefattori” della privacy e di prestare un servizio sociale per il quale dovreste essere a questo punto remunerati. Il profitto può essere però perseguito in una dimensione nuova. Il mercato non è solo un luogo di scambi, di produzione e lavoro. È anche un contesto in cui bilanciare valori e interessi in nome del principio del rispetto. Questo bilanciamento di interessi non dovrebbe essere fatto solo ex post, con norme di legge sulla privacy che “correggano” un’attività economica che si svolge già da tempo. Il bilanciamento dovrebbe invece far parte dell’esperienza quotidiana dell’operatore economico. Non è però configurabile una piena autodisciplina del mercato. Quando si tocca la sfera più intima della persona (come in questa materia), la formula dello “Stato minimo” non è facilmente utilizzabile nel mercato. Si potrebbe obiettare (prendendo in prestito le parole di Luigi Einaudi) che il mercato soddisfa “domande”, non “bisogni”. Si potrebbe però replicare che esiste anche un’esigenza di soddisfare bisogni che non si esprimono in domande aventi i requisiti richiesti dal mercato: e che ciò accade proprio per i diritti della personalità, i quali non sono nati per essere commercializzati. Questo è ancor più vero in tempi di globalizzazione, nei quali, in assenza di una disciplina come quella europea attuale sulla privacy, avremmo corso il rischio di globalizzare una lex mercatoria, a svantaggio dei diritti della persona. In passato, gli interessi che ruotano attorno alla privacy non hanno trovato nel mercato una loro conciliazione spontanea. Questo spiega come le leggi sulla privacy abbiano cercato di non lasciare il cittadino al giuoco del mercato, affermando ad esempio il principio di proporzionalità nel trattamento dei dati il quale prevale sulla logica del consenso dell’interessato. Le diverse decisioni adottate in Europa negli ultimi due anni in tema di flussi transfrontalieri di dati, e i recenti approfondimenti in atto a Bruxelles a proposito delle garanzie che le imprese possono offrire attraverso binding corporate rules, dimostrano lo sforzo dei c.d. watchdog europei della privacy di tener conto delle nuove sfide del mercato interno europeo, alla luce del Trattato di Amsterdam, e di una corretta competizione su scala Mondiale: è l’impegno che 27 Paesi hanno preso nel 2000 con la “Carta di Venezia” sottoscritta dalle rispettive autorità garanti della privacy. Ora che le regole sulla privacy si sono in parte armonizzate nel mondo, e si basano meno sugli adempimenti formali, guardando alla sostanza della tutela e favorendo la combinazione flessibile di diversi strumenti di regolamentazione (compresa la deontologia), è giunto il momento in cui l’impresa può guardare alla privacy in modo nuovo e non più come controparte. A mano a mano che cresce l’integrazione nella Società dell’Informazione sale il trend secondo il quale il rispetto della privacy è sentito da ampi strati di popolazione 58 Da costo a risorsa - Attività produttive e protezione dei dati personali informata è non più da ristrette elite. In una ricerca del 2001 Alan Westin individua in una quota alta (63% del campione intervistato, rispetto al 55% nel 1990) coloro che hanno una buona percezione del rischio privacy e sono quindi disponibili a permettere il trattamento di informazioni personali in cambio di servizi personalizzati, offerte e sconti solo se soddisfatti del grado di correttezza con cui queste informazioni sono trattate. Un restante 25% di campione viene ironicamente definito da Westin come composto di privacy fundamentalists, mentre la percentuale dei privacy unconcerned scende dal 20% del 1990 al 12%, appunto, del 2001. Ripetuto il sondaggio a novembre del 2001, dopo i gravi fatti dell’ 11 settembre, il numero dei privacy fundamentalists è salito al 34%, quelli dei privacy unconcerned è sceso all’ 8% (quello dei semplicemente “pragmatici” scende conseguentemente dal 63% a1 58 %). Siamo al punto più alto di evoluzione di idee, regole, dispositivi e procedure per rendere sicura la custodia dei dati personali. Ma siamo anche ad un punto in cui, mai come ora, si sono create le condizioni per condizionare contestualmente e negativamente i diritti della personalità di milioni di persone sull’intero pianeta. Vorremmo non accettare passivamente l’idea secondo cui l’integrazione in rete delle persone comporta un’inevitabile compressione della loro riservatezza. Al contrario, sulla base dell’esperienza alle nostre spalle - che comincia a farsi lunga - pensiamo che sia maturo il momento per un’ennesima svolta nella disciplina della privacy. Abbiamo attraversato due o tre generazioni di regole basate (la prima) sulla presenza di pochi elaboratori e su freni alla loro interconnessione, (la seconda) sulla tendenza delle leggi a dettagliare i principi di privacy in molti settori e (la terza) sulla semplificazione di adempimenti non vitali per concentrare l’attenzione sulle garanzie sostanziali, sulle privacy enhancing technologies e sui privacy audits. Cosa ci aspettiamo dalla privacy di quarta generazione ? Una combinazione di strumenti giuridici diversi, ma, anzitutto una privacy condivisa, una privacy orientata spontaneamente al rispetto della persona, concepita come una trave portante e non come un fardello. Non può essere altrimenti: i casi e le occasioni in cui numerosi cittadini sono coinvolti sono infiniti e siamo di fronte ad una vera e propria questione di massa. La semplice prospettiva di un passaggio dal marketing invasivo al permission marketing appare già modesta e insufficiente ancor prima di essersi affermata nel mercato. Vi chiediamo di scrivere assieme una ben altra pagina nella protezione dei dati, nella quale l’impresa assicuri un grado elevato ai diritti della persona per effetto di un nuovo sentire. Giovanni Buttarelli - Diritti fondamentali e libertà di iniziativa economica 59 Una pagina nella quale dovrebbe essere il mercato stesso, prima che il legislatore, a confinare nella patologia i casi in cui la privacy è assicurata solo quando interviene un reclamo, una richiesta di risarcimento del danno o una sanzione. Vi chiediamo di scrivere questa pagina sfruttando quel connotato propulsivo e creativo che è insito in ogni attività imprenditoriale. Il vostro mestiere è combinare i fattori della produzione per creare nuova ricchezza: usate meglio l’ingrediente privacy. Dobbiamo tutti rivalutare il valore della manifestazione di volontà dell’interessato, non banalizzarla o addirittura commercializzarla in cambio di sconti e gadget. Occorre soddisfare la legittima aspirazione di tutti gli utenti ad utilizzare di più la rete, ad essere curiosi nella navigazione e ad avere differenti gradi di solitudine e di socializzazione, senza essere per tutto ciò penalizzati. Chi tratta dati personali non ha di fronte oggetti, ma persone. Che sensazione vi darebbe accorgervi all’uscita di un centro commerciale che vi era stato attaccato alla schiena un cartello che indicava, di minuto in minuto, la lista dei negozi visitati, l’elenco dei prodotti guardati e acquistati, il tempo speso davanti ad una vetrina; sapere che questo cartello è stato copiato, vostro malgrado, da altri che vi hanno poi aggiunto altre considerazioni, valutazioni e notizie che vi riguardano? Penso che anche se vi sentiste perfetti sconosciuti nel centro commerciale non apprezzereste tutto ciò. Eppure è questo che accade in rete, dove è come se milioni di uomini sandwich fossero masticati da una minoranza che ingenera rassegnazione circa la possibilità di decidere se e come indossare quel cartello, cosa scriverci e a chi farlo eventualmente vedere. Se è vero che l’iniziativa economica ha come suo pendant il fattore-rischio dobbiamo anche essere più consapevoli che cresce il rischio di infortuni, contrazioni di mercato e di sostanziali fallimenti proprio a causa di erronee valutazioni del fattore privacy. Con le diverse clausole contrattuali-tipo sul trasferimento dei dati all’estero sono state valorizzate le garanzie per le persone fornite su base contrattuale: quante imprese, però, se ne avvalgono? Noi possiamo raccogliere ancora una volta la vostra domanda di avere regole certe, chiare e di facile applicazione. Lo vorremmo fare con la vostra collaborazione, visto che con la nuova generazione di codici deontologici potete costruire voi stessi alcune regole per stabilire quando un trattamento è legalmente lecito e corretto. Va raccolta anche la domanda di valutare preventivamente e in modo più approfondito l’impatto della disciplina della privacy: lo possiamo fare subito utilizzando meglio, in tutti i Paesi, lo stesso strumento delle audizioni e delle consultazioni pubbliche. 60 Da costo a risorsa - Attività produttive e protezione dei dati personali Adottando nuove best practices in materia di privacy vi rimarrebbe egualmente un ragionevole margine di utile economico e di convenienza ad iniziare e proseguire un’attività che si basi sull’utilizzo di dati personali. Così come, dopo 1’11 settembre dello scorso anno, abbiamo coniugato lo slogan “privacy e sicurezza non sono in antitesi” possiamo azzardarci a pensare che la privacy è compatibile con il profitto, anzi, che può essere un volano per il profitto. Basti pensare - per puro esempio - ai risparmi che le società che offrono servizi di telecomunicazione possono trarre nel non conservare per svariati anni miliardi e miliardi di dati di traffico telefonico. Può darsi che siano utili alcuni audit interni all’azienda, la formazione professionale, investimenti nella ricerca di tecnologie pulite, come pure certi meccanismi di certificazione. Assai più utile risulterebbe anche una prassi diffusa di studio dell’impatto sulla privacy, prima del lancio di un nuovo prodotto o servizio o di una metodologia di lavoro interna all’azienda. Occorre maggiore attenzione ai profili sostanziali della tutela, anziché solo agli adempimenti formali. Le risorse impiegate per la privacy customer satisfaction non sono mal utilizzate, specie a medio-lungo termine. Lo potranno dimostrare le riflessioni di questi due giorni sul danno all’immagine dell’impresa, sui costi derivanti da contenziosi, procedure amministrative e sanzionatorie, dal clima negativo che può determinarsi in azienda a seguito di un controllo occhiuto dell’uso del p.c., dalla ridotta fiducia del consumatore sulla correttezza dell’impresa, sulla sicurezza della rete e sui mille tranelli della democrazia elettronica. È di poche ore fa la notizia della seconda sentenza italiana di risarcimento del danno, successiva alla legge sulla privacy del 1996, che obbliga uno sportello bancario a rifondere circa 40 mila euro - determinati forfettariamente - a causa del solo dubbio che alcune informazioni pregiudizievoli custodite distrattamente presso uno sportello bancario siano state sbirciate dal pubblico in fila. Non è detto che una privacy più soft di quella che teorizziamo avvantaggi l’impresa: l’inchiesta sullo spamming di cui ha dato notizia lo scorso settembre il mensile italiano “Happy Web” ci dice ad esempio che nel 2001 solo le aziende italiane hanno speso ben 10 milioni di euro in connessione per scaricare dai propri computer la “spazzatura elettronica”. Ci dice che con questo trend, entro tre anni, saranno oltre 14 mila le spam e-mail che ciascun utente italiano riceverà in un anno. Alla domanda: “chi paga i costi di un elevato livello di privacy?”, ovvero “quanta parte dei costi ricade sul consumatore-utente?”, possiamo comunque replicare che con questa eventuale quota contributiva l’interessato si sottrae comunque ad una situazione deteriore. Potremmo infine chiederci perché mai, nel groviglio delle esenzioni, rottamazio- Giovanni Buttarelli - Diritti fondamentali e libertà di iniziativa economica 61 ni, detrazioni e sconti fiscali per le imprese non vi sia spazio per qualche incentivo per documentate iniziative, quanto meno di ricerca o di formazione professionale. Non pensiamo solo al dilemma divulgare dati “si”- divulgare dati “no”. Guardiamo anche ai benefici che l’impresa può trarre dalla circolazione di notizie esatte, pertinenti e aggiornate, private del “rumore” di un eccesso di notizie esuberanti. Riflettiamo anche, anche in sede pubblica, su altri nodi, ad esempio su alcuni riflessi negativi sulla privacy che possono derivare da interventi pubblici, pur doverosi, a tutela della concorrenza nel mercato. A questo punto l’avrete intuito: non siamo qui per nascondere o sottovalutare il tema “costi”. Che ci siano “costi” in questa materia lo riconosce espressamente la direttiva europea-madre sulla privacy, come pure, per implicito, la legge italiana in materia che, riguardo alle misure tecniche di sicurezza, sposa l’idea che è sensato obbligare le imprese a spendere in misure di sicurezza solo se tali misure, benché costose, sono al top dell’ evoluzione tecnologica. Stime incontrovertibili sui costi non sono disponibili e sono rapportate al genere di attività svolta e alle relative modalità, dal Paese in considerazione. Vanno infine storicizzate in base alle regole di volta in volta vigenti. Uno studio dell’Aston Business School del 1994 di stima dell’impatto della direttiva europea del 1995 ridimensionava le preoccupazioni formulate in ambienti privati. Successive stime hanno quantificato tali costi nel 2% circa della spesa complessiva edp. Quel che vogliamo verificare con voi è il margine di ricavo che deriva dai costi: quanto, cioè, si può essere ripagati dalla singolare opportunità che viene da questa necessità di tutelare diritti e libertà fondamentali. Sembra avere compreso questa opportunità la società EarthLink, nell’esperienza che Ann Cavoukian e Tyler J.Hamilton sintetizzano nel recente volume “Privacy PayOff ” di cui sembriamo oggi, mi rendo conto, mandanti. Ancor più sembra comprenderlo l’RBC Financial Group, istituzione finanziaria canadese, secondo i cui studi interni il tasso di privacy assicurato dal Gruppo contribuirebbe già oggi, nella misura del 7%, alle scelte del consumatore e, sempre per il 7%, al valore aggiunto dell’ organizzazione, sicché la banca stima già al 14% il contributo che la privacy può dare al marchio RBC. Per iniziare, non è poco. 62 Da costo a risorsa - Attività produttive e protezione dei dati personali Fundamental Rights and Freedom of Enterprise Giovanni Buttarelli (1) The debate among legal scholars concerning the relationship between freedom of enterprise and its limitations would appear to be outdated and no longer current in scope. Still, I decided to deal with this issue because I found that one could get some useful clues in respect of the Conference topics. I will start from the Italian situation and then expand the scope of my considerations to also take account of the issues related to Europe’s internal market and international data flows. Under Article 41 of Italy’s Constitution, freedom of enterprise by private entities is “free” and must not be carried out so as to be in conflict with “common good” or else in a way that may harm human freedom and dignity. It has been maintained that private economic enterprise should pursue not so much the individual market operator’s purpose, but rather a “common purpose” and therefore be focussed on achieving common good and human dignity. In a few cases, the Constitutional Court has provided its interpretation of “common good”, however no general, unified concept has been developed. In fact, “common good” is an indefinite, continuously evolving concept, to be adjusted depending on the specific circumstances, so much so that Massimo Severo Giannini believed that Article 41 was not to be regarded as one of the most “perspicuous” provisions of our Constitution. One thing can be said with a greater degree of certainty: terms such as “common good” and “human dignity” refer not so much to individual human goods, as to the fundamental values of human subjectivity and personality – which should not be kept separate. Therefore, provisions of this kind can afford, also in other countries, unified safeguards for fundamental human rights and freedoms rather than for individual components of such rights and freedoms. Our purpose today is not to argue for the primacy of public intervention over freedom of enterprise. Indeed, fundamental human rights and freedoms should be respected “a priori” by any entity exercising freedom of economic enterprise rights – such rights being also protected by the Constitution, although they cannot be easily traced back to the “fundamental principles” laid down in the first part of our Constitutional Charter. There are several representatives from major businesses in the audience today. (1) Italian Data Protection Authority Giovanni Buttarelli - Fundamental Rights and Freedom of Enterprise 63 Let me assure you that we are not going to ask you not to pursue gain in your activities – to become privacy “benefactors” and deliver social services, for which you should then be entitled to wages. However, you might pursue gain within a different framework. The market is not merely a place to exchange, produce and process goods. It also provides the framework within which to balance values and interests for the sake of respect. This balancing of interests should not be only performed ex post, i.e. by means of privacy laws that bring about “corrections” in respect of long-standing economic activities. Rather, such balancing should be a part of economic operators’ daily experience. However, market self-regulation is not a feasible option. If you have to do with the most intimate sphere of a person’s life – as is the case here - , the “minimum State” approach cannot be easily applied to the market. One might argue – by quoting Luigi Einaudi – that market can meet “demands” rather than “needs”. A possible objection to this argument would be that it is also necessary to meet needs that are not reflected by demands with the qualifications required by market – and that this is the case exactly with personal rights, which have not arisen with a view to their being marketed. This is even more so in the age of globalisation: indeed, we would have run the risk of globalising a lex mercatoria and jeopardising personal rights if no regulations applying to privacy had been devised such as those currently existing in Europe. In the past, the interests related to privacy could not be reconciled autonomously on the market. This accounts for the attempt made by privacy legislation to prevent citizens from being left a prey to market dynamics – for instance, by laying down the proportionality principle in processing personal data, which can override the data subject’s consent. The decisions adopted in Europe during the past two years concerning transborder data flows as well as the ongoing debate in Brussels regarding the safeguards that businesses can provide by means of binding corporate clauses testify to the effort made by the so-called European privacy watchdogs to take account of the new challenges posed by the European internal market in the light of Amsterdam Treaty, as well as of a fair competition strategy at world level. This is the commitment undertaken by 27 countries in 2000 with the “Charter of Venice”, which was adopted by the respective data protection supervisory authorities. Now that privacy rules have been partly harmonised at global level and are less related to compliance with bureaucratic requirements - being focussed on the substantive components of the relevant safeguards and encouraging a flexible mix of the different regulatory instruments, including codes of practice – it is high time for businesses to 64 Da costo a risorsa - Attività produttive e protezione dei dati personali view privacy in a new perspective, i.e. no longer as their counterpart. With the increased integration into the Information Society there is an upward trend in the appreciation of the need to respect privacy – which is shared by a considerable portion of the public opinion rather than by a small group of experts. According to a 2001 survey carried out by Prof. Alan Westin, over 63% of the respondents (compared with 55% of 1990) had a good perception of privacy risks and were ready to allow processing of their personal data in exchange for customised services, offers and discounts only if they were satisfied that their data would be processed in a fair manner. A further 25% of the respondents were ironically termed “privacy fundamentalists” by Prof. Westin, whilst the percentage of “privacy unconcerned” fell from 20% of 1990 to 12% of 2001. When this survey was repeated in November 2001, after the 9/11 events, the percentage of “privacy fundamentalists” rose to 34% whilst privacy unconcerned made up only 8% of the sample and “pragmatists” fell consequently from 63% to 58%. We have attained a peak level in the development of concepts, rules, provisions and procedures to achieve secure personal data retention. However, we are also faced with an unprecedented situation, providing the opportunity to simultaneously jeopardise the personal rights of millions of people all over the world. We would not like to passively acquiesce in the concept according to which network integration of individuals inevitably entails limitations on individuals’ privacy. In fact, based on our – by now long-term – experience, we think it is high time that a new page should be turned in the history of privacy regulations. We have gone through two or three generations of rules that were focussed firstly on the presence of very few computers and the imposition of limitations on their interconnection, secondly on the legislative trend to detail privacy principles as applying to several sectors, and thirdly, on simplification of non-essential requirements and the attempt at highlighting basic safeguards including privacy enhancing technologies and privacy audits. What shall we expect from fourth-generation privacy rules? That they are made up of a mix of different legal instruments – however, we would expect that privacy regulations could be shared, could be spontaneously focussed on respect for individuals, could be considered a pillar rather than a burden. There is no possible alternative: there are endless cases involving citizens, so much so that a veritable public issue is arising. The mere shift from invasive to permission marketing would appear to provide a modest, insufficient response even apart from its actual implementation on the market. We would like you to write, jointly with us, a totally different chapter in the history of data protection – in which businesses do ensure a high level of protection Giovanni Buttarelli - Fundamental Rights and Freedom of Enterprise 65 for personal rights because of their taking a new stance. In this chapter, it should be market itself, rather than the law, that marks the cases in which privacy is only ensured following either a complaint, a claim for damages or a fine with the brand of abnormality. We would like you to write this chapter by taking advantage of the propelling force and the creative spirit that are inherent in all entrepreneurial activities. You are masters in combining production factors to create value: why not use the privacy ingredient better? We should all re-consider the value of the manifestation of a data subject’s will – without turning it into a trivial circumstance, or maybe bartering it for discounts and gadgets. It is necessary to fulfil users’ legitimate expectations to use the Net more, navigate following their curiosity and be able to choose among different degrees of isolation and socialisation – without being in any way disadvantaged. In processing personal data you are dealing with people rather than with objects. How would you feel if you realized on leaving a shopping mall that a plate had been tagged to your back in which the list of the shops you visited, the products you had examined and purchased and the time spent before each shop-window were duly noted minute by minute, and if you knew that this plate had been copied against your will by others, who might have added further considerations, judgments and information concerning yourself? I think that you would not be happy with all this, even though you felt that nobody knew you within the shopping mall. Still, this is what happens on the Net, where it is as if millions of sandwich men were chewed by a minority that breeds resignation to the impossibility of deciding whether and how to carry that plate, what should be written on it and who could possibly have a look at it. If it is a fact that economic enterprise is fraught with risk, one should also be aware of the fact that the risk of accidents, market contraction and failure is actually increased by misjudging the privacy factor. The standard contractual clauses for transborder data flows have enhanced the value of safeguards for individuals based on contractual agreements – however, how many businesses are actually making use of these clauses? Again, we are ready to meet your demand for clear-cut, definite, easy-to-apply rules. We would like to do so with your co-operation, since the new generation of codes of practice can allow you to set forth rules in order to assess whether processing operations are lawful and fair. It is also necessary to take account of the request to assess the privacy impact in advance more precisely; this can be done by making a better use, in all countries, 66 Da costo a risorsa - Attività produttive e protezione dei dati personali of hearings and public consultation. If you adopt new best practices applying to privacy you could still count on a reasonable profit margin in starting and maintaining an activity based on the use of personal data. After the 9/11 events, we chose to pursue the principle that “privacy and security are not in conflict”; by the same token, we may now be as daring as to say that privacy is compatible with profit – indeed, it can become a profit lever. Only think, for instance, of the cost reduction that can be achieved by TLC companies if they are not required to store billions of telephone traffic data for several years. Perhaps certain internal audit mechanisms, vocational training, and investments to develop non-polluting technologies as well as certification initiatives are useful for the above purposes. However, the widespread practice of assessing the privacy impact prior to launching a new product or service or implementing a new production method inside a business would be probably more useful. Greater attention is to be paid to substantive safeguards rather than to merely formal requirements. The resources deployed for privacy customer satisfaction purposes are not used improperly, especially in the medium to long term. This will be shown by the considerations made during these two days concerning the harm to business image, the costs resulting from litigation, administrative and sanctioning procedures, the negative effects that may be produced inside a business by intrusive controls over the use made of PCs and by consumers’ low confidence in business fairness, network security and the tricky procedures of electronic democracy. The news of the second decision by an Italian court awarding damages pursuant to the DPA of 1996 was broadcast a few hours ago. In this case, a bank agency will have to pay about 40,000 euros as a lump sum on account of the mere possibility that some sensitive information kept negligently at a bank counter may have been glimpsed by other customers waiting to be served. It is by no means certain that a softer privacy approach will be beneficial for businesses. Indeed, based on the findings of a spamming survey that was carried out by an Italian journal last September, it appears that over 10 million euros were spent by Italian businesses in 2001 to download “electronic garbage” on their own computers. Based on this trend, there will be over 14,000 spam e-mails received yearly by each Italian user within three years. If you ask “who pays the costs of a high privacy level?” or maybe “what portion of the costs is to be borne by users-consumers?”, the answer should be that by paying this possible contribution data subjects can anyhow escape a definitely worse situation. Finally, one might wonder why there should not be the possibility to support initiatives undertaken by businesses – at least as regards research activities and/or Giovanni Buttarelli - Fundamental Rights and Freedom of Enterprise 67 vocational training in this sector – given the jumble of exemptions, end-of-life incentives, deductions and tax reductions that have been devised for businesses. We should not only think of the disclosure/non-disclosure dilemma as regards personal data. We should also consider the advantages for businesses resulting from circulation of accurate, relevant, updated information without the “noise” caused by excess data. Public bodies should perhaps consider other issues, such as the possible negative effects produced on privacy by public measures that are taken to safeguard market competition. As you may have already guessed, it is not our intention to downplay or underestimate the “costs” issue. That there are “costs” involved in dealing with this subject matter, it is expressly acknowledged by the European privacy directive as well as – implicitly – by the Italian DP Act. Indeed, as regards technical security measures, our Act supports the view that it is sensible to oblige businesses to invest in implementing such measures - expensive though they may be – only if they are based on state-of-the-art technology. There is no such thing as an unquestionable cost estimate, and anyhow such estimates are dependent on the features of the activity that is carried out and the relevant arrangements as well as on the country considered. Moreover, they must be placed in the relevant context based on the rules that apply to the specific case. According to a survey carried out by the Aston Business School in 1994 to estimate the impact of the 1995 privacy directive, the concerns raised by private entities were excessive. Subsequent surveys put the relevant costs at about 2% of the overall EDP expenditure. We would like to assess, with your help, the profit margin resulting from costs – i.e., how much one can benefit from the peculiar opportunity provided by the need to protect fundamental rights and freedoms. This is what has been apparently realised by EarthLink, as described by Ann Cavoukian and Tyler J. Hamilton in their recently published book on the “Privacy PayOff ” – which actually would seem to have been commissioned by us here. The RBC Financial Group, a Canadian financial group, would appear to have realised this if possible to a greater extent. Based on their in-house surveys, the privacy rate afforded by the Group is said to contribute by 7% to the decisions made by consumers, and by another 7% to the Group’s added value – therefore, the contribution provided by privacy to the RBC trademark is estimated to already total 14%. This is really not too bad as a start. 68 Da costo a risorsa - Attività produttive e protezione dei dati personali The Effectiveness of Privacy Protection in Economic Systems Orson Swindle (1) General Opening Good Morning. Thank you, Mr. Rasi. And, let me also thank Professor Rodotá and the Italian Garante for the invitation to participate in this important privacy dialogue. In particular, I want to commend the conference’s review of privacy protection in the context of: - consumer expectations, - costs and benefits to businesses and governments, - and effects on economies and the global marketplace. Disclaimer/FTC I am one of five Commissioners at the Federal Trade Commission. So as I begin, let me explain that my remarks today are my own. They do not necessarily represent the views of the Federal Trade Commission or of any other individual Commissioner. Road Map of My Remarks My remarks today will principally focus on our experience at the Federal Trade Commission in helping to shape privacy protection in the marketplace through the use of: - our enforcement authority against unfair or deceptive acts or practices in or affecting commerce; and - our education and outreach to consumers and businesses. At the FTC, our experience supports the notion that effective privacy protection is best ensured by focusing enforcement action against the misuse of information and the harmful consequences of such misuse. Let me suggest a premise for consideration: effective privacy practices are good for business; the free flow of information is good for consumers. Or said another way by a Member of the US Congress: - “The ideas that privacy can actually be good for business and that infor(1) Commissioner, US Federal Trade Commission Orson Swindle - The Effectiveness of Privacy Protection in Economic Systems 69 mation sharing can actually be good for consumers are the “two dirty little secrets” of the privacy issue.” [Representative Diana DeGette (D-Colorado)] Information Economy What are consumer’s privacy expectations in an Information Economy? - There is no question that consumers are deeply concerned about the privacy of their personal information. - And, there is no question that a lot of information is being collected and exchanged offline and online in a networked environment where we are all increasingly interconnected. - While consumers want the conveniences, services and product choices that are made possible through new mediums and information technologies, there are questions about how consumer information is being used and who is using it. These are questions of importance to Americans, and we know that they are concerns for individuals, businesses, and governments around the world. For this reason, consumer privacy and consumer information security are two of the Federal Trade Commission’s highest priorities. FTC’s Framework For Analyzing Privacy Issues Let me begin by describing to you the framework we use to analyze privacy issues. - The availability of information confers many benefits in our informationdriven economy. - The miracle of instant credit helps to drive the American economy - and at automobile dealerships, it allows Americans to drive away in new car - Consumers can shop online 24 hours a day/7 days a week. - These are benefits that consumers want and enjoy. - At the same time, consumers are clearly concerned about their privacy. - We believe that what consumers are most concerned about is that their information, once collected, may be misused in ways that harm them or disrupt their daily lives. - These kinds of negative consequences drive consumer concerns about privacy. - At the FTC, we think the most important part of any privacy agenda is stopping or minimizing the kinds of practices that can cause those negative consequences. Consumers want protection from: 70 Da costo a risorsa - Attività produttive e protezione dei dati personali physical consequences - Consumers want to restrict availability of personal information, particularly for safety reasons [potential harm to children, stalking]; • economic consequences - Consumers fear harmful economic consequences ranging from improper denial of credit, even a job, or, in extreme circumstances, identity theft; and • unwanted intrusions - Consumers have had enough of what I call “nuisance” intrusions to their privacy from activities like unsolicited spam and unwanted telemarketing calls. - Existing laws in the US, which target the need for privacy in different information sectors (financial, children, medical, etc.) areas through an industry sectoral approach, allow us to address harmful consequences and enforce privacy promises. - Our broad enforcement authority under Section 5 of the Federal Trade Commission Act to deter “unfair or deceptive acts or practices in or affecting commerce” assists us in bringing cases that enforce privacy promises made to consumers. This includes the promises made by US companies that self-certify compliance with privacy principles under the US-EU Safe Harbor framework. - So, we focus on the consequences of information use, good or bad. - When there are bad consequences from information uses, we look for ways to correct the problems that may result. We believe that this framework of analyzing privacy issues is highly effective in the United States for: - influencing the expectations and behavior of consumers and businesses in the marketplace, and - representing a pragmatic and efficient use of government resources by directing our enforcement efforts at the misuse of personal information that can actually cause harm to consumers. • The FTC Privacy Agenda In October 2001, FTC Chairman Timothy Muris announced an ambitious privacy agenda that focused on vigorous enforcement of US laws and privacy promises to consumers. We have doubled the number of staff dedicated to privacy enforcement and have brought major cases and educational efforts forward. During the past year, - More than 30 cases were brought or settled, involving privacy and securi- Orson Swindle - The Effectiveness of Privacy Protection in Economic Systems 71 ty, children’s online privacy protection, pretexting, the Fair Credit Reporting Act, abusive telemarketing practices, and spam. - There are ongoing efforts to stop identity theft through collecting and analyzing consumer complaints, criminal referrals, education and training; - We have conducted public workshops on financial privacy notices and security; - There has been activity in rulemakings on telemarketing (pending Telemarketing Sales Rule) and security of financial information;(2) and - We have conducted more than 15 consumer and business education initiatives. We have ambitious plans for this coming year that further emphasize consumer information security, anti-spam efforts, and a federal Do-Not-Call List option for consumers who choose not to receive certain telemarketing contacts. Case Discussion The FTC has placed particular emphasis on the relationship between privacy and security - which are really two sides of the same coin. Both have enormous effects on consumer trust and confidence. Without trust and confidence the full potential of information technology will not be realized. The most recent FTC privacy cases underscore the basic principle that privacy promises are important and must be honored. This is a test. National Research Center for College and University Admissions and American Student List - Last month, we announced settlements with two companies: National Research enter for College and University Admissions and American Student List. These cases involved the offline collection of sensitive personal information from high school students – such as name, date of birth, and religious and ethnic affiliation. (2) The FTC promulgated a “Safeguards Rule” to implement the security requirements set forth in the Gramm-Leach-Bliley Act. The Rule, which becomes effective in May, 2003, requires financial institutions under FTC jurisdiction to secure customer records and information. As part of its plan, each financial institution must: 1. designate one or more employees to coordinate the safeguards; 2. identify and assess the risks to customer information in each relevant area of the company's operation, and evaluate the effectiveness of the current safeguards for controlling these risks; 3. design and implement a safeguards program, and regularly monitor and test it; 4. select appropriate service providers and contract with them to implement safeguards; and 5. evaluate and adjust the program in light of relevant circumstances, including changes in the firm's business arrangements or operations, or the results of testing and monitoring of safeguards. 72 Da costo a risorsa - Attività produttive e protezione dei dati personali - The two companies market a student survey to high school teachers and guidance counselors asking them to administer the survey during class time. the offline collection of sensitive personal information from high school students – such as name, date of birth, and religious and ethnic affiliation. - The two companies market a student survey to high school teachers and guidance counselors asking them to administer the survey during class time. - The privacy statement on the survey claimed that students’ data “is used by colleges, universities and other organizations to assist students and their families by providing them with valuable information.” - While using this information to match students to colleges might benefit students and their parents, regrettably the companies also shared the information with commercial marketers. - Contrary to their claim, substantial funding to finance the survey came from commercial entities, including American Student List, one of the defendants. - As a result of our action, the companies are prohibited from misrepresenting their privacy policy. If they sell the information for any non-educationrelated marketing purpose, they must disclose that fact as well as the types of entities to whom they will sell the information. And, previously-collected information may be used only for education-related purposes. In addition to looking at privacy promises both on and off-line (whatever the medium), we are also focusing great attention on information and network security. The Eli Lilly Case focuses on a firm’s responsibility for the security of information - First, a brief review of what happened in our Eli Lilly case: • The privacy promise: Ely Lilly promised to keep consumers’ information confidential and secure • The privacy problem: Consumers using prescription drugs for depression subscribed to a reminder email service offered at Lilly’s website. - When Eli Lilly terminated the service, the email notifying subscribers revealed the subscribers’ email addresses – over 600 in all. - The reason for the privacy problem was Lilly’s inadequate security - Our complaint alleged that Eli Lilly’s failure to take appropriate steps to ensure the security of consumers’ information – in light of the sensitivity of the information – violated the FTC Act - In Eli Lilly, there was an inadvertent breach that led to the disclosure of sensitive personal information. Orson Swindle - The Effectiveness of Privacy Protection in Economic Systems 73 Consequences can also be “potential” harm, rather than actual or realized harm. In other words, we do not have to wait for a breach to take action. The Microsoft Case focuses on keeping promises and potential harm - The Microsoft Passport System is an online authentication service. Microsoft has 200 million e-mail accounts. It’s Passport Wallet has 2 million accounts. - Microsoft promised that it maintained a high level of security by taking sufficient measures reasonable and appropriate under the circumstances. - To our knowledge, there was no security breach which compromised consumer information. - However, we still alleged Microsoft failed to or could not deliver on its privacy and security promises. - In particular, we alleged that Microsoft did not maintain a high level of security because it failed to have systems in place to prevent or detect unauthorized access; to monitor for potential vulnerabilities; and to record and retain system information sufficient to perform security audits and investigations. - The Remedy: Microsoft must implement an information security program and submit to bi-annual audits by an independent third-party for many the next 20 years. - Besides failing to deliver on its security promises, the Microsoft complaint alleged other privacy violations: • Collection of sign-in history was not disclosed • Microsoft erroneously promised parents that they could control information collected about their children for Kids Passport service. - The FTC’s Order requires Microsoft to institute an information security program that takes into account the sensitivity of the information collected and an ongoing assessment of reasonably foreseeable risks and threats. It also requires Microsoft to comply with its privacy promises. Other Privacy and Security Concerns Deceptive Spam Within the past month, the Federal Trade Commission and 12 federal, state, and local law enforcement and consumer protection agencies announced a fourpart initiative launched to fight deceptive spam. 74 Da costo a risorsa - Attività produttive e protezione dei dati personali - The centerpiece of the initiative is a group of more than 30 law enforcement actions, including three FTC complaints and four settlements with Spammers caught in an FTC sting. In addition, 10 law enforcement agencies signed letters to approximately 100 Spammers warning them that their Spam appeared to be illegal and that action against them could be taken if they continued their fraudulent scams. - Ten agencies participated in the FTC’s “Spam Harvest,” an initiative designed to test which actions consumers take online that put them most at risk for receiving spam. - The initiative also developed consumer education material, including a publication, “E-mail Address Harvesting: How Spammers Reap What You Sow” (http://www.ftc.gov/bcp/menu-internet.htm). This material uses the lessons learned from the Spam Harvest to provide tips to consumers who want to minimize their risk of receiving spam. Consumer and Business Education on Privacy and Information Security Security Workshop and Education Campaign - Last May, we held a public workshop to address consumer information security issues. The workshop discussion highlighted one very important – and timely – point: that good information security is everyone’s responsibility: government, industry, and individual consumers. In addition, failure to implement good information security practices has potentially devastating consequences at all levels of our economy. Culture of Security - Another point that participants emphasized was the role that the FTC should play in educating consumers and businesses in creating a “culture of security.” - The FTC’s Information Security Education Campaign was launched in September. The goal of this campaign is to focus on the critical role information security plays in all sectors of our economy. The campaign comes complete with a dedicated website (www.ftc.gov/infosecurity) and it features our very own: Dewie The e-Turtle (We call this taking a hard shell approach to security). - The website highlights the recently revised OECD Guidelines for the Security of Information Systems and Networks. The FTC led the US delega- Orson Swindle - The Effectiveness of Privacy Protection in Economic Systems 75 tion in the OECD Guidelines review. Our team consisted of the Departments of Commerce, State, Justice and Treasury. We are constantly disseminating information throughout our society about how to practically implement a “culture of security”. Closing The FTC’s framework for approaching privacy issues is to focus on the adverse consequences caused by misrepresentations and misuse of consumer information and to enforce existing US privacy laws to ensure that privacy promises are kept. I believe this approach helps curb market abuses and fosters respect for consumer privacy. We vigorously encourage corporate leadership, investment and innovation to enhance information privacy and security practices. - I firmly believe that the private sector is best equipped, motivated and capable of solving most of our concerns. - I believe a combination of responsible self-regulation, market pressures, an informed public, government encouragement, and vigorous law enforcement is the best path to better solutions rather than burdensome and most likely ineffective government regulation. - Although being an advocate for industry solutions for privacy and security, I never fail to remind industry leaders that,“Either you lead and make responsible information privacy and security practices a part of your corporate culture, or I will assure you there will be an FTC in your future.” In the United States, we see the results of our public and private sector partnership efforts in terms of increased compliance with privacy policies and increased attention to privacy and information security issues on the part of corporate leadership. I believe that in the United States, the best means of protecting consumer privacy without unduly burdening e-commerce (or commerce, in general) has been a combination of (1) consumer awareness, (2) leadership and self-regulation by the private sector, and (3) aggressive government enforcement of existing law. This approach is flexible enough to respond to changes in technology and to the tremendous insights that we are gaining from the continuing dialogue among government, industry, and consumers on privacy issues. To that end, the FTC and I personally have been actively working with industry members, consumer groups, and others to address privacy concerns. A simple truth: Consumers expect privacy protection - and, equally important firms realize that it is to their competitive advantage to respond to consumer expectations. As public awareness of privacy issues has grown, market forces have definitely come into play. For example, last year a Progress and Freedom Foundation study in- 76 Da costo a risorsa - Attività produttive e protezione dei dati personali dicated that the most frequently visited US websites have clearly recognized that information management policies and privacy practices are necessary parts of everyday business on the Internet. In addition, recent years’ progress in the development of privacy protection tools is encouraging. Firms are making significant investments in time, ingenuity, resources, and money to best solve and minimize privacy concerns. These investments and industry leadership and commitment need to continue. I agree with US House of Representatives Energy and Commerce Committee Chairman Billy Tauzin (R-Louisiana), who said that “ … the real and perceived fears surrounding privacy need to be addressed.” “… Before we can have great debates of how to fix the current situation, we must understand the current situation and the constraints we are bound by ... Before we add new law, we must examine the old, as the heavy hand of government often takes a broad swipe when invited in.” This is the approach we have been taking at the FTC. We have increased our enforcement of existing law by using our broad authority to enforce privacy promises made to consumers. At the same time, we are constantly assessing whether there are areas of concern in need of greater enforcement authority. Yet, we have been guarded in approaching the issue of whether broad new privacy legislation is necessary. We must all keep the dialogue going in high-quality and professional forums such as this one in Rome. Working together, domestically and on a cross-border basis, I believe that we can effectively address the misuse of personal information and protect consumers from harm, and at the same time, encourage innovative solutions to meet consumer expectations in the marketplace. Orson Swindle - The Effectiveness of Privacy Protection in Economic Systems 77 Balancing of Interests Amitai Etzioni (1) Before we lay a glove on our individual rights, at the heart of a free society, we must assess the scope and nature of the threats to our safety. These can be readily overstated. Thus, the danger of dirty bombs has been vastly exaggerated; a good part of their exposure can be washed off with soap and water. The bomb’s main effect is panic, which is best curtailed by expanding public education, not by trimming rights. Before we feel cornered by a worldwide conspiracy, we ought to note that very different groups - including Chechnyan freedom fighters, Columbian drug dealers, and Philippine kidnappers - have been spun together into a global terrorist network by the United States. Such overstatements can readily lead us to tolerate unduly repressive policies. Nevertheless, a cautious assessment finds thousands of Islamic extremists openly declaring their intention to harm the free world, especially the Big Satan (the United States); the production of various kinds of weapons of mass destruction by states known to have collaborated with terrorists in the past; and poor control of weapons, including miniature nuclear weapons and biological arms, in former communist countries. All of this calls for stronger safety measures. True, so far nations other than the United States have not been a prime target of Islamic terrorists, but all free countries have good reasons to stand by their major ally and refuse to serve as launching pads for attacks on it, as to some extent, Hamburg and Montreal have been. Nor can a nation assume that it is immune from terrorist attacks, as we witnessed, for instance, when the Armed Islamic Group of Algeria planted a series of bombs in rail stations in France in the mid-1990s. The most welcome new safety measures are those that do not entail curbing rights. These include reinforcing cockpit doors in airplanes, providing pilots with stun guns, and training flight attendants in self-defense, to name just a few. Refusing to allow people who are suspected of being terrorists entry into one’s country violates no rights; obtaining a visa is a privilege a nation accords visitors, not a right anyone commands. Insisting that airlines provide the names of passengers to public authorities before they land is fully acceptable for the same basic reason. Arguably, the same holds for smart cards, in effect, voluntary ID cards, of the kind used in Schiphol airport, which allow vetted travelers to zoom through lines, enabling public authorities to focus their attention on the rest. X-raying containers imported from overseas might well also qualify. (These last two items could raise (1) George Washington University – Usa 78 Da costo a risorsa - Attività produttive e protezione dei dati personali some privacy concerns, if not properly introduced and supervised.) When we must turn to trade-offs between rights and security (which cannot be fully avoided), a mini-max approach should be the guiding principle. Measures that entail a minimum (at worst, a low) level of violation of rights and, at the same time, greatly (at least significantly) enhance our security should be tolerated; measures that provide substantial intrusion and add little safety should be avoided. Those that fall in-between should be introduced only when threats are high and must be particularly closely monitored. Because this principle addresses the core of the question at hand, and the devil of unnecessarily violating rights or not providing essential security lies in the details, several examples are provided using the mini-max criterion just discussed. Note, though, that this is but an illustrative list, and not an exhaustive one. Moreover, one may disagree about the details and yet buy into the minimax criterion. Mass detention (not to mention deportation) of citizens based on their ethnicity or religion, say those of Pakistani origin or all Muslims - the way Japanese Americans were detained during World War II - constitutes a gross violation of the individual rights of many thousands of innocent people, while adding precious little to national security. Questioning hundreds of thousands of immigrants, just because of they are of Arab origin, as the Fbi is doing, has a similar, highly objectionable profile. Cameras in public spaces may be justified, but certainly not keeping records of the movements of one and all, especially if that information is available for users other than those who fight terrorists. Screening the e-mail messages of all citizens to find those of terrorists is another bad case in point, as is indiscriminate analysis of credit card records to look for unusual purchase patterns. In short, treating everyone as if they were terrorists until proven innocent constitutes a maximum violation of rights. Furthermore, these same measures provide little, if any, security. Actually, they may set it back by cluttering the system and draining resources. Similarly, mobilizing all citizens-especially mailmen, taxi drivers, and truckers—to act as the eyes and ears of public authorities may not constitute a technical violation of anyone=s rights, but it will make people suspicious of each other, undermine the social fabric, and flood authorities with useless tips and malicious gossip. It will hide the terrorists needles we need to find in enormous, government-made haystacks. In contrast, roving wiretaps introduced in the Usa Patriot Act meet the criterion of minimum intrusion and make a significant contribution to public safety. Wiretaps of any kind are approved only after public authorities have presented evidence to a magistrate that there is good reason to suspect that a specific person is a terrorist (or other kind of criminal). The level of evidence required is quite high, reflected in the fact that rather few such wiretaps were authorized before 9/11. Indeed, in the U.S. the standards were set so high that Fbi, whose agents were keen to search the Amitai Etzioni - Balancing of Interests 79 computer of Zacarias Moussaoui (believed to be the 20th hijacker), did not even bother to ask for permission. Most damaging to security is that before 9/11, when taps were authorized, they were limited to one specific phone. A new feature that was added after 9/11 is that, if and when permission to tap is granted, it encompasses all of the phones the same suspect uses (hence the term “roving”). Roving wiretaps are still minimally intrusive because they can be used only against those people that authorities have been able to convince a court are suspects, and information gathered inadvertently about others who are overheard must be suppressed. Other new measures that meet the criterion of minimum intrusion and significant contribution to security include improving the cooperation and collaboration between agencies that deal with suspects once they enter a country (MI-5 and the Fbi) and those that follow them overseas (MI-6 and the Cia), modernizing the communications and computer systems of agencies involved in national security, hardening the domes of nuclear plants, and protecting our numerous computer systems from cyber-attacks using various new software and audit trails. In addition, all new measures should be examined to establish whether one could find ways to reduce the conflict between rights and security. For instance, security requires that suspects on trial are prevented from finding out the identity of agents planted in their terrorist cells and those of their own who turned them in, as well as the specific ways information about them was gathered. However, all suspects should be able to choose from a list of lawyers who have security clearance the one they wish to join their defense team. This lawyer could establish whether the claims the government is making are indeed supported by the classified information. To help ensure that all safety measures will be used legitimately, accountability must be expanded as the power of public authorities is increased. Such heightened oversight should not be limited to members of the executive branch of the government, including the Inspector Generals. The staff and oversight powers of select committees of members of Parliament or Congress should be expanded. Barriers that prevent the courts and the fourth estate from doing their job in the name of national security should be particularly carefully scrutinized. If all these layers of accountability act vigorously, excesses - hard to fully avoid - will come to light quickly and will be countered before they become pervasive. Some argue that you simply cannot trust the government. Hence, it is best not to allow the fox into the citizen coop in the first place, rather than try to muzzle it once it is given free range. If one distrusts government that much, one must rush to act to change it, rather than try to prevent it from adopting necessary safety measures. At the same time, it must be noted that the surest way to pave the road for demagogues to usher in a totalitarian government is to prevent free soci- 80 Da costo a risorsa - Attività produttive e protezione dei dati personali eties from taking effective measurements required to provide the people with elementary safety and security. Ultimately, the question of trading rights for safety cannot be addressed outside time and place, disregarding history and society. Thus, one may strongly object to extending the power of an oppressive government, such as that of Singapore, which one reckons is already wildly excessive. At the same time, one may recognize that before 9/11 the United States did not have many of the safety measures that the U.K. introduced following its earlier experiences with I.R.A. terrorists. Or, that after 9/11 the US went way overboard, especially by holding people in detention for indeterminate periods, without charging them with any crimes or according them access to attorneys. Measures that provide what might be called collateral gains are especially welcome. These are measures that make for better government or society-whether or not they work to prevent future terrorist attacks. Training thousands of volunteers to act as “first responders” - to assist firefighters, rescuers, and medical personnel will help cope with natural and manmade disasters. Shoring up the public health system to deal with bioterrorism, developing a more effective public health reporting system, increasing the capacity of emergency rooms, and improving the working conditions of nurses in order to attract more people into the profession are all salutary improvements, even if no additional terrorist attack ever takes place. Last but not least, in this area, as in many others, prevention is the best treatment. Terrorism has many complex causes. Hence, to suggest that the West should work much more to reduce poverty and injustice-forgive the debt of the poorest nations, provide free drugs to those infected with HIV, and quadruple foreign aid - although justified in its own right, will not eliminate terrorism. The same holds for the suggestion that the West should withdraw its support from authoritarian governments. We must be willing to acknowledge that a major reason strongly religious people become terrorists is because they view our free way of life as offensively permissive, morally vacuous, and dedicated to goods instead of God. Nevertheless, an important element of a long term drive to deal with the causes of terrorism must include support by free societies for the forces of reform in nations that breed or support terrorism, for instance in Iran. Engaging nations such as North Korea in trade and encouraging student exchanges and tourism rather than hampering it will work better than hostile isolation. Support for the worldwide movement of women’s rights will appeal to women, especially young ones, in large parts of the Islamic world. In short, the more we bring liberty and individual rights to other people, the more we foster the social, economic, and political conditions in which open, democratic societies may evolve - the less we will have to trade our rights for enhanced safety. Amitai Etzioni - Balancing of Interests 81 La tutela dei dati personali in una realtà multinazionale Umberto Paolucci (1) Vorrei usare il mio tempo essenzialmente su tre punti. Il primo è il momento attuale nel quale il mondo dell’Information Technology si trova. Il secondo è quello che riguarda la necessità di avere un approccio molto interconnesso e globale fra i temi della sicurezza e quello della privacy, che non sono così antitetici come spesso si sente dire. E il terzo è quello della nostra esperienza aziendale. Questi sono i tre temi nei quali vorrei spendere i minuti a mia disposizione. Il momento tecnologico. Un momento nel quale noi possiamo davvero essere molto ottimisti, in ragione della decisione da parte dei grandi fornitori di tecnologia di base di mettersi d’accordo su alcuni standard di rappresentazione dei contenuti della rete, in particolare sull’ uso di Xml e sull’ interoperabilità dei Web services, questi componenti, questi strumenti che permettono al software di lavorare davvero insieme e che permettono ai dati di essere usati in maniera globale, rendendo internet una risorsa programmabile. Quindi non un insieme di tante isole separate: il software di una generazione, di un’azienda, pensato per fare un certo lavoro, viene esteso a lavorare anche con altri software di altre aziende pensati con altri obiettivi. Quindi possiamo ora mettere insieme dei mondi che non erano nati per stare insieme con degli strati di compatibilità che nascono dai Web Services. Questa è una grande promessa che apre uno spazio applicativo enorme. L’hardware sottostante, con il quale noi abbiamo a che fare quando lavoriamo sul software, continua a mantenere la promessa di raddoppio delle prestazioni ogni 18 mesi per quanto riguarda i processori, le memorie. Vi è addirittura un fattore tre per quando riguarda la larghezza di banda, come la fibra che ci arriva in azienda e nelle case, e sempre un fattore 3 anche per quanto riguarda la capacità dei dischi, sempre ogni 18 mesi. Tutta questa gamma raffinata di monitor, di schermi grandissimi che ci avvolgono o piccolissimi che ci portiamo in tasca, con grande capacità di risoluzione. Tutto questo ci dà delle possibilità di creare dei nuovi livelli di semplicità con il software, e questo vuol dire avere del software che ci potrà capire nel nostro modo naturale di esprimerci, nel nostro linguaggio naturale, scritto, parlato un software che ne interpreta le possibili ambiguità e decide il senso più giusto di ogni frase. Il Tablet PC, che è sul mercato da un mese, è un grande passo avanti in questa direzione, mette insieme il mondo della scrittura con il mondo formale del testo, con i caratteri di testo cosi’ come sono gestiti dai computer. (1) Vice Presidente Microsoft Corporation 82 Da costo a risorsa - Attività produttive e protezione dei dati personali Il grande tema dell’usabilità, quindi poter parlare, lavorare con queste macchine in una maniera che ci è connaturale, anche risolvendo problemi di coloro che ne sarebbero esclusi per motivi di handicap, è un obiettivo di cui dobbiamo tenere conto. Gli oggetti che ci portiamo dietro, per esempio questa legge di cui vi parlavo prima di raddoppio delle prestazioni ogni 18 mesi, alla fine fa sì che non ci siano solo macchine potentissime nella fascia alta, ma anche macchine particolarmente raffinate e poco costose nella fascia bassa con componenti di pochi dollari che ci portiamo dietro. Abbiamo così un assortimento di oggettistica la quale finalmente può mantenere la promessa di sincronizzarsi da sé, di andar d’accordo con se stessa: il mio telefono è sincronizzato con il mio pocket pc o con il mio pc e il mio pc è sincronizzato con la rete. Quindi un universo che lavora davvero per noi. Questo è molto pratico e le aziende stanno utilizzando questo sistema per ridisegnarsi, rendendo dei processi che prima erano analogici, cioè basati su passaggi cartacei o su interventi manuali anche di basso livello, a processi digitali, ai quali veramente la tecnologia dà una mano. Questa maggiore pervasività per la tecnologia è positiva: vuol dire grande opportunità, vuol dire maggiori opportunita’ per le persone, vuol dire però maggiore vulnerabilità. Vuol dire un grande rischio. Il rischio è che se le persone non si fidano non possono contare veramente sull’affidabilità degli oggetti con cui hanno a che fare, tutto questo che ho appena finito di descrivere non succede, ci fermiamo per mancanza di trust, di confidence in questo universo che di fatto è complesso e del quale dobbiamo nascondere la complessità quando la presentiamo agli utenti finali. La complessità dobbiamo delegarla al software, non alle persone. I temi di cui vorrei parlare: ho toccato rapidamente lo scenario tecnologico pertinente al nostro lavoro di oggi. Trustworthy computing è l’iniziativa che noi abbiamo definito come grande priorità per noi stessi, noi investiamo quest’anno più di 5 miliardi di dollari nella ricerca e sviluppo, di questi circa il 60% sono dedicati a questi temi, che non sono temi che si possono affrontare alla leggera e sui quali siamo impegnati. Il tema della privacy è certamente un tema di grande rilevanza per noi sul quale siamo molto focalizzati. Il tema della sicurezza, cioè avere dei sistemi che resistono agli attacchi, che sono integri nelle loro componenti, che forniscono i dati solo quando ci devono essere. E l’affidabilità delle tecnologie, dei sistemi, in tutti i loro componenti, perché se una parte è meno affidabile, evidentemente lo è anche il prodotto nel suo insieme. L’affidabilità dei fornitori, quindi di coloro che devono garantire con la loro reputazione, con le loro regole, con la loro presenza su più teatri operativi, su più paesi. Si deve poter garantire la validità di quello che fanno e quando sbagliano devono essere corretti, aiutati, perché quello che stiamo scrivendo adesso non è un libro già scritto, è un libro nuovo nel quale noi vogliamo usare in maniera più Umberto Paolucci - La tutela dei dati personali in una realtà multinazionale 83 aggressiva, a vantaggio della nostra qualità della vita, della qualità del nostro lavoro, le tecnologie che ci sono. Il rischio è di correre troppo, fare degli errori, essere più aggressivi, più ambiziosi. E quindi è giusto che ci sia questa rapporto di collaborazione tra autorità e fornitori di tecnologia, fra industria e istituzioni, per il quale ci si possa reciprocamente dare una mano. Questo è assolutamente benvenuto. Il tema che volevo toccare è dire quello che facciamo noi al nostro interno per garantire il rispetto delle regole di privacy. Noi abbiamo creato un Hand book sulla privacy, che non è un hand book fisico ma è un oggetto che si evolve sulla nostra rete per il nostro personale, per i nostri partner, che definisce i principi non solo ad alto livello, ma che definisce anche i comportamenti in tutta una serie di scenari reali, concreti che si presentano durante il lavoro di diverse tipologie di persone, quindi agli executive, ai manager, alle persone che devono organizzare una campagna di marketing, a coloro che devono gestire dei dati o delle campagne in collaborazione con delle realtà esterne. Quindi definiamo dalle policy, su come i dati vengono gestiti, su quanti devono essere tenuti, su quali sono le regole, anche in rispetto degli accordi come quello che abbiamo sentito citare prima, di fronte ad una serie di scenari. Questo è uno sforzo partito negli Stati Uniti. Come spesso avviene gli input delle multinazionali americane partono dalla casa madre, e noi ci sforziamo, e in parte anche ci riusciamo, di avere davvero una visione più globale fin dall’inizio, tenendo conto di quelle che sono le regole e i principi che valgono in paesi diversi dagli Stati Uniti, dove le regole possono essere diverse dalle nostre. Come voi mi insegnate, sapete che le cose sono molto diverse qui in Europa. Quindi quello che noi qui cerchiamo di fare è di creare una serie di processi, una serie di regole, una serie di paletti, noti alle persone e a quelle che lavorano con noi anche all’esterno, in modo che si possa veramente condividere un patrimonio di conoscenza, in modo di utilizzare al massimo quello che noi possiamo fare e rispettare la responsabilità che abbiamo. E naturalmente quando si danno degli obiettivi bisogna dare anche una metrica per misurare in che modo gli obiettivi sono raggiunti, quindi abbiamo messo sempre sulla nostra rete, a disposizione di tutti, uno strumento che misura la compliance, il grado di rispetto, che è in sostanza un privacy health index, così come abbiamo lo health index per la salute del personale in termine di soddisfazione, di rapporti con i loro capi, di validità degli obiettivi, ne abbiamo uno sugli aspetti della privacy. E vi dico che è un indicatore che ha effetti importanti sulla carriera delle persone, sulla loro retribuzione, sui loro bonus, e sulla loro capacità di farsi allocare del denaro, per la quantità di budget nei progetti che via, via si vengono a proporre. Quindi è uno strumento operativo molto agile che naturalmente cresce, si evolve. Perciò dicevo che non è un book virtuale, che credo debba essere considerato, non voglio dire, una best practice, ma comunque una practice interessante e che 84 Da costo a risorsa - Attività produttive e protezione dei dati personali aziende strutturate anche geograficamente dovrebbero usare in maniera estesa. In realtà a ciascuno viene richiesto di identificarsi, nel suo lavoro e negli scopi che ha per usare l’hand book, quindi identificarsi come posizione, come obiettivi, come scenario applicativo e in funzione di quello, vengono presentate tutte le alternative, tutti i paletti che servono per guidare queste alternative. E in questo senso è importante avere una tassonomia, quindi una serie di termini, di definizioni comuni per la quale non ci sia assolutamente ambiguità. E questa tassonomia nel nostro sforzo per la sicurezza, per l’iniziativa di knowledge transfer di cui parlavo prima, l’abbiamo fatta ovviamente validare, è nata da un lavoro comune con le società di auditing più importanti. Quindi i termini significano delle cose condivise, sulle quali siamo veramente d’accordo. Non posso naturalmente permettermi di insegnare nulla a nessuno in questo contesto. Su questi temi noi abbiamo preso atto delle regole della direttiva del ’95 e per noi è benvenuta e sono benvenuti gli sforzi che vengono fatti nell’evolverla e nell’armonizzarla. L’articolo 29 consigliava la Commissione Europea di creare quelle omogeneità che è importante che ci siano, sia per motivi di principio, che anche per motivi strettamente operativi, legati al lavoro delle aziende che devono ottimizzare ovviamente la loro presenza e le loro regole su paesi diversi. E abbiamo preso atto con piacere dell’accordo che è stato anche prima citato: siamo stati tra i primi tra le grandi corporation ad aderire e siamo molto sensibili sia a quello che viene dagli Stati Uniti che a quello che mano a mano verrà anche in Europa. Cerchiamo di dare anche il nostro contributo di esperienza. Ecco quindi in conclusione la nostra iniziativa su il TWC (Trustworthy Computing) e posso con fermezza dire che la priorità più alta che abbiamo non è solo di fare software, non è di implementare più caratteristiche, più funzioni ma è di far si che le persone possano contare più tranquillamente su queste funzioni. Gli obiettivi sono ambiziosi, intendiamo raggiungere lo stesso livello di affidabilità anche nell’immaginario collettivo di reti ben più mature, di reti per le quali evidentemente, in modo intrinseco, la complessità si ritrova ad essere al centro (es.energia, reti idriche, reti telefoniche), mentre quando si parla dei nostri oggetti, la complessità per definizione, è distribuita alla periferia. Quindi dobbiamo in qualche maniera non delegarla alle persone ma farla gestire dal software. E questo è un obiettivo molto più complicato da raggiungere di quanto non si debba fare con altre tecnologie come l’elettricità per esempio e in qualche misura, anche con il telefono, per lo meno nell’accezione di telefoni più tradizionali. In realtà i telefoni che noi abbiamo, quello che ho io qui, uno Smart Phone, è un computer e quindi mi consente di lavorare via Gprs come se fossi in ufficio. Nel breve il nostro obiettivo è quello di migliorare il progetto delle cose che noi facciamo e che fanno quelli che lavorano insieme a noi, le impostazioni di base, quindi le scelte di default. Puntiamo a far mettere in moto da parte delle azien- Umberto Paolucci - La tutela dei dati personali in una realtà multinazionale 85 de, dei processi, delle procedure semplici, anche da questo punto di vista. Perché noi abbiamo visto, questo è un dato che voglio condividere con voi, che quando ci sono dei guai in una azienda per motivi di virus, per motivi di sicurezza violata in qualche modo, nel 95% dei casi questo nasce dal fatto che il software che esiste, i patch che esistono, le ultime configurazioni disponibili non erano state installate, quindi non c’era bisogno di inventare il prossimo antivirus che non c’era ancora, sarebbe bastato fare quello che si poteva fare. Purtroppo, nostra colpa, il rimanere aggiornati non è sempre così facile, il propagare delle soluzioni che curano dei problemi improvvisi, deve essere più veloce di quando non si propaghino i problemi improvvisi stessi, e quindi dobbiamo fare un lavoro molto significativo dal lato della tecnologia e non possiamo farlo da soli. Nel medio termine, dobbiamo certamente raggiungere questi obiettivi di sistemi che si gestiscono da soli, che si autoconfigurano, si auto-aggiornano sulla rete, che si auto-medicano quando vengono feriti in qualche maniera. E però questo non è facile e soprattutto non è facile, come dire, avere impegni davvero finalizzati sulla ricerca. Perché lo sforzo non può essere fatto solamente dal mondo privato, deve essere fatto anche dal pubblico. Sono felicissimo per il sesto programma quadro anche in Europa e mi auguro che vengano fuori delle acquisizioni concrete. Dobbiamo essere insieme su questa sfida. E il tema, come ho detto, non è quello di fare più cose, ma è quello di farle con maggiore affidabilità. Il contesto è questo: il software che esce, deve essere pensato in termini di sicurezza, di privacy fin dall’inizio, quindi non ci deve essere un’aggiunta dopo, perché qualcosa non funziona come previsto. Testare software, vi segnalo, costa di più che scriverlo. Quindi se il software nasce con rammendi successivi non sarà mai affidabile come è invece giusto che sia. In termini di default, vi spiego rapidamente, significa dare agli utilizzatori, che non si suppone siano particolarmente esperti, degli assetti di macchina, delle scelte standard di configurazione del software, che siano le più protette possibile, che disabilitino le funzioni che sono solamente interessanti e però estendono l’area di vulnerabilità e di attacco. Per coloro che sono più raffinati e più esperti, quindi le opzioni più belle, più ricche, più aperte all’esterno, quindi più attaccabili, devono essere attivate esplicitamente, ma solo da chi se lo può permettere. E il tema di installare livelli adeguati di sicurezza e di privacy nelle funzioni deve essere semplice nella sua mantenibilità nel corso del tempo, altrimenti, come dicevo prima, per esperienza del 95% di aziende che non si mettono a posto, perché è troppo complicato o perché non ci pensano e allora è davvero colpa nostra. E dobbiamo anche metterci d’accordo su come comunicare le cose. Per esempio ci possono essere degli approcci per i quali quando ci si rendere conto che c’è un problema di importanza, per molti, globale, una violazione di sicurezza, di privacy e allora bisogna mettersi d’accordo se, al di là dei circoli ristretti degli addetti dei lavo- 86 Da costo a risorsa - Attività produttive e protezione dei dati personali ri, lo si deve dir subito che c’è questo problema, oppure se lo si deve dire quando si ha una soluzione. Quindi vanno presi certi rischi oppure no. Su questo ci devono essere dei codici molto precisi di allineamento di coloro che hanno la responsabilità della quale prima parlavo. E mi permetto anche di accennare al fatto che abbiamo messo, come azienda, a disposizione un “response center” che per problemi di virus, di sicurezza è disponibile gratuitamente per chiunque, per ogni emergenza e questo è anche un contributo a questo grande obiettivo che penso che tutti quanti condividiamo. Umberto Paolucci - La tutela dei dati personali in una realtà multinazionale 87 Personal Data Protection in a Multinational Framework Umberto Paolucci (1) I would like to use up my time here to deal with three main issues. I would first like to deal with the world of Information Technology and where it currently stands. Secondly, with the need to have a much more interconnected and global approach to the themes of security and privacy, which are not so diametrically opposed, as is often said. And thirdly with my corporation’s experience. A technological era. A time in which we can really be very optimistic in view of the decision made by the major basic technology providers to agree on some netcontents representation standards, in particular on the use of XML and the interoperability of web services, the components and services that have enabled the software to really work together, the data to be used in a global manner, and internet to become a programmable resource. Consequently, not a group made up of many different islands: the software of a generation, of a company, developed to carry out a given task, shall be extended to work with the software of other companies, developed to carry out other objectives. So now, we can put together worlds that were built to be apart, their compatibility arising from the Web Services. This is a substantial promise that paves the way to enormous applicative space. The underlying hardware we deal with when we work on the software, continues to keep its promise of doubling its performance every 18 months with respect to processors and memories. We even have a three factor in respect of the band width, like the fibre we get in our corporations and homes, and a three factor also in respect of disk capacity, always every 18 months. The whole refined range of monitors, the very large screens surrounding us, or the very small ones we carry in our pockets, all have a very high resolution. All this gives us the chance of creating more simple software capable of understanding our natural way of expressing ourselves, our natural language, whether written or oral: a software capable of interpreting possible ambiguities and deciding the more correct meaning of each sentence. Tablet PCs, which have been on the market for one month, are a huge step forward in this direction; they combine the world of writing with the formal world of a text, with text characters as they are handled by computers. As to the major theme of usability, to be able to talk and work with these machines in a way that is natural for us, as well as to solve the problems of those persons who would be excluded in view of their handicaps, are objectives we have to keep account of. As to the handsets we carry along, well, for example the law I (1) Vice President Microsoft Corporation 88 Da costo a risorsa - Attività produttive e protezione dei dati personali was mentioning before on doubling performances every 18 months, in the end has generated a situation in which we both have very powerful high-range sets and especially refined, but rather cheap, low-range sets. The range of machines is so large that it can finally keep its promise of self-synchronisation, of getting along with itself: my phone is synchronised with my PC and my PC is synchronised with the net. So we have a universe that really works for us. It is very practical, and corporations are using this system to reorganise themselves, to replace their analogical procedures - also based on paper or low-level manual work - with digital ones, with the help of technology. This greater pervasiveness is good for technology: it means big opportunities, greater opportunities for people, but also greater vulnerability. It means running a big risk. The risk is that if people do not trust, or cannot really count on, the reliability of the devices they are dealing with, then everything I have just said will not take place; we will come to a standstill for lack of trust and confidence in this actually complex universe; in fact, we have to hide its complexity when we present it to its end users by delegating it to the software instead of the people. So I have quickly dealt with the technological milieu we work in today. Trustworthy computing is an initiative we have been giving great priority to. This year more than 5 billions dollars have been invested in research and development. About 60% of these funds have been dedicated to these themes, which cannot be dealt with light heartedly. I would now like to deal with the theme of “Privacy”, which is of extreme importance to us, and on which we have focused great attention. A system is safe when it can resist attacks, features sound components, and is capable of providing data only when it is supposed to. It implies a trustworthiness in the technologies, the systems and all its components; this is because if just one part is less reliable, then the whole system is too. The trustworthiness of the providers of security is given by their reputation, their rules, their presence in several operative theatres, in several countries. The validity of what they do has to be guaranteed, and when they make a mistake, they have to be corrected, helped, because what we are writing now has not been written before, it’s a new book, where existing technologies can be used in a more aggressive way to improve the quality of life, and work. We run the risk of going too quickly, of making mistakes, of being more too aggressive and ambitious. And so the authorities and the technology providers, the industries and the institutions should co-operate, mutually help each other. This would be absolutely welcome. And now, I would like to deal with the steps taken by my company to ensure compliance with privacy rules. We have developed a privacy handbook, which is not a physical handbook but one developed on the net for our personnel and partners, setting forth both our high-level principles and our approach vis à vis a whole Umberto Paolucci - Personal Data Protection in a Multinational Framework 89 series of real and concrete scenarios we face while working; by “we”, I mean our executives, managers, the staff organising the marketing campaigns or handling data or campaigns in co-operation with external entities. So through our corporate policies, we decide how data is handled, if it is stored, and how to deal with different milieu. This effort was launched in the United States. As is often the case, the inputs of American multinationals come from their parent company, and we try, and in part succeed, to have a global view from the start, keeping account of the rules and principles that apply to countries other than the U.S., where rules can be different from ours. As you know, things are very different here in Europe. So what we are trying to do here is to develop a set of procedures, rules and restraints, to be disseminated to our external workers and the people, with a view to mutually share a heritage of knowledge, and to implement our objectives while complying with our commitments. And, naturally, when you set objectives, you also have to develop a tool capable of gauging their success. For this reason, we have introduced on the net a tool for gauging compliance, i.e. a privacy health index, which is similar to our personnel health index, developed to measure personnel satisfaction, workers’ relations with their bosses, and the validity of objectives. So now we have one on the various aspects of privacy. A personnel health index is an indicator which deeply affects careers, remuneration and bonuses. It also shows personnel capacity to be allotted money for the various projects. Thus it is an agile operational tool, which naturally grows and develops. It is not a virtual book; it should not be considered so much a good practice, as an interesting practice, which world-wide corporations should thoroughly use. Each person has to identify himself, his job, objectives and the reason for using the handbook. Each person then is presented with alternatives and instructions to implement them. In this respect, it is important to have a taxonomy, a number of words or common definitions to do away with ambiguity. Obviously we had this taxonomy validated, in our effort towards security and the knowledge transfer I mentioned before. It was generated by a common effort made together with the more important auditing companies. So the words mean something that is shared by the others, and we really agree on its meaning. Naturally, I cannot afford to teach anything to anyone here. In this respect, we have abided by the rules set forth in the ’95 Directive, and we support them. We also appreciate all the efforts made to develop and harmonise said directive. In Article 29, the European Commission suggests implementing the required approximations both as a matter of principle and for strictly operational reasons linked to the work carried out by corporations to optimise their production and rules in the different countries. We were also happy to acknowledge the agreement mentioned before: we were one of the first major 90 Da costo a risorsa - Attività produttive e protezione dei dati personali corporations to sign such an agreement and we are very sensitive both to what comes form the United States of America and what will gradually also come to Europe. We have also tried to contribute with our expertise. Here then our initiative on Trustworthy Computing, and I can definitely say that our first priority is not only to make software and implement more characteristics and functions, but also to make sure that people can safely count on these functions. Our objectives are ambitious, we want to reach the same level of trustworthiness in the public imagination than far more developed nets have, and in respect of which, evidently, in an intrinsic way, the complexity is at the centre (e.g. electricity, water systems, telephone systems). When dealing with our products, instead, the complexity by definition, is distributed over the periphery. So, in some way we must not delegate it to the people but we have to get the software to deal with it. And it is far more complicated to reach this objective in our field than it is when dealing with other technologies like electricity, for example, and to a certain extent, also the telephone, at least the more traditional one. In fact, the phones we have now, the one I have here today, is a Smart Phone. It is a computer that allows me to work via GPRS as if I were at the office. In short, our objective is to improve the project of the things that we and those working with us make, the basis procedures and default choices. So as to simplify the processes and procedures used by the corporations. We have seen that when a company is in trouble because of a virus and their security has been breached in some way, in 95% of the cases this is due to the fact that the last available configurations have not been installed in the existing software and patch. If they had been installed it would not have been necessary to invent a new anti-virus. It would have been enough for the company to do what could be done. Unfortunately, nostra culpa, it is not always simple to stay updated. The dissemination of the solutions for sudden problems has to be quicker than the dissemination of the sudden problems themselves. Consequently, we have a lot of work ahead of us, and we cannot do it alone. In the average term, we certainly have to reach the objective of self-managing systems, self-configurating, self-updating on the net, and selftreating when they get wounded in some way. However, this is not easy and, in particular, it is not easy to undertake commitments in the field of research. Efforts cannot only be made by the private companies, they also have to be made by the public entities. I am very happy about the sixth draft programme developed in Europe and I hope that something practical will come out of it. We have to meet the challenge together. It is not a question of doing more things, but of making them more trustworthy. In the future, when software is developed, it shall have to be secure and consistent with the privacy rules as from the start. It must not be set right later on, be- Umberto Paolucci - Personal Data Protection in a Multinational Framework 91 cause something has not worked as expected. Please note that it is more expensive to test software than to develop it. Then, if the software comes out to be subsequently improved, it will never be as reliable as it should be. As to default, in short it means giving not especially expert users the information required to prepare their computer, i.e. standard choices to configurate the software in such a way as to protect it as much as possible, and to disable the functions that although interesting increase their set’s vulnerability and attack area. There are nicer and more interesting versions too, but they are for those who are more skilled and knowledgeable. However, these versions are not as protected from the outside world and can be attacked more easily. They have to be activated explicitly only by those who have the skills to do so. Adequate levels of security and privacy should be simple to install, and simple to maintain over time. Otherwise, as I was saying before, like 95% of the corporations, the software is not updated because it is too complicated or because no one thinks about it, and then this is really our fault. And we also have to decide how to get this information across. What approach should be followed. For example, if one realises that there is an important problem affecting many persons, a global problem, a breach in the security or privacy, then should the people other than the experts be told immediately, or only when a solutions has been found? Should certain risks be run or not? Very specific codes have to be developed for the decision makers. And allow me to mention that my corporation has started a response centre which is available for problems concerning viruses and security. It is free of charge, for anyone, for any emergency. And this is our contribution to this major objective, which we all share. 92 Da costo a risorsa - Attività produttive e protezione dei dati personali New Privacy-Oriented Markets Alejandra Gils Carbò (1) Contents: 1. Data protection in Latin America – 2. Argentinean Law has an adequate level of protection – 3. International data transfer – 4. Privacy and economic crisis – 5. The costs of controlling compliance – 6. The credit reports - 1. Data protection in Latin America In Latin America, the need to protect individual privacy from computerised proccessing of information is an important subject. This is clear when you see that the National Constitutions of Colombia, Perú, Guatemala, Venezuela, Ecuador, Brazil, Paraguay and Argentina have upgraded the habeas data and the access to the own data as a constitutional right. Besides, Argentina and Chile have passed special laws for data protection, while Perú, Paraguay and Panamá have regulated the use of credit reports. When you think about Latin América, you must take into account that the interest in data protection is in direct relation to the educational level and the purchasing power of the population. People are unlikely to worry if the employer checks how the employees use their computers, when unemployment rates are high and there is more concern about finding a job or keeping it. On the other hand, the poorer the technological development of a country is, the lower the interest to legislate on this subject. Despite this, several Latin American states are working on bills of privacy. However, in our view this effort will be worthless unless there is an agreement to set forth uniform principles. In fact, the laws enacted by Chile, Paraguay, Perú and Panamá so far, do not include a general framework about data protection rules which can be considered as an adequate level of protection according to the standards of Directive 95/46, and for the Argentinean law, either. 2. Argentinean Law has an adequate level of protection Recently, on October the third, this year, the Working Party of the European Commission came to the conclusion that Argentina provides an adequate level of protection for the international transfer of data. We were likely to be granted this status because our data protection act follows closely follow the contents of the (1) Procuraciòn general de la naciòn-Argentina Alejandra Gils Carbò - New Privacy-Oriented Markets 93 Spanish law. This was a wise move of the legislators that fostered the bill, as they had to bear during the five years of the parliamentary procedure, the pressure from companies and public agencies that were relunctant to accept it, as the automated data treatment had always been a free activity. The opponents used to say that it was inconvenient in our environment to rule a topic in full development; that a data protection act will increase costs and hinder the growth of industries or services which are decisive for progress; that it was an excess of rules and regulations. United States have not done it, why us? Finally, other pressing reasons have prevailed. 1. Firstly, the purpose to protect people´s rights. The lack of rules has brought about abuses that claimed action. The amendment of the National Constitution in 1994 that introduced the habeas data action as a fundamental right was not enough to protect people´s rights due to the lack of provisions about the obligations of the controller and the data subject´s rights. 2. The second reason to pass the law, was the prohibition to transfer personal data to countries which do not provide an adequate level of protection set forth by the European Union. It provoked the concern about future conflicts in international business due the lack of regulation. That situation would be an obstacle to our position in overseas markets. 3. International data transfer One of the main problems that causes the enforcement of the Data Protection Act was the prohibition to transfer personal data to countries without an adequate legal protection. This prohibition we have included in our law plays an essential role to support the aim of the system because it is useless to state restrictions for the data treatment which can be broken by processing data in a neighbouring country. Imagine, how this prohibition works in a country situated in a continent where other countries – except Canada – have not passed data protection laws according to the European standards. What would happen in Mercosur? United States companies in Argentina and the United States Embassy objected to this rule from the beginning. Finally, we have come to a solution set forth in the regulatory decree that was considered appropriate to all actors. We introduced exceptions mentioned in Directive 95/46 of the European Commission, because the Argentinean law was excessively strict and did not admit any exceptions. I am referring to the possibility of requesting the consent of the data subject 94 Da costo a risorsa - Attività produttive e protezione dei dati personali for international transfer; and to the guidelines to assess what an adequate level of protection means, including the option to consider codes of conduct and self regulation systems. Besides, the international transfer of personal data does not require the previous authorization of the controlling body, because this would be hindering commercial relationship among Latin American countries. Instead of that, we emphasize the accountability of the controller who makes the communication of the data. The responsible for the data file must examine the level of protection of the recipient country, and in case it is not adequate, he must ask for the data subject´s consent, or state contractual clauses which introduce the adequate protection not provided in the law. Contractual clauses must establish the responsibility of the recipient for the unlawful use of the communicated data. 4. Privacy and economic crisis I have been asked about what happens to privacy in a country like Argentina undergoing its worst economic crisis. Is privacy an essential cost for business? or when it comes to spending cuts privacy policies are sacrificed to improve benefits? We can approach this issue in this way. Many people wonder: Was there any human life before the mobile phone? I mean, when people have introduced a device of comfort, they are unlikely to accept to do without it. Therefore, the demand of consumers in relation to privacy has not fallen down. Otherwise it has increased as well as the invasive power of technology, even during an economic crisis. Recession encourages competition and creativity. Companies have no choice but to turn the problem into an opportunity. The opportunity to provide a better service: - offering a new product: the respect for privacy as a quality feature; - taking into account that the customer´s protection is cheaper than the bad image; - besides, privacy policies reduce “litigation risk” and prevent fines. The companies were the first to adopt the new regulation: who dare to sign a contract with somebody that breaks the law? 5. The cost of controlling compliance Another important subject is to determine the public cost for controlling the Alejandra Gils Carbò - New Privacy-Oriented Markets 95 compliance with data protection provisions. Countries with budget restrictions must make the most of their infrastructure. We have to resort to several options: The prosecution of crimes established in the data protection act, carried out by prosecutors, has made a great dissuasive impact and it enables to take advantage of the judicial system and the aid of cybercrime investigation office of the police division. In the Argentina the unlawful access to databases and the violations to confidentiality and security of personal data are punished by criminal law. Thus, we prosecute the “insiders”: the unfaithful employee, the civil servant that sells information of public files. Many times, paying a fine – which is not significant in case of insolvency – is not the same as seeing the police car parked in front of your house. On some occasions, we solve the limited resources by notifying the Internet service provider that someone is making an illegal activity on a website. Provider has solvency, and respond jointly for the violation of the law when he has taken knowledge of it. The provider´s decision to close the service turns out to be more effective than a court order. We have the habeas data, a typical Latin American judicial action, brief and simple, to guarantee all the rights recognized in the Data Protection Act. Since the law was passed there have been thousand of claims. There exists an administrative controlling body, called la Dirección Nacional de Protección de Datos Personales, which consists of the existing technical and human resources in the administration. The controlling body collects taxes for the registration of databases, with the exceptions provided for in favor of sectors which have passed codes of self-regulation, as an incentive. The control of compliance with the codes of conduct is shared between the controlling body and marketing associations. 6. The credit reports Another point of concern for many consumers in Latin America is the credit reports. In this framework, we have to admit that transparency for the banking and financial system takes priority over privacy. The basic problem is the low average of the population which is inserted in the banking system. So, to make credit reports useful, we include information about trials, which is difficult to keep update. This happens because courts register the beggining of the judicial procedure, but not the conclusion. 96 Da costo a risorsa - Attività produttive e protezione dei dati personali Therefore the debtor must be in charge of updating data, by notifying the provider of credit information services of the payments or the sentence rejecting the action, so as to remove his name form the defaulter list. The provision of credit reports is considered of public interest by the State authorities because. They compel the payment of obligations; They eveal the defaulters who used to protect themselves behind anonymity; They enable insecured credits. And, as the bankers say, though I do not believe them, they reduce the interest rates. In conclusion, I want to point out that this is the opportunity to advance conversations with Latin American states, because there is concern about the increasing collection of information for the sake of security and market´s interest. The myth of a dream society that inspired the utopias of Platon and Saint Thomas More was set aside by the antiutopias of Orwell and Huxley, who have changed those optimist versions to show that the quest for perfection in social control destroys self-determination and freedom. If humanity forget about its writers, it will have forgotten itself. Alejandra Gils Carbò - New Privacy-Oriented Markets 97 New Privacy-Oriented Markets. Direct Marketing in Hungary Attila Péterfalvi(1) Contents: 1. Mail Marketing – 2. Telemarketing - 3. E-mail marketing 1. Mail Marketing In the beginning of the nineties, the direct marketing companies were new actors in the Hungarian economic life. After the Hungarian Parliament adopted the Act on Data Protection and Freedom of Information (hereinafter: Data Protection Act) their activity - processing personal data and using it for marketing purposes without the consent of the data subject - became illegal. Of course the direct marketing lobby tried to create the legal background of their data processing, but till 1995 there was not legal way to collect and use personal data for marketing purposes except with the expressed consent of the data subject. In 1995 the Parliament adopted the Act On the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing - the law which laid the groundwork for the practice of direct marketing (hereinafter: Direct Marketing Act). According to this Act, direct marketing companies (and research companies which are also under of this Act’s operation) may use only the name and address information and information concerning the interest of their customers. It follows from this disposition that under the Direct Marketing Act only the “traditional” mail marketing is legal and the rules of this Act do not apply to other ways of direct marketing. According to the Act companies can use the data of their former customers (those who get in contact with the company on their own for example answering for a promotion campaign), and they can collect name and address information from public registers (for example phone book). It is also allowed to forward data from one company to another if the data subject did not forbid it after being informed. That means that the direct marketing companies do not need the expressed consent of the data subject; as a Hungarian proverb says: in this case silence gives consent. The fourth legal source of names and addresses for direct marketing purposes is the Central Data Processing, Records and Electoral Office which is the largest state register in Hungary containing every citizen’s data. The companies can not ask for individual data, they can ask for arranged lists. According to the relevant ministerial decree the price per data is between two and twenty five Eurocents - de(1) Data protection and Freedom of Information Commissioner-Hungary 98 Da costo a risorsa - Attività produttive e protezione dei dati personali pending on the amount of the required data. Many citizens complain about this kind of data processing. The Act on the Name and Address Records of Citizens (hereinafter: Records Act) makes it possible for citizens to block their data with the Central Office, preventing the Office from further disclosure of the information except to authorised bodies and in cases and for purposes expressly required by law. But citizens are not informed of this option and although many of them complain about forwarding their data to direct marketing companies only a few of them - less than one percent - blocked their data. In case of infants this rights accrues to the parents, but the block was not effective unless the parents were quicker than the direct marketing companies. This situation was often criticised by the former Data Protection Commissioner and in 1999 the Records Act was amended. Now the request for data by direct marketing companies is declined for ninety days after the baby’s data were filed with the Registrar. The Direct Marketing Act contains many regulation to protect the right to the protection of personal data. The citizens has the right to ask to erase their data and also has the right to require information about the way of data processing. As companies may collect data without the knowledge of citizens it is essential to inform them at the first time when the company gets in contact with its prospective customers. So the Act obliges the companies to inform the data subject about the source of the data, the purpose, way and duration of the data processing, the name and address of data processor. The data subject also has to be informed about the right to ask for erasing the data (actually, the information is not erased but switched to a so-called blocked list or Robinson list, which helps to screen the names of persons who have blocked data out of any new lists). The mails of direct marketing companies not always contain this information - and it is also, apart from the fact that it violates the law, a source of complaints. The other question about erasing concerns technical data processing. The biggest Hungarian direct marketing company - actually, one of the biggest International direct marketing companies - used to send more than two hundred thousands letters at each campaign. The technical data processing - printing the letters, envelopes, posting them - takes several weeks. Many citizens complained that after they asked the company to erase their records they got materials for weeks - sometimes for months. At this case I called the company’s attention to the strict rules: according to the Data Protection Act after the citizen asked for erasing it is illegal if the data processor or the technical data processor process the data. However, it must be understood that it is impossible to follow the rules in such cases so three or four weeks for erasing the data is acceptable. Attila Péterfalvi - New Privacy-Oriented Markets. Direct Marketing in Hungary 99 2. Telemarketing The Direct Marketing Act can not be used for telemarketing as it allows to use phone books only to collect name and address information and not for calling the citizens. So strictly speaking telemarketing was illegal without the consent of the data subject. Due to the fact that after the Direct Marketing Act was adopted telemarketing was a very common business in Hungary the Data Protection Commissioner did not consider it as illegal but asked the companies to apply the rules of the Direct Marketing Act as appropriate. The direct marketing companies had to wait three years after the Data Protection Act was adopted - for the legal groundwork of telemarketing they had to wait nine years. The Hungarian parliament adopted the Act on Communications in 2001, and this Act contains three rules for telemarketing. First of all the Act says that each telephone subscriber shall have the right to require the service provider to state in the telephone books that his/her personal data may not be used for the purposes of direct marketing. So mail marketing and telemarketing companies must not use the data of those who has this kind of statement in the telephone book. All the other names and addresses can be used for mail marketing and also for telemarketing - with two exceptions. Automated calling system free of any human intervention can be used for direct marketing purposes only with the consent of the subscriber, so the telemarketer must have the expressed consent before using such kind of calling system - but the preliminary consent is needed only for using automated calling system. On the other hand no announcement serving the purposes of direct marketing may be forwarded to a subscriber, by telephone or through other telecommunications method, who has declared that he/she does not wish to receive any publicity matter. The problem with this Act is its conciseness. The telemarketing companies work with public telephone books and if they want to keep the Act they have to keep a record of those who made the above mentioned declaration - this is similar to or the same as the blocked list or Robinson list in the Direct Marketing Act. This kind of list is also a data processing so the data processor - in this case the telemarketing company - must have a permission by law to keep this register. But the Communications Act does not contain any rule concerning this question. But as keeping the blocked list or Robinson list is the only way to keep the law, the Telemarketing companies must have it. 3. E-mail marketing The problem with the e-mail marketing was the same as with the telemarketing: there were not any regulations concerning this way of direct marketing. In 2001 100 Da costo a risorsa - Attività produttive e protezione dei dati personali - after the Communications Act - the Parliament adopted the Act on the Issues of Electronic Commercial Services and Services Connected with the Information Society. This Act clarifies that the addressee’s consent is needed to send advertisement or any marketing matter using electronic mails. The marketer has to keep a register of those who gave their consent and only this register can be used for marketing purposes. It must be written in every mail that the addressee has the right to forbid to use his/her mailing address for direct marketing purposes. So in contrast to the Communications Act this Act requires the preliminary consent of data subject. Mention must be made of the circumstance that the Communications Act applies to direct (commercial) marketing, the Electronic Commercial Act to every kind of marketing. That’s why it was a violation of this Act that political parties sent campaign materials via e-mail without the addressee’s consent during the Electoral Campaign before the Parliamentary Elections this April. Political marketing is also a marketing so parties must keep the rules of the Electronic Commercial Act. Finally, it must be underlined that the Direct Marketing Act only applies to the use of the name address of persons. So the names and addresses of companies, offices, etc. can be used for direct marketing almost without limits. On the other hand the Communications Act applies to every subscriber and also the Electronic Commercial Act applies to every addressee – so everyone, not only private individuals. Attila Péterfalvi - New Privacy-Oriented Markets. Direct Marketing in Hungary 101 Contributi S ESSIONE II P RIVAC Y E I MPRESA Sessione II – Privacy e Impresa Quale privacy? Mauro Paissan (1) Sommario: 1. La globalizzazione dei diritti – 2. Codici di condotta, nuove tecnologie e regole multinazionali – 3. La tutela dei dati personali all’interno dell’impresa: in particolare i dati dei lavoratori 1. La globalizzazione dei diritti La sessione che sono chiamato a coordinare, caratterizzata da una pluralità eterogenea di sollecitazioni sull’uso delle informazioni personali nell’attività di impresa, muove da un interrogativo: “quale privacy?”. La nostra attenzione viene dunque indirizzata verso le modalità con le quali può trovare compiuta tutela il diritto alla protezione dei dati personali. Si riconosce, così, se non altro implicitamente, non voglio dire la non effettività ma almeno la non esaustività del ricorso ai tradizionali strumenti di protezione dei dati riconosciuti in capo all’interessato (accesso, rettifica, cancellazione etc.), che si sono aggiunti ai rimedi classici – a presidio dei diritti della personalità – rappresentati dal risarcimento del danno e dall’inibitoria. In questa cornice si giustificano gli interventi successivi aventi ad oggetto da un lato i codici di condotta e, dall’altro, le così dette privacy enhancing technologies (PETs), ovvero le tecnologie informatiche in grado di incrementare la privacy, come i sistemi crittografici per la posta elettronica o i sistemi per navigare in rete in modo anonimo. Da questo punto di vista, allora, il nostro dibattito presenta una connessione diretta con talune delle conclusioni della conferenza internazionale sullo stato di attuazione della Direttiva 95/46/CE svoltasi presso la Commissione europea a Bruxelles circa due mesi fa(2). Ma questa linea di ideale continuità che ho voluto tracciare per dare ragione della natura internazionale della nostra Conferenza (i problemi sono ormai tutti so(1) Componente Garante per la protezione dei dati personali - Italia (2) V. i diversi contributi alla Conferenza di Bruxelles resi pubblici in http://europa.eu.int/comm/internal_market/en/dataprot/lawreport/index.htm. Mauro Paissan - Quale privacy? 105 pranazionali), ha radici più profonde: essa intende rappresentare l’ulteriore svolgimento del messaggio che il Garante volle condensare nel titolo della Conferenza di Venezia del 2000: One World, One Privacy. Si tratta di uno slogan ancora attuale nel reclamare, a fianco della libera circolazione delle informazioni nell’economia globalizzata, la non separabile globalizzazione dei diritti: per quanto ci riguarda, della dignità della persona attraverso il trattamento dei dati personali che ad essa si riferiscono. Intenti non diversi, del resto, erano presenti nel convegno organizzato nel settembre 2001 a Kiel dal Garante dello Schleswig-Holstein, nel contesto della Sommerakademie, con il titolo Datenschutz als Wettbewerbsvorteil (3). Queste giornate di studio romane si inseriscono, stavolta guardando al futuro, nell’itinerario verso l’imminente World Summit sulla società dell’informazione previsto per l’anno prossimo(4), rispetto al quale le conclusioni dei vertici regionali, ed in particolare di quello paneuropeo di Bucharest(5), sembrano non aver tenuto in debito conto le fondate preoccupazioni dei cittadini e le loro legittime aspettative a non divenire puro strumento dell’evoluzione tecnologica o merce del processo produttivo che la incorpora. In questo senso, va allora rettamente posto, in termini di auspicabile alleanza, il rapporto intercorrente tra iniziativa economica e diritti fondamentali. Se parlassimo invece di funzionalizzazione di questi ultimi alla prima, ci collocheremmo, per quanto attiene all’ordinamento italiano, in linea di rottura rispetto alla cornice definita dalla nostra Carta costituzionale agli articoli 2 (“La Repubblica riconosce e garantisce i diritti inviolabili dell’uomo…”) e 41 (“L’iniziativa economica privata è libera. Non può svolgersi in contrasto con l’utilità sociale o in modo da recare danno alla sicurezza, alla libertà, alla dignità umana”). 2. Codici di condotta, nuove tecnologie e regole multinazionali La ricordata Conferenza di Bruxelles ha affermato l’inopportunità di una revisione del testo della direttiva del 95 sulla privacy. Non sono dunque messi in dubbio i principi cardine della protezione dei dati, che risalgono alle linee guida dell’Ocse(6) e alla Convenzione del Consiglio d’Europa del 1981, e che potranno tro(3) Gli atti del Convegno possono essere letti in H. Bäumler – A.v. Mutius (a cura di), Datenschutz als Wettbewerbsvorteil – Privacy sells: Mit modernen Datenschutzkomponenten Erfolg beim Kunden, Braunschweig – Wiesbaden, 2002. (4) Un’agenda completa delle attività preparatorie si può trovare in http://www.itu.int/wsis/index.html. (5) “The Bucharest Declaration” può essere consultata in http://www.itu.int/wsis/events/bucharest.html; v. pure la “Declaration of the Bishkek-Moscow Conference on the Information Society”, in http://www.itu.int/wsis/events/bishkek.html. (6) Oecd, Recommendation Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, adottato dall’Ocse il 23 settembre 1980 (Oecd Privacy Guidelines), Doc. C 58 final del 1° ottobre 1981; l’attuale validità dei principi contenuti nelle Guidelines è stata ribadita, anche con riguardo alle reti telematiche, dall’Ocse: cfr. Ministerial Declaration on the Protection of Privacy on Global Networks, Ottawa, 7-9 October 1998, p. 4 (DSTI/ICCP/REG(98)10/FINAL). 106 Da costo a risorsa - Attività produttive e protezione dei dati personali vare più alto ed esplicito riconoscimento una volta definito il ruolo della Carta dei diritti fondamentali dell’Unione europea (art. 8)(7). Si sono registrate, tuttavia, istanze volte all’individuazione di modalità dirette a migliorare l’uniforme applicazione dei principi della Direttiva nei singoli Paesi membri dell’Ue, anche attraverso la ricerca di approcci più pragmatici e con la semplificazione del quadro normativo, garantendo comunque le libertà dei cittadini, dei quali ancora basso è il livello di consapevolezza dei diritti loro attribuiti e delle modalità di esercizio degli stessi. Tra le misure volte ad incrementare l’effettività delle discipline di protezione dei dati, come anticipato, si sono menzionati sia i codici deontologici sia le PETs. A proposito di queste ultime va tuttavia rilevato che, al di là della precisa individuazione del loro contenuto e della loro effettiva idoneità a ridurre l’impatto sulla privacy, se ne è denunciata la modesta diffusione e la difficoltosa introduzione nel mercato. Si tratta di elementi dei quali occorre farsi carico se non si vuol perdere il contatto con la realtà, specie in presenza della crescente diffusione di tecnologie che – procedendo in senso opposto – consentono ad esempio il datamining, ovvero l’estrazione e la successiva elaborazione di dati personali reperiti in diversi database o in rete. Ulteriore strumento per rendere più “appetibile” o, rimanendo in contesto, più “digeribile” le discipline di protezione dei dati sono i codici di deontologia e di buona condotta(8): anche nell’ordinamento italiano, e segnatamente nel settore della protezione dei dati, essi stanno trovando progressiva accettazione(9). Tutti ne conosciamo i vantaggi, in termini di maggiore prossimità rispetto alle specifiche problematiche delle categorie interessate. Ma non possiamo sottacere le difficoltà che talora si presentano, anzitutto nell’individuazione dei soggetti effettivamente rappresentativi degli interessi in gioco; compito pressoché impossibile quando le ricadute sono su una platea indistinta di soggetti o quando gli interessi implicati richiedono un’attività che oltrepassa la mera competenza tecnica per debordare in valutazioni di politica del diritto che non possono che essere rimesse al Parlamento. Ma di regole frutto dell’autonomia privata, ed in questo senso assimilabili ai codici di buona condotta, sempre più si va parlando quale tecnica ulteriore per superare uno dei problemi maggiormente avvertiti dall’impresa che, nel mercato globalizzato, si articola in più sedi dislocate nelle parti più disparate della terra: si trat(7) V. http://www.europarl.eu.int/charter/default_en.htm. (8) Un’utile trattazione è stata offerta da C.D. Raab, Effective self regulation – genuine protection or a contradiction in terms?, Paper prepared for the 24th International Conference of Data Protection and Privacy Commissioners, Cardiff, 9-11 September 2002. (9) Codice di deontologia relativo al trattamento dei dati personali nell’esercizio dell’attività giornalistica ai sensi dell’art. 25 della legge 31 dicembre 1996, n. 675, adottato con provvedimento del 29 luglio 1998; Codice di deontologia e di buona condotta per i trattamenti di dati personali per scopi storici, adottato con provvedimento del 14 marzo 2001. Codice di deontologia e di buona condotta per i trattamenti di dati personali a scopi statistici e di ricerca scientifica effettuati nell’ambito del sistema statistico nazionale, adottato con provvedimento del 31 luglio 2002 . Mauro Paissan - Quale privacy? 107 ta della disciplina volta a regolare il flusso transfrontaliero di dati personali dall’Europa verso Paesi terzi che non offrano un livello adeguato di protezione dei dati personali. E’ un tema che lascio agli ospiti stranieri. Mi limito a ricordare che la Commissione europea e le Autorità nazionali di garanzia, anche operando in modo cooperativo all’interno del “Gruppo articolo 29”, hanno realizzato sforzi rilevantissimi per coniugare le esigenze del mercato, consentendo la libera circolazione dei dati personali attraverso gli strumenti, pur diversi, del Safe Harbor (10) e delle “clausole contrattuali standard”(11); strumenti che, pur attenuando le possibilità di controllo sulle modalità di trattamento dei dati al di fuori dell’Europa, non le elidono. Questa preoccupazione è, invece, più difficile da dissipare rispetto a tecniche contrattuali diverse che consentano una libera circolazione, all’interno delle multinazionali, di dati personali provenienti dall’Unione europea. 3. La tutela dei dati personali all’interno dell’impresa: in particolare i dati dei lavoratori Se quanto appena descritto attiene allo svolgersi dell’attività economica dell’impresa verso l’esterno, non possiamo dimenticare gli aspetti, altrettanto rilevanti, della definizione delle regole di circolazione delle informazioni all’interno dell’impresa. Pensiamo al flusso informativo nei processi gestionali e organizzativi, ai problemi posti dalle reti Intranet e, segnatamente, al tema dei dati nel contesto del rapporto di lavoro. Qualche osservazione su quest’ultimo aspetto. Non si tratta di tema nuovo e, con riguardo all’ordinamento italiano, è stato affrontato ormai molto tempo fa con lo Statuto dei lavoratori(12), che riconosce garanzie per il lavoratore e per la vita privata dello stesso. Ma l’introduzione massiva delle tecnologie dell’informazione nel processo produttivo e nell’organizzazione aziendale ha modificato il quadro: la materia dei controlli della posta elettronica e della navigazione in Internet è, da questo punto di vista, solo la punta di un iceberg. Ad esse bisogna associare altre problematiche, non meno rilevanti, che abbracciano un arco temporale assai ampio, che parte fin dalla fase precedente all’instaurazione del rapporto di lavoro, con l’assunzione di informazioni personali sul candidato-lavoratore; si aggiungano poi le informazioni raccolte nel corso del rapporto lavorativo, con le metodologie più varie (anche ricorrendo al(10) Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce; v. anche il sito dedicato dall’US Department of Commerce al Safe Harbor in http://www.export.gov/safeharbor/. (11) Vedi le decisioni della Commissione europea in: http://www.europa.eu.int/comm/internal_market/en/dataprot/modelcontracts/index.htm . (12) L. 20 maggio 1970, n. 300. 108 Da costo a risorsa - Attività produttive e protezione dei dati personali l’uso di test), e il problema della loro tipologia. Si pensi, solo per fare qualche esempio, ai cosiddetti dati valutativi, ai dati genetici (la cui raccolta può tradursi in fonte di grave discriminazione), ai test antidroga, antialcool e antifumo, ai badge attivi che consentono l’individuazione della collocazione geografica del dipendente, al controllo delle voice-mail e dei computer. Per non parlare della videosorveglianza. È un tema caldo in molti paesi. Le Autorità di garanzia sono intervenute a più riprese e le stesse tematiche hanno formato oggetto di riflessione da parte del “Gruppo art. 29”(13). Le autorità di garanzia europee vengono sollecitate a pronunciarsi in materia. Le preoccupazioni al riguardo sono reali e non riducibili ad un “chiodo fisso” degli esperti di protezione dei dati: chi ne volesse conferma non avrebbe che da scorrere le pagine della recentissima Comunicazione della Commissione europea intitolata Second stage consultation of social partners on the protection of workers’ personal data, nella quale si prefigura l’emanazione di una Direttiva in materia(14). Il tema è spinoso e non sono praticabili soluzioni semplicistiche. Riguardo, ad esempio, alle e-mail inviate e ricevute da un lavoratore sul computer aziendale, è in gioco il diritto inalienabile alla segretezza della corrispondenza al quale viene talvolta contrapposto il diritto di proprietà dell’imprenditore sugli strumenti di lavoro aziendali. Ma la difficoltà del tema non ci esime dalla necessità e dall’urgenza di un dibattito aperto tra i soggetti sociali coinvolti e la cultura giuridica e scientifica. Una necessità che segnalo al mondo delle imprese, che troppo spesso preferiscono rimuovere il problema e operare per vie di fatto; al mondo sindacale, incomprensibilmente disattento, forse anche perché i lavoratori maggiormente coinvolti sono meno rappresentati dalle organizzazioni sindacali; e al mondo del diritto, la cui elaborazione al riguardo è ancora lontana dalle attese. Una maggiore attenzione e sensibilità su questo tema da parte dei soggetti sociali e della cultura giuridica e scientifica renderebbe più agevole anche la nostra attività istituzionale. (13) V. Working document on the surveillance of electronic communications in the workplace, 29 May 2002, DG MARKT/5401/01, WP 55; Opinion 8/2001 on the processing of personal data in the employment context, 13 September 2001, DG MARKT 5062/01, WP 48; Recommendation 1/2001 on Employee Evaluation Data, 22 March 2001, DG MARKT 5008/01, WP 42. (14) La comunicazione, dell’ottobre 2002, è consultabile in: http://europa.eu.int/comm/employment_social/soc-dial/labour/dataprot_en.pdf Mauro Paissan - Quale privacy? 109 What Privacy? Mauro Paissan (1) Contents: 1. Globalising Rights – 2. Codes of Conduct New Technologies and Multinational Rules – 3. Personal Data Protection inside Businesses, with Particular Regard to Employee Data I. Globalising Rights The Session I have the task of coordinating includes multifarious issues related to the use of personal information in connection with business activities; its starting point appears to be a question, i.e. what privacy? Our attention must therefore focus on the manner in which the right to personal data protection can be fully safeguarded. This means that it is acknowledged – at least implicitly – that the traditional data protection tools made available to data subjects (access, rectification, cancellation, etc.) in addition to time-honoured remedies to safeguard individual rights (compensatory damages, prohibition orders) are, though not ineffective, at least non-exhaustive ineffective. The presentations we will shortly be listening to should be considered against this background. They will address, on the one hand, codes of conduct and, on the other hand, the so-called Privacy Enhancing Technologies (PETs), that is to say the computer-based techniques capable to enhance privacy - such as cryptography systems for e-mail or anonymous browsing systems. From this viewpoint, our meeting is directly related to some of the conclusions drawn on the occasion of the international conference on implementation of Directive 95/46/EC, which took place at the European Commission in Brussels about two months ago.(2) However, this continuity I pointed to in order to account for the international character of our conference – indeed, nowadays all issues are supranational in nature – has deeper roots. It is meant to be the furtherance of the message summarised by the Italian data protection authority in the title of the Venice Conference in 2000 – i.e. One World, One Privacy. This motto retains its validity as it calls for, on the one hand, the free flow of information in the globalised economy and, on the other hand, the ineliminable globalisation of rights – which means, as far as we are concerned, globalising the dignity of individuals by means of the processing of the (1) Member. Italian Data Protection Authority (2) See the various contributions published at http://europa.eu.int/comm/internal_market/en/dataprot/lawreport/index.htm . 110 Da costo a risorsa - Attività produttive e protezione dei dati personali personal data concerning them. No different targets were actually envisaged in connection with the conference organised by the Schleswig-Holstein supervisory authority in Kiel, in September 2001, within the framework of the Sommerakademie – its title being Datenschutz als Wettbewerbsvorteil.(3) This Roman workshop is a station on the road leading to the forthcoming World Summit of the Information Society, which is scheduled for the next year(4); in this regard, the conclusions reached by regional meetings, in particular the panEuropean meeting of Bucharest(5), would appear not to have taken duly into account the well-grounded concerns expressed by citizens and their legitimate expectation not to become merely tools of technological development or else commodities in the production process incorporating that development. In this context, establishment of a relationship between economic enterprise and fundamental rights is definitely desirable to the extent that it can become an alliance. However, should we regard fundamental rights as instrumental to economic enterprise, we would go against the grain of our Constitution – whose Article 2 states that “The Republic recognises and guarantees the inviolable rights of man…”, whilst under Article 41 “Private economic enterprise shall be free. It shall not be carried out against the common good, or in a way that may harm security, freedom and human dignity”. 2. Codes of Conduct, New Technologies and Multinational Rules During the abovementioned Brussels Conference, revision of the 1995 directive on privacy was found to be inappropriate. Therefore, the basic data protection principles have not been questioned so far – such principles dating back to the OECD Guidelines(6) as well as to the Council of Europe Convention of 1981; it is expected that they will be recognised at the highest level once the role of the Charter of Fundamental Rights of the EU (Article 8) is clarified.(7) However, the request was made to identify approaches that could enhance harmonised application of the principles laid down in the Directive in the individual (3) The Conference proceedings are available in H. Bäumler – A.v. Mutius (eds.), Datenschutz als Wettbewerbsvorteil – Privacy sells: Mit modernen Datenschutzkomponenten Erfolg beim Kunden, Braunschweig – Wiesbaden, 2002. (4) A full agenda of the preparatory activities can be found at http://www.itu.int/wsis/index.html. (5) “The Bucharest Declaration” is available at http://www.itu.int/wsis/events/bucharest.html; see also the “Declaration of the Bishkek-Moscow Conference on the Information Society”, at http://www.itu.int/wsis/events/bishkek.html. (6) OECD, Recommendation Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, adopted by OECD on 23 September 1980 (OECD Privacy Guidelines), Doc. C 58 final of 1 October 1981; validity of the principles set forth in the Guidelines was recently re-affirmed by OECD also with regard to computerised networks: see Ministerial Declaration on the Protection of Privacy on Global Networks, Ottawa, 7-9 October 1998, p. 4 (DSTI/ICCP/REG(98)10/FINAL). (7) See http://www.europarl.eu.int/charter/default_en.htm. Mauro Paissan - What Privacy? 111 EU Member States – also by developing more pragmatic approaches and simplifying the regulatory framework, without prejudice to citizens’ freedoms. Indeed, citizens are often poorly aware of the rights they are entitled to as well as of the ways in which they can exercise such rights. Among the measures aimed at enhancing effectiveness of data protection provisions, reference was made both to codes of conduct and to PETs. As to the latter, it should be stressed that, apart from precisely identifying their contents and establishing whether they may be suitable to soften the impact on privacy, the limited implementation experience and difficult marketability were highlighted. These issues should be taken into account in order not to lose contact with reality, especially in connection with the growing use of technologies that allow, for instance, data mining and/or extraction and processing of personal data from different databases and the network. Additional tools to make data protection provisions more appealing – or rather, more acceptable – are provided by codes of conduct and professional practice(8); they are being increasingly favoured in Italy’s legal system as well, with particular regard to data protection matters.(9) We all are aware of their advantages in terms of their being closer to the specific issues that are to be coped with by the relevant categories. However, one should not overlook the difficulties that sometimes arise – especially as regards identifying the entities that actually represent the interests at stake. This task is as good as impossible if the effects of such instruments concern undifferentiated groups of entities, as well as whenever the interests at stake require activities that go beyond technical know-how and border on law policy issues that cannot but be left to Parliamentary discretion. Still, applying rules that have been developed autonomously by private entities – being similar, from this viewpoint, to codes of conduct – is increasingly being regarded as an additional tool to overcome one of the main sources of concern for businesses, which nowadays are often established in several countries worldwide given the globalisation of markets. I am referring here to the provisions aimed at regulating transborder data flows from Europe to third countries, in which no adequate level of protection is available. I will leave this issue to our guest speakers. Let (8) This issue was dealt effectively by C.D. Raab, Effective self regulation – genuine protection or a contradiction in terms?, Paper prepared for the 24th International Conference of Data Protection and Privacy Commissioners, Cardiff, 9-11 September 2002. (9) Codice di deontologia relativo al trattamento dei dati personali nell’esercizio dell’attività giornalistica ai sensi dell’art. 25 della legge 31 dicembre 1996, n. 675, adottato con provvedimento del 29 luglio 1998; Codice di deontologia e di buona condotta per i trattamenti di dati personali per scopi storici, adottato con provvedimento del 14 marzo 2001. Codice di deontologia e di buona condotta per i trattamenti di dati personali a scopi statistici e di ricerca scientifica effettuati nell’ambito del sistema statistico nazionale, adottato con provvedimento del 31 luglio 2002 . 112 Da costo a risorsa - Attività produttive e protezione dei dati personali me only point out that the European Commission and the national supervisory authorities, also within the framework of the cooperation activities carried out by the Article 29 Working Party, have made considerable efforts in order to meet market requirements by allowing free movement of personal data through different tools such as the Safe Harbor Agreement(10) and Standard Contractual Clauses(11). Although these tools reduce the opportunities for controlling data processing arrangements outside Europe, they do not eliminate such controls. Conversely, the latter type of concern is more difficult to assuage as regards other contractual instruments that might allow personal data originating from the EU to circulate freely inside multinational companies. 3. Personal Data Protection inside Businesses, with Particular Regard to Employee Data Whilst the above considerations apply to businesses’ outward economic activities, reference should also be made to the equally important issues related to setting out data circulation rules inside businesses. Only think of the information flows in management and organisational processes, the issues related to Intranets and, in particular, the processing of personal data in the employment context. The latter requires some additional considerations. It is no new topic, and it was addressed many years ago as regards Italy – where the so-called workers’ statute was passed(12), an Act setting forth safeguards for employees and their private life. However, the massive introduction of information technologies into production processes and business organisation has changed the overall pattern. From this viewpoint, e-mail and Internet access monitoring is merely the tip of an iceberg. To this, other issues should be added that are of no smaller moment and relate to a wide time span – starting from the recruitment phase, when personal information on applicants is collected. Information is subsequently collected in the course of the employment relationship by using the most different methods – including tests – and with regard to many different categories of data. Only think, for instance, of the so-called evaluation data, of genetic data – whose collection may entail serious discrimination -, drug, alcohol and smoking tests, the active badges allowing employee geographic location and the monitoring of voice-mails and computers. (10) Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce; see also the web site of the US Department of Commerce at http://www.export.gov/safeharbor/. (11) See the European Commission’s decisions at http://www.europa.eu.int/comm/internal_market/en/dataprot/modelcontracts/index.htm (12) Act no. 300 of 20.05.1970. Mauro Paissan - What Privacy? 113 Video surveillance should also be mentioned in this context. These are hot issues in many countries. Supervisory authorities have repeatedly taken steps in this regard, and the same issues were addressed by the Article 29 Working Party.(13) European data protection authorities have been urged to take stance in respect of this subject matter. The underlying concerns are real and should not be dismissed as the “obsession” of data protection experts. To confirm this, it would be enough to leaf through the recent European Commission’s Communication on the “Second Stage Consultation of Social Partners on the Protection of Workers’ Personal Data”, where issuing of a Directive in this sector is envisaged.(14) It is a thorny issue that is not amenable to simplistic solutions. For instance, as regards e-mails sent and received by an employee via his/her office PC, the inalienable right to confidentiality of correspondence is at stake – which is sometimes opposed to the entrepreneur’s ownership right in respect of business worktools. Complexity of these issues does not make it less urgent and necessary to start an open discussion between all the social partners and legal and scientific scholars. I would like to highlight this requirement to businesses, which too often prefer to ignore problems and make recourse to practical measures, trade unions, which are unaccountably paying little attention to these issues - partly perhaps because of the fact that the employees that are most affected are those that are least represented in trade unions - and to law scholars, who have not yet come up with suggestions that are equal to the expectations. Increased attention to and awareness of this issue by both social partners and the legal and scientific world would also facilitate our institutional activities., (13) See Working document on the surveillance of electronic communications in the workplace, 29 May 2002, DG MARKT/5401/01, WP 55; Opinion 8/2001 on the processing of personal data in the employment context, 13 September 2001, DG MARKT 5062/01, WP 48; Recommendation 1/2001 on Employee Evaluation Data, 22 March 2001, DG MARKT 5008/01, WP 42. (14) The Communication, published in October 2002, is available at http://europa.eu.int/comm/employment_social/socdial/labour/dataprot_en.pdf 114 Da costo a risorsa - Attività produttive e protezione dei dati personali Mercato: trasparenza e privacy Luigi Spaventa (1) In linea di principio si potrebbe argomentare che io sono una controparte del Garante per la privacy. Il motto dei regolatori dei mercati è infatti, o dovrebbe essere, quello del giudice Brandeis: sunlight is the best disinfectant. Se le informazioni non vengono alla luce e non sono rese pubbliche il regolatore dei mercati finanziari si preoccupa e viene preso da pruriti sanzionatori. Cercherò di argomentare che così non è e così non deve essere, cominciando da qualche constatazione di base. Il regolatore dei mercati finanziari e degli emittenti parte dalla premessa che l’investitore si trova in una posizione di endemica inferiorità: in gergo economico, diciamo che si manifesta un problema di agency cost, di costo di agenzia: vi è un principal, l’investitore, che affida i suoi soldi a soggetti che non conosce e non conoscerà mai; vi è un gestore, l’agent, i cui interessi non necessariamente (o se vogliamo essere pessimisti, raramente) coincidono con quelli dell’investitore. L’inferiorità dell’investitore a motivo di alcune cause che sono richiamate nella teoria economica: asimmetrie informative, perché ne sa molto meno del gestore del fondo, del manager, dell’executive officer; incompletezza dei contratti che non possono prevedere tutte le possibilità da cui cautelarsi. Il problema della protezione del risparmiatore si è posto, come tutti sanno, da tanto tempo, e fu affrontato per la prima volta negli Stati Uniti con la legge del 1934. La protezione degli investitori, soprattutto sul versante societario, opera con due strumenti. Anzitutto si devono offrire all’investitore rimedi legali e rimedi “di voce”. I rimedi legali consistono nella possibilità di ottenere la protezione dei tribunali, contro i manager e gli amministratori sia per vere e proprie frodi o, nel caso della giurisprudenza americana, per violazione del fiduciary duty o del duty of care. I rimedi di voce mirano a dare ogni possibilità all’azionista di partecipare all’assemblea, di esprimersi, di votare. Non meno importante, o forse più importante, è consentire all’investitore di votare con il portafoglio, favorendo la sua possibilità di exit dall’investimento. Per esercitare il diritto di exit (o di entry se vogliamo) è essenziale che il risparmiatore abbia ogni informazione possibile. Quindi l’informazione piena e trasparente è una condizione necessaria per un funzionamento dei mercati in cui si formino prezzi significativi e l’investitore non sia esposto a sorprese per circostanze che egli non conosce. Naturalmente le società, gli emittenti tengono molto alla loro privacy. E ancor più l’amano i manager delle società. E quindi le autorità di vigilanza sono in rotta (1) Presidente Consob Luigi Spaventa - Mercato: trasparenza e privacy 115 di collisione con questo comprensibile ma non ammissibile desiderio di privacy. Quali informazioni non collidono con le regole di cui parlo e quali altre rischiano di collidere? Certamente non si può ritenere che le informazioni che riguardano la persona giuridica società possano collidere con esigenze di privacy. Quindi vi sono ovunque delle regole molto precise riguardanti sia gli obblighi di informazione periodica nei financial reports che devono essere presentati a cadenze trimestrali, semestrali e annuali, sia l’informazione continua. Recentemente anche sull’informazione periodica si sono avuti degli sviluppi interessanti. Svegliandosi, il nuovo (e già vecchio, perché se ne è già andato), chairman della Security Exchange della Commission, ha detto che un bilancio o le relazioni trimestrali o semestrali dovrebbero consentire agli investitori di vedere la società “attraverso gli occhi del management”, con ciò mettendo in dubbio che il gergo contabilese o giuridichese impiegati nei bilanci riescano a dare le informazioni richiesta dal risparmiatore. Per quanto riguarda l’informazione continua, vi sono delle differenze di definizione ordinamentale: negli Stati Uniti si parla di material information, in Europa, a norma di direttiva, si parla di price-sensitive information – ovvero di ogni informazione che possa avere influenza sui prezzi. Vi sono almeno due punti per i quali possono cominciare a porsi dei problemi di collisione con le regole di privacy. Il primo è l’imposizione di un obbligo agli amministratori di denunciare nei documenti di bilancio le remunerazioni che essi percepiscono e i benefici che essi ricevono dalla società. Perché questa richiesta da parte delle autorità di controllo? Perché si ritiene che gli azionisti debbano poter valutare se quanto (e solitamente non poco) essi pagano al manager e agli amministratori sia bene speso e al fine di dar conto di tutti altri meccanismi di remunerazione, che non sono per così dire in busta paga, fra cui soprattutto le stock options. La seconda informazione, forse ancora più delicata, riguarda le negoziazioni che un amministratore di società compie sui titoli della società medesima. Tale informazione è importante, perché l’amministratore possiede conoscenze sulla società che l’azionista non possiede. Da un lato occorre verificare che non vi siano episodi di insider trading. Dall’altro quelle transazioni danno un’indicazione dell’atteggiamento del management nei confronti della sua società. Rammento che, con il caso Enron si è constatato che gli amministratori della settima società americana, alla vigilia del fallimento della medesima, avevano avuto utili per 600 milioni di dollari, vendendo le azioni della propria società quando le quotazioni erano ancora alte: il che non ha fatto una buona impressione. Né ha fatto una buona impressione aver scoperto che l’amministratore di un’altra società, anch’essa ora in fallimento, si era arricchito o aveva migliorato la sua vita comprando quadri da collezione a spese dell’azienda. Questi sono i due punti di potenziale collisione con il Garante della privacy ma solo potenziale. In attuazione del decreto legislativo 58/98 la Consob dispose l’ob- 116 Da costo a risorsa - Attività produttive e protezione dei dati personali bligo di pubblicità dei compensi degli amministratori. Personaggi eminenti mi onorarono della loro visita per rappresentarmi che, ove avessero detto quanto guadagnavano, vi sarebbero stati pericoli di rapimento; o che la pubblicazione dei compensi avrebbe reso difficile le trattative sindacali. Fu eccepita la violazione della privacy, e, comunque, la illegittimità della disposizione. Queste istanze non hanno avuto esito. Il Garante, infatti non ritenne che la pubblicazione dei compensi fosse in violazione del diritto alla riservatezza. E anche il Tar, decise, che la Consob poteva imporre questo obbligo. Siamo grati al Garante per la sua decisione: grazie ad essa ora quei dati vengono correntemente pubblicati. Il problema del insider dealing, ossia della negoziazione dei titoli della società da parte di amministratori, è più complicato. La Consob non ha base legislativa per imporne l’immediata comunicazione. Recentemente in un sussulto di innovazione, il gestore del mercato, ossia la borsa, decise di imporre un obbligo di disclosure, inizialmente mensile e diventato poi trimestrale. Borsa chiese al Garante se era ad essa consentito richiedere quelle informazioni. Ancora una volta il parere fu favorevole. Mi pare dunque che mai vi è stata collisione fra gli interessi protetti dalla Consob e quelli protetti dal Garante. Il Garante, nei due casi che ho citato, ha ben compreso dove debba essere stabilito il limite della protezione dei dati personali, al fine di non sacrificare altre esigenze. In alcuni casi avviene che gli interessi siano perfettamente coincidenti: come quando si viola la privacy per trarre profitti. Faccio un esempio frequente che riguarda la grande categoria dell’insider trading (abuso di informazioni privilegiate previsto dall’articolo 180 del testo unico sull’intermediazione finanziaria). Entro questa categoria il front running è una pratica temo molto diffusa: l’operatore che ha notizie di un grosso ordine di un cliente, che può far salire o scendere il prezzo, inserisce in anticipo un proprio ordine, per trarre beneficio della prevedibile variazione di prezzo. In questo caso l’operatore al tempo stesso viola in qualche modo gli obblighi di riservatezza verso il cliente, viola norme di correttezza e commette il reato di abuso di informazioni privilegiate. Né mi pare che vi sia violazione della privacy se, nel corso di indagini preliminari per l’insider trading o per manipolazione, si acquisiscono le registrazioni dei traders (sovente molto divertenti, per l’uso libero, diciamo così, della lingua italiana e per la franchezza di espressione). Per finire, vi sono dei problemi che invece non sono di agevole soluzione. Una delle più efficaci sanzioni in un mercato che funzioni è quella definita reputazionale: il mercato dovrebbe essere messo a conoscenza dei comportamenti scorretti o illegittimi di un soggetto, per trarne le conseguenze sull’affidabilità del soggetto medesimo. In Italia questa sanzione di mercato funziona poco. Ad esempio il volontario pagamento, dopo la contestazione, di una sanzione pecuniaria inferiore al mas- Luigi Spaventa - Mercato: trasparenza e privacy 117 simo (l’oblazione, come dicono i giuristi) non solo estingue il procedimento sanzionatorio, ma impedisce anche la pubblicità, poichè solo l’irrogazione della sanzione può essere resa pubblica. Il mercato non ne saprà mai nulla; il soggetto ha la possibilità di acquistare questo silenzio con il pagamento di una somma relativamente esigua. Non mi sembra un risultato ottimo. Con questa notazione concludo e ringrazio per l’attenzione. 118 Da costo a risorsa - Attività produttive e protezione dei dati personali Marketplace: Openness and Privacy Luigi Spaventa (1) In principle, one might argue that actually I am a counterpart of the Italian data protection authority. Indeed, the motto of market regulators is – or should be – the one referred to by Justice Brandeis – i.e. sunlight is the best disinfectant. If the information is not brought to light and made public, the regulator of financial markets gets worried and starts itching for punishments. I will try and show that this is not and should not be the way things are, beginning from a few basic considerations. Regulators of financial markets and issuers start from the assumption that investors are in an intrinsically inferior position; to use the economics jargon, one might say that there is an agency cost issue: there is a principal, i.e. the investor, committing his money to entities he does not and never will know; then there is a manager, the agent, whose interests do not necessarily coincide – one might argue pessimistically that they rarely do – with the investor’s ones. The investor’s inferiority is due to reasons that are referred to in economics theories, such as information asymmetry – since he is definitely less familiar with these matters than the manager and/or the executive officer – and contractual gaps, since not all the dangers to be averted can be envisaged. The issue of protecting investors was raised long ago, as all of you know; indeed it was addressed for the first time in the Usa with the 1934 Act. Protection of investors is based on two main tools, especially as regards companies. Firstly legal and “voice” remedies should be made available to investors. Legal remedies consist in the possibility to seek judicial protection against managers and directors both in case of fraud and – as regards US case law – on account of breach of fiduciary duty or the so-called duty of care. Voice remedies are aimed at enabling shareholders to the greatest possible extent to participate in the assembly, express their opinions and cast their votes. Of no less importance, perhaps even more important, is providing investors with the possibility to vote with their wallets – by facilitating their exiting from the investment. In order to exercise their exit rights – or their entry rights, as the case may be -, it is fundamental for investors to be provided with all possible information. Full, transparent information is therefore a prerequisite to ensure operation of markets in a way allowing significant prices to be generated and preventing investors from being exposed to unexpected events on account of circumstances they are not aware of. Obviously companies/issuers are quite keen on their privacy. Company man(1) President of CONSOB [Italian Authority Regulating the Securities Market] Luigi Spaventa - Marketplace: Openness and Privacy 119 agers are actually even keener on this issue. Therefore, supervisory authorities are bound to be on a collision course with this understandable, though not admissible, desire for privacy. What information is not in conflict with the rules I have been referring to, and what other information is in danger of being in conflict with them? Certainly the information concerning companies as legal persons may not be considered to be in conflict with privacy requirements. Therefore, there are everywhere quite detailed rules in place concerning the obligation both to regularly provide information via financial reports to be submitted at quarterly, six-month and yearly intervals, and to provide continuous information. Interesting developments took place recently also with regard to the provision of regular information. Waking up from his slumber, the new chairman of the Securities Exchange Commission – indeed, he should be referred to as the past chairman, since he has already left his position – said that a balance sheet as well as quarterly or six-month reports should allow investors to see a company “through management eyes”, which would appear to question the capability of the accounting and legal jargon used in balance sheets to supply the information requested by investors. As for the continuous information, there are differences related to the individual legal systems. In the Usa reference is made to material information, whereas in Europe this should be – as per the Directive – price-sensitive information, i.e. any kind of information possibly influencing prices. There are at least two areas where there may arise a conflict with privacy regulations. A first one has to do with the obligation imposed on directors to disclose, in accounting reports, their salaries and the benefits granted to them by their companies. Why has this been requested by supervisory authorities? Because it is considered that shareholders should be in a position to assess if what they pay to managers and directors – which is usually not negligible – is money well spent, as well as in order to account for all other remuneration mechanisms that are not included in pay-slips – including, above all, stock options. A second set of information, which is perhaps even more sensitive, is related to the negotiations made by directors in respect of a company’s securities. This information is important because directors are in the possession of data that are not known to shareholders. On the one hand it is necessary to check that no insider trading takes place. On the other hand, those transactions provide clues to the stance taken by managers in respect of their companies. Let me only remind you that, in connection with the Enron case, it was found that the directors of the seventh-largest US company had managed to get 600 million dollars on the eve of the company’s winding up by selling their shares when the quotations were still high – which definitely did not make a good impression. Nor did it make a good impression when it was found that the director of another company, currently wound up, had got richer – perhaps one should say that he had 120 Da costo a risorsa - Attività produttive e protezione dei dati personali improved the quality of his life – by purchasing pictures at the company’s expense. These are the two areas in which we are potentially on a collision course with the Italian data protection authority – however, this is only a potentiality. In implementing legislative decree no. 58/98, Consob required that directors’ salaries should be made public. Distinguished personages obliged me with their visit to explain that, by disclosing their salaries, they would run the risk of being kidnapped, or that publishing their salaries would hinder negotiations with trade unions’ representatives. It was claimed that these provisions would be in breach of their privacy – at all events, that they were unlawful. These claims have had no consequences. Indeed, the Italian data protection authority did not consider that disclosing directors’ salaries was against the right to privacy. The administrative court competent for this subject matter also ruled that Consob was empowered to impose this obligation. We are grateful to the Italian Garante for its decision, which allowed those data to be regularly published. The insider dealing issue, i.e. the negotiation by directors of a company’s securities, is more complex. There is no legal basis allowing Consob to require this information to be immediately notified. Recently, the Stock Exchange authorities decided, in a sudden rush of innovation, to impose mandatory disclosure of this information firstly on a monthly, and thereafter on a quarterly basis. The Stock Exchange asked the Garante whether they were allowed to request such information; once again, the Garante ruled that this was to be permitted. Therefore, it seems to me that there has never been any collision between the interests safeguarded by Consob and those protected by the Italian Garante. In both cases I mentioned, the Garante clearly appreciated where the boundaries of personal data protection should be set in order not to jeopardise other requirements. In other cases our interests happen to be the same – for instance, whenever privacy rules are infringed with a view to gain. Let me give you an example that has to do with insider trading activities – what is termed “misuse of privileged information” under Section 180 of the Consolidated Statute on Financial Intermediation Activities. In this context, the so-called front running is unfortunately quite common a practice. A broker knowing that a customer is going to place a major order, which will cause prices to increase or decrease, enters his own order first to profit from the expected price variation. In this case, the broker acts both in breach of his confidentiality duties with regard to his customer and in breach of fairness rules, and is also liable for the offence of misusing privileged information. Nor do I believe that privacy is infringed if, during preliminary inquiries into insider trading activities and/or manipulation, tapes of the traders’ conversations are acquired – which are often quite amusing, given their – so to say – unconventional usage of the Italian language. Luigi Spaventa - Marketplace: Openness and Privacy 121 To conclude, there are issues that cannot be solved that easily. One of the most effective penalties in a functioning market is the reputational one – that is to say, the market should be informed of any instance of unfair and/or unlawful conduct by a given entity so as to draw the relevant conclusions as for that entity’s reliability. In Italy, this market-based punitive mechanism does not work properly. For instance, paying a fine voluntarily to an extent lower than the maximum amount not only results into extinguishing the proceeding involving punitive sanctions, but also prevents disclosing the relevant circumstances - since only imposition of a punishment may be disclosed. Therefore, the market will never be informed of this occurrence. The entity concerned is enabled to purchase this silence by paying a comparatively small sum. I would not regard this as an excellent achievement. This was my last remark. Many thanks for your attention. 122 Da costo a risorsa - Attività produttive e protezione dei dati personali The Impact of Privacy Policies on Business Processes Martin Abrams (1) (1) Center for Information Policy Leadership - Usa Martin Abrams - The Impact of Privacy Policies on Business Processes 123 124 Da costo a risorsa - Attività produttive e protezione dei dati personali Martin Abrams - The Impact of Privacy Policies on Business Processes 125 126 Da costo a risorsa - Attività produttive e protezione dei dati personali Martin Abrams - The Impact of Privacy Policies on Business Processes 127 128 Da costo a risorsa - Attività produttive e protezione dei dati personali Martin Abrams - The Impact of Privacy Policies on Business Processes 129 130 Da costo a risorsa - Attività produttive e protezione dei dati personali Does Business Need In-House Self-Regulation? A self-regulatory approach taking as an example the data protection policy of the DaimlerChrysler AG Alfred Büllesbach(1) I. Introduction The continuing development of our information society changes the way of doing business. Computer networks have been developed from proprietary and regional systems to open and global infrastructures, services that were separated until now have been developed into multimedia applications(2) and information technology allows interaction between software components based on various platforms. This development promotes a worldwide exchange of goods and services which leads to the consequence that competition becomes more and more a global challenge. The more modern information and communication technologies are used for various purposes, the more data are accumulated which increases the possibilities of matching and processing personal data collected in different connections. This development leads simultaneously to a raise of the potential risks of fraudulent use of data which might adversely affect the privacy rights of data subjects. The classic risks of unauthorized access, data loss, data manipulation, data theft and computer crime are omnipresent, especially within the framework of global networking, cooperation and diverse use of public networks. These potential risks for the privacy rights of data subjects become more and more subject of public discussions which leads at the same time to a raise of the concerns of consumers and contracting partners regarding the collection and use of their personal data by companies. Due to this increased sensitivity the handling of personal data becomes an important aspect in the course of choosing one’s business partner. Therefore, the development and integration of appropriate data security and data protection concepts in products and services is crucial for companies acting in global markets. In designing data protection and security concepts, companies have to consider legal as well as technological methods and instruments. II. Tendencies of the worldwide privacy legislation Overall, increasing activities in enacting data protection laws can be observed. (1) Chief Officer Corporate Data Protection Daimler Crysler - Germany (2) Büllesbach, Konvergenz durch Standardisierung und Selbstregulierung, in DGRI Jahrestagung 2001, forthcoming; Holznagel, Konvergenz der Medien, in DGRI Jahrestagung 2001, forthcoming. Alfred Büllesbach - Does Business need In-House Self-Regulation? 131 Due to the lack of a globally competent legislator, worldwide acting companies have to cope with different legal requirements laid down by national lawmakers. Especially, in Asian countries there is a wide-spread tendency of incorporating data protection and privacy issues in laws governing electronic commerce. On the one hand, by addressing privacy concerns of data subjects by means of legal regulations it is intended to overcome resistance to online transactions. On the other hand, these countries want to ensure that the power of law enforcement authorities will not be undermined by using modern information and communication technologies. Another important influence on international data protection legislation has to be attributed to regulations restricting the transfer of personal data to third countries that are not considered as countries providing an adequate level of data protection. These requirements result for instance from art. 25 of the EC-Directive,(3) or from Principle 9 of the National Privacy Principles of the Privacy Amendment (Private Sector) Act of Australia,(4) or from Sec. 33 of the Personal Data (Privacy) Ordinance of Hong Kong,(5) or from art. 24 of the Computer-Processed Personal Data Protection Law of Taiwan(6) as well as from Sec. 12 of the Personal Data Protection Act of Argentina,(7) or from art. 10 of the Draft of the Senate Bill No. 61 of Brazil.(8) In order to avoid a hindrance of transborder data flow, national legislators are forced to take actions. The attacks of September 11, 2001 have led to remarkable changes in the legislative framework of almost all industrialized societies worldwide. Broadly speaking, these changes have led to increased powers for “public authorities” all around the world sometimes with direct or indirect impact on the protection of personal data. In spite of the diversity of national data protection laws, it is ascertainable that the data protection and privacy legislation is on the way to an international law convergence.(9) Worldwide it could be generally differentiated between the following three models taken by legislators in order to address privacy issues: - a comprehensive regulatory approach, - a sector specific approach, - a self-regulatory approach. (3) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L 281, 23/11/1995. (4) Privacy Amendment (Private Sector) Act of 2000, http://www.privacy.gov.au/act/index.html. (5) Personal Data (Privacy) Ordinance of 1995, http://www.pco.org.hk/english/ordinance/ordglance.html. (6) Computer-Processed Personal Data Protection Law of 1995, http://www.virtualasia.com/taiwan/bizpack/legalcodes/cpdpl.htm. (7) The Personal Data Protection Act of Argentinia of 2000, http://www.privacyexchange.org. (8) Draft of the Federal Senate Bill No. 61, 1996, http://www.privacyexchange.org. (9) Büllesbach, Datenschutz in einem globalen Unternehmen, RDV 2000, 1, p. 2. 132 Da costo a risorsa - Attività produttive e protezione dei dati personali These approaches do not exclude each other. On the contrary, often legislators make use of a combination of two or even three of these models in order to provide an appropriate regulatory data protection scheme. 1. Comprehensive approach Characteristically, acts following the comprehensive approach stipulate requirements for the collection, processing and use of personal data by public as well as by private sector entities,(10) regardless of the application and the purpose for which the data is collected. These acts grant data subjects access and correction rights in respect to their personal data and provide for sanctions in case of a violation of data protection regulations, like compensation for damages or criminal offenses. The observance of these legal requirements is ensured by external governmental controlling bodies, which have the power to investigate actions that might contravene privacy regulations. The EC-Directive and consequently all member states follow the comprehensive regulatory approach. A lot of European states which are not member of the EC have Privacy Acts that are leaned on the EC-Directive. Some countries of the Asia/Pacific region like Australia, Hong Kong, New Zealand and Taiwan have implemented this regulatory model as well. The Privacy Act of New Zealand provides for the appointment of an internal data protection officer whose responsibilities include the encouragement of the compliance with the act by the respective entity.(11) Under the Australian Privacy Amendment (Private Sector) Act private sector entities may develop their own rules for the protection of privacy which might substitute the National Privacy Principles and which are enforced by the private sector entity itself and overseen by governmental control institutions. In North America, only Canada has adopted a privacy system according to the comprehensive regulatory approach. The new privacy protection legislation in Chile and Argentina also reflects the European Data Protection Directive 2. Sector-specific approach Countries which have followed this approach have not enacted a general data (10) Concerning the Computer-Processed Personal Data Protection Law of Taiwan it has to be noticed that this act applies only to any credit investigation business or organization or individual whose principal business is to make the collection of computerized processing or personal data any hospital, school, telecommunication business, financial business, securities business, insurance business, and mass media and other enterprises, organizations, or individuals designated by the Ministry of Justice and the central government authorities in charge of concerned end enterprises (see art. 3 no. 7 of the ComputerProcessed Personal Data Protection Law of Taiwan). (11) See Sec. 23 of the Privacy Act of New Zealand. Alfred Büllesbach - Does Business need In-House Self-Regulation? 133 protection law, but have issued regulations governing data protection issues for particular applications, e.g. the financial sector, the telecommunications sector or electronic commerce. According to US legal tradition, law is primarily intended to protect the citizen from encroachments by the government. The regulation of the relationships between private (individuals and/or corporations) is to be avoided where possible. Consequently, the US-private sector is in regard to privacy issues only affected by several area-specific regulations In the Asia/Pacific region, the Philippines(12) as well as South Korea(13) and China have enacted specific regulations of different kinds. Apart from the efforts to enact comprehensive data protection laws, up to now there are only sector-specific regulations in Singapore(14), India(15), Malaysia(16) and Thailand(17). 3. Self-regulatory approach The self-regulatory approach is based on the idea that data protection can be achieved through various forms of self-regulation, in which companies and industry bodies establish codes of practice and engage in self-policing. Global acting companies have to ensure the compliance with a diversity of national regulations. Self-regulatory mechanisms might be very helpful to cope with the heterogeneity of the data protection legislation. To ensure the variety of legislation a permanent analysis of the different national legislative activities is necessary. An effective internal enforcement infrastructure is also needed. These activities can conduct to a global strategy which is especially needed for transborder data flow and electronic commerce. The increasing customer awareness is also an important fact that should be taken into consideration by a global data protection strategy being based on self-regulatory mechanisms. The loss of revenue in the e-commerce-sector because of priva(12) E.g. Bank Secrecy Act (Republic Act 7653); Secrecy of Banks Deposits Act (Republic Act No 1405); E-Commerce Act of 2000 (Republic Act No 8972 of 2000, http://www.chanrobles.com/republicactno8792.htm) (13) E.g. Law on the Protection of Personal Information managed by Public Agencies of 1994; Act on the Disclosure of Information by Public Agencies of 1996; Basic Act on Electronic Commerce 1999; Law on the Protection of Communications Secrecy Act of 1993; Telecommunications Business Act of 1991; Act Relating to Use and Protection of Credit Information of 1995; Postal Services Act of 1982 (14) E.g. Banking Act, last amended 2001; Computer Misuse (Amendment) Act of 1998; Electronic Transactions Act 1998; for further information see http://www.lawnet.com.sg/. (15) E.g. Information Technology Act; for further information see http://www.mbc.com and Electronic Privacy Information Center, Privacy & Human Rights 2001 An International Survey of Privacy Laws and Developments, USA 2001, p. 173 (16) E.g. Communications and Multimedia Act of 1998, http://www.cmc.gov.my/legislationframe.htm; Computer Crime Act of 1997, http://www.ktkm.gov.my; Banking and Financial Institutions Act of 1989 (17) Official Information Act B.E. 2450 of 1997, http://203.152.23.33/html/fslaw_e.htm. 134 Da costo a risorsa - Attività produttive e protezione dei dati personali cy concerns(18) and the general increasing interest in privacy(19) make a proactive engagement in data protection and privacy very important. There are several instruments of self-regulation that could be combined to achieve a comprehensive data protection strategy. Self-declarations as consumer confidence and privacy statements transport the strategy to the public. Corporate standards of conduct are binding the companies and employees. The participation in privacy programs guaranteed by bilateral contracts as the Safe Harbor Principles (EC/USA) could be another building block in a global privacy strategy. To effectively carry through a global strategy a quality management system being based on internal or external audits is needed. By way of privacy seals external audits could be provided to the public. Self-control could also be implemented by establishing a organization of data protection officers. A parallel usage of these self-regulatory instruments is conceivable and partly necessary to address the arising privacy issues. Apart from self-regulatory approaches integrating many companies, there are also different mechanisms which could be used by single companies, like Codes of Conduct, Integrity Codes, Privacy Statements in order to inform the contractors or potentials about one’s privacy policy, or contractual solutions using model clauses in specific areas of application.(20) III. Challenges for global acting companies The self-regulatory approach could also be used to cope with the problems concerning transborder data flows. In general, according to art. 25 para.1 of the EC-Directive, or Principle 9 of the National Privacy Principles of the Privacy Amendment (Private Sector) Act of Australia, or Sec. 33 of the Personal Data (Privacy) Ordinance of Hong Kong, or Sec. 12 of the Personal Data Protection Act of Argentina, or art. 10 of the Draft of the Senate Bill No. 61 of Brazil, a transfer of personal data to a third country requires that the third country in question ensures an adequate level of data protection. According to art. 25 para.2 the European Commission may consider a third country to be providing an adequate level of data protection.(21) A similar authorization is particularly (18) FT, 28 Feb. 2001: 12 million people stopped buying over the net because of privacy concerns. That relates to $ 12 billion loss of revenue generated over e-commerce. (19) Westin Research: Privacy Fundamentalists, 25 % in 1990, same in 2000; Privacy Pragmatists, 55 % in 1990, increasing to 63 % in 2000; Privacy-Unconcerned, 20 % in 1990, dropping to 12 % in 2000. (20) Regarding the term “self-regulation” and self-regulatory instruments see Bizer, Selbstregulierung des Datenschutzes, DuD 2001, p. 168. (21) See for further information Jacob, Datenübermittlungen in Drittländer nach der EU-Richtlinie in Büllesbach (ed.) Datenverkehr ohne Datenschutz, Verlag Dr. Otto Schmidt KG, 1999. p. 25 ss.; Brühann, Die aktuelle Debatte um den Alfred Büllesbach - Does Business need In-House Self-Regulation? 135 granted by Sec. 33 para.3 of the Personal Data (Privacy) Ordinance of Hong Kong to the Commissioner. Up to now, only Hungary,(22) Switzerland(23) and Canada(24) are recognized by the European Commission as countries providing an adequate safeguard. Furthermore, personal data collected in the EU/EEC may be transferred to the U.S. provided that the US-American company adheres to the Safe Harbor Principles and is subject to the jurisdiction of the Federal Trade Commission or another institution which effectively ensures the compliance with the principles.(25) Since the Safe Harbor Principles provide only a solution for the transfer of personal data from the EU/EEC to the US they are not an appropriate instrument for companies exchanging personal data worldwide.(26) If the third country does not ensure an adequate level of data protection a company has the following options to legalize a transborder data flow: - obtaining the consent of the data subject to the transfer(27) or - adducing adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and with regards to the exercise of the corresponding rights. Such safeguards may in particular result from appropriate contractual clauses or Codes of Conduct.(28) Since personal data is transmitted worldwide, a global acting company needs a global solution to cope with the different legal requirements in respect of transborder data flow. internationalen Transfer von personenbezogenen Daten in Büllesbach (ed.) Datenverkehr ohne Datenschutz, Verlag Dr. Otto Schmidt KG, 1999. p. 35 ss.; Simitis, Der Transfer von Daten in Drittländer – ein Streit ohne Ende? in Büllesbach (ed.) Datenverkehr ohne Datenschutz, Verlag Dr. Otto Schmidt KG, 1999. p. 177 ss. (22) Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Hungary, Official Journal of the European Communities, 8/25/2000, L 215/4. (23) Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland, Official Journal of the European Communities, 8/25/2000, L 215/1. (24) Commission Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act, Official Journal of the European Communities, 1/4/2002, L 2/13. (25) Commission Decision of 27 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the Safe Harbor Privacy Principles and related Frequently Asked Questions issued by the US Department of Commerce, http://europa.eu.int/comm/internal_market/en/dataprot/news/decision_de.pdf. (26) Critical standpoint to the Safe Harbor Principles is also taken by Karstedt-Meierrieks, Selbstregulierung des Datenschutzes – Alibi oder Change?, DuD 2001, 287, p. 288. (27) See art. 26 para.1 a) of the EC-Directive; Principle 9 (b) of the National Privacy Principles of the Privacy Amendment (Private Sector) Act 2000 of Australia, Sec. 33 para.2(c) of the Personal Data (Privacy) Ordinance of Hong Kong. (28) art. 26 para.2 of the EC-Directive, Principle 9 (f ) of the National Privacy Principles of the Privacy Amendment (Private Sector) Act 2000 of Australia, Sec. 33 para. 2 (f ) of the Personal Data (Privacy) Ordinance of Hong Kong. See also Büllesbach, Überblick über Europäische Datenschutzregelungen bezüglich des Datenaustausches mit Ländern außerhalb der Europäischen Union, RDV 2002, forthcoming. 136 Da costo a risorsa - Attività produttive e protezione dei dati personali IV. Advantages of the Code of Conduct in comparison to the other solutions Taking all the pros and cons of the several options into account, Codes of Coduct are the best solution to cope with the issues arising from globalization, especially with the requirements of transborder data flow. To obtain a legally effective consent, it will be necessary to inform the data subject in advance about all intended data processings and especially about the fact that her or his data are transferred to substandard countries. Especially, the last notification requirement could raise serious marketing issues. Another problem is that the data subject is not prevented from withholding or revoking her or his consent. If this would be the case, her or his data could not be transferred to a third country. Furthermore, the mere consideration of this possibility could result in complicating the whole data processing process. The usage of contractual clauses allows to consider the peculiarities of each single processing.(29) But, due to the necessity to incorporate these clauses in each single contract as well as to update the contracts in case of changes (e.g. M & A) this concept results in an increased expenditure for administration. Moreover, under the EC-Directive, the contract between the data exporter established in the EU/EEC and the data importer established in the third country to whom the data are transferred must be individually approved by or notified to the appropriate data protection authorities in each Member State from which the data are transferred, making this a time-consuming and expensive process. The risk that the respective data protection authority refuses to provide its approval could be minimized by incorporating model clauses, which are formally adopted by the European Commission being a sufficient safeguard for the transfer of personal data to third countries.(30) In other words, if a company would incorporate the model clauses, the competent authority would be bound by the decision of the European Commission and could not refuse to provide its approval. But, in order to make use of the decision of the Commission, companies are required to adopt the model clauses word by word. Any alteration has to be approved by the respective authority. Additionally the use of model clauses could cause an unacceptable administrative expenditure for complex systems of contracts. Since the model clauses will serve as a benchmark for individually concluded contracts, it is questionable, whether a data protection authority would approve contractual clauses, which do not provide for the same safeguards and rights granted to data subjects as the model clauses do. The Safe Harbor Principles-Program is only created to provide safeguards for (29) Büllesbach/Höss-Löw, Vertragslösung, Safe Harbor oder Privacy Code of Conduct, DuD 2001, 135, p. 137. (30) See Commission Decision of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC, Official Journal of European Communities, 7/4/2001, L 181/19; Commission Decision of 27 December 2001 on standard contractual clauses for the transfer of personal data to processors established in third countries, under Directive 95/46/EC, Official Journal of European Communities 1/10/2002, L 6/52. Alfred Büllesbach - Does Business need In-House Self-Regulation? 137 the transfer of data from the EC to the US. This covers only a part of the data tranfers of a global acting company and must be combined with other solutions. The combination of the Safe Harbor Principles with other solutions would cause an additional administrative expenditure. Additionally Codes of Conduct provide an answer to other challenges arising from globalization. Even if Codes of Conduct could not be a substitute for national laws, by prescribing worldwide recognized data protection principles which, are based on several national laws, Codes of Conduct provide a possibility for companies to make use of the tendency of law convergence. Codes of Conduct could be easily implemented, controlled and updated which minimizes costs. Furthermore, the adherence to the Codes of Conduct ensures uniform procedures for the handling of personal data within companies. This allows customers to trust that their data is handled in the same manner, regardless where they are, which constitutes a competitive advantage. V. Data protection policy in the DC group As a conclusion it can be said, that a global acting company needs a global data protection policy. The Code of Conduct is the most adequate means of self-regulation for a group-wide data protection policy. It provides an uniform standard and philosophy for the DaimlerChrysler group (DC group), results in an uniform image in data protection of the DC group and satisfies the requirements of Electronic Commerce of today and in the future. The data protection strategy in the DC group is based on three pillars of selfregulation. The Codes of Conduct for customer and HR data provide an uniform standard and philosophy. In order to control the observance of the obligations resulting from Codes of Conduct, an international control infrastructure has been installed. An internal decentralized organization of data protection coordinators which locally undertake the tasks of the Chief Officer Corporate Data Protection has been established. The independent position of the Chief Officer Corporate Data Protection ensures a corporate law enforcement of the Code of Conduct.(31) 1. Codes of Conduct The content of the Codes of Conduct covers: - Aim of the Code of Conduct - Scope of the Code of Conduct - Application of law of individual nations (31) Büllesbach, Konzeption und Funktion eines Datenschutzbeauftragten vor dem Hintergrund der EG-Richtlinie und der Novellierung des 138 Da costo a risorsa - Attività produttive e protezione dei dati personali - Principles for the processing of personal data - Special categories of personal data - Notification and consent of the data subjects - Confidentiality of processing - Principles of data security - Marketing data /data processing on behalf /involvement of third parties - Customer Contact via Telecommunication - Remedies/sanctions/responsibilities - The Chief Officer Corporate Data Protection - Definitions 2. Global Data Protection Organization of DaimlerChrysler The global data protection organization of DaimlerChrysler is divided into four committees for the regions Europe, NAFTA, Asia/Pacific and Latin America each having respective data protection coordinators. Chairman of these committees is the Chief Officer Corporate Data Protection (CPO). The European committee is divided into three subcommittees for central functions and plants, sales and ebusiness and DaimlerChrysler Services. The meeting schedule of the committees is at least once a year. The data protection coordinators are the contact persons for the employees and the customers. They do the consulting and training on the spot. The coordinators also cope with complaints and are responsible for the administration of the decentralized controlling function. Additionally the data protection coordinators have a reporting function to the CPO. 3. Internal law enforcement within the DaimlerChrysler group The internal law enforcement is based on the Chief Officer Corporate Data Protection (CPO) with a worldwide responsibility, who reports directly to the Board of Management. The Chief Data Protection Officer supervises the observance of national and international data protection regulations and of this Code of Conduct. He is supported by decentrally-located data protection coordinators. The companies of the Group and the persons responsible for data processing must ensure that the requirements of data protection are observed. Infringements by employees may be pursued according to applicable provisions of labor law or disciplinary rules. In case of data transfers from one company of the Group located in the EU/ECC (data exporter) to another company of the Group outside the EU/ECC Alfred Büllesbach - Does Business need In-House Self-Regulation? 139 (data importer), the Chief Officer Corporate Data Protection and the data importer must cooperate with the competent supervisory authority in which the data exporter has its seat in the course of all inquiries. If a data subject alleges a breach of this Code of Conduct by the data importer, the data exporter must lend support to the data subject to clarify the situation. The data subject’s rights can also be applied against the data exporter. VI. Summary Considering the fact that there exists no worldwide data protection law and at the same time taking into account that enterprises and markets have gained global dimensions, it is evident that there is a need for worldwide self-regulation as far as data protection and data security are concerned. Privacy is an integral part of quality. A company that recognizes data protection and data security risks as a risk for the company, has an competitive advantage when establishing a global data protection strategy. 140 Da costo a risorsa - Attività produttive e protezione dei dati personali Alfred Büllesbach - Does Business need In-House Self-Regulation? 141 142 Da costo a risorsa - Attività produttive e protezione dei dati personali Alfred Büllesbach - Does Business need In-House Self-Regulation? 143 144 Da costo a risorsa - Attività produttive e protezione dei dati personali Alfred Büllesbach - Does Business need In-House Self-Regulation? 145 146 Da costo a risorsa - Attività produttive e protezione dei dati personali Alfred Büllesbach - Does Business need In-House Self-Regulation? 147 148 Da costo a risorsa - Attività produttive e protezione dei dati personali Alfred Büllesbach - Does Business need In-House Self-Regulation? 149 150 Da costo a risorsa - Attività produttive e protezione dei dati personali Alfred Büllesbach - Does Business need In-House Self-Regulation? 151 Uso a fini privati dei dati personali in mano pubblica Vincenzo Zeno Zencovich(1) Lo sfruttamento economico dei dati personali detenuti da soggetti pubblici presenta indubbie lusinghe: si tratta di grandi numeri, e di dati di rilevante interesse. I soggetti pubblici sono storicamente attrezzati a raccogliere e conservare dati, ma non rientra nella loro tradizione sfruttarli economicamente, attività per la quale è necessaria una attitudine imprenditoriale. Sicuramente un privato saprebbe trarne maggiore profitto, con significative esternalità positive: l’informazione è un fattore importante della produzione e più essa è accessibile, anche se a pagamento, più razionali sono le scelte degli attori del processo economico. È dunque facile cogliere le potenzialità del tema e comprendere i vantaggi che alle imprese deriverebbero dalla accessibilità e facile fruibilità di tali dati. Nel contempo sorgono istintivamente delle perplessità. I soggetti pubblici acquisiscono dati personali in genere sulla base di un rapporto di soggezione del privato il quale è obbligato a fornirli oppure, se vuole avvalersi di taluni servizi o prestazioni, deve identificarsi. Questi dati, acquisiti ratione imperii, verrebbero poi ceduti dietro corrispettivo a terzi i quali li utilizzerebbero per trarne profitto. L’intuitivo squilibrio della situazione descritta si fa più razionale se essa è analizzata con una visuale più ampia. La disciplina del trattamento dei dati personali - a livello comunitario - è anche una regola di allocazione di risorse informative. Non ci si stancherà di evidenziare lo stretto legame fra la Direttiva 95/46 sul trattamento dei dati personali e la - di poco successiva - Direttiva 96/6 sulla tutela giuridica delle banche dati. Con quest’ultima si accorda protezione ad un insieme di informazioni; con la prima si fissano dei limiti alla libera appropriabilità di talune informazioni, i dati personali. L’individuo controlla i dati che lo riguardano e stabilisce se e come possano essere appropriati da terzi. La proposta di direttiva sul “riutilizzo dei documenti del settore pubblico e il loro sfruttamento a fini commerciali” altera significativamente il bilanciamento degli interessi raggiunto da una lettura coordinata delle due direttive. Il primo punto critico è stato già evidenziato: l’individuo è tenuto a fornire i propri dati a soggetti pubblici, venendone in tal modo espropriato. Vi sono tuttavia una serie di vantaggi che egli trae da tale coattiva comunicazione: ottiene l’erogazione di taluni servizi; riceve certezza in ordine al proprio status o a suoi diritti. Il sistema presenta dunque una sua razionalità nel rapporto privato - soggetto pubblico - anche se (1) Università Roma III 152 Da costo a risorsa - Attività produttive e protezione dei dati personali è economicamente poco efficiente nel rapporto fra soggetto pubblico e impresa. Nel sistema divisato egli, indirettamente, cederebbe - senza consenso e senza corrispettivo - i suoi dati a terzi. È vero che questi pagherebbero, ma l’utilità economica spetterebbe solo all’ente pubblico. Quest’ultimo - e non più l’interessato - avrebbe un property right sui dati che gli sono conferiti dai singoli in virtù del rapporto di autorità o di amministrazione. Il secondo punto critico è connesso: la comunicazione dei dati al soggetto pubblico risponde a precise finalità ed è strumentale allo svolgimento di attività pubbliche che, per definizione, dovrebbero essere nell’interesse generale, oltre che, sovente, presentare utilità concrete per l’interessato. È questo interesse generale che guida l’attività del soggetto pubblico imponendo il rispetto di una serie di principi ormai acquisiti nel sistema costituzionale e comunitario: la legittimità, l’imparzialità, la non discriminazione, la proporzionalità della sua azione. Da ciò conseguono regole procedimentali, controlli, responsabilità. È facile comprendere che, nel momento in cui i dati sono conferiti a soggetti privati in primo luogo le finalità del trattamento cambiano mettendo in evidenza l’utilità economica del titolare; in secondo luogo il soggetto privato non è - né è logico che sia - gravato dagli oneri che invece sono propri del soggetto pubblico, essendo la sua azione libera nelle forme e nei fini. In terzo luogo il soggetto privato non ha quelle responsabilità o anche solo quella accountability che invece sono imposte al soggetto pubblico. Ed in ogni caso mentre quest’ultimo è tendenzialmente un soggetto unico, ben individuato, la cessione a terzi di dati pubblici operata nel rispetto del principio di non discriminazione moltiplica i soggetti potenzialmente autori di trattamenti non corretti rendendo estremamente difficile - anche grazie alla circolazione transfrontaliera dei dati - il controllo da parte dell’interessato. È possibile evitare tali inconvenienti e conciliare tutela dei dati personali con circolazione delle informazioni? Al quesito possono darsi alcune risposte ma esse, come si vedrà, non sono del tutto soddisfacenti. a) restrizione dei dati trasferibili a soggetti privati: una prima strada da percorrere potrebbe essere quella di cercare di restringere la categoria di dati trasferibili a terzi, escludendo, ad esempio, quelli sensibili o “semi-sensibili” ovvero altri come ad esempio quelli inerenti a rapporti tributari. Non pare convincente ed efficiente la soluzione- individuata dalla proposta di direttiva- di consentire la cessione dei dati per i quali l’ordinamento nazionale ammette un diritto di accesso. Tale diritto, infatti si configura in maniera variegata e riguarda solitamente un dato, un soggetto, non una massa di dati relativa ad una molteplicità di soggetti. Peraltro il diritto di accesso è solitamente finalizzato al soddisfacimento di un preciso interesse individuale. Come è stato opportunatamente osservato dalla giurisprudenza, la circo- Vincenzo Zeno Zencovich - Uso a fini privati dei dati personali in mano pubblica 153 stanza che un dato sia conservato in un pubblico registro non legittima di per sé la diffusione urbi et orbi del dato medesimo. b) restrizione delle finalità per le quali i dati possono essere ceduti: un’altra strada potrebbe essere quella di consentire la cessione dei dati pubblici ai privati a condizione che essi ne facciano il medesimo uso consentito al soggetto pubblico. Ancorché razionale, la soluzione è di ben scarsa utilità: il privato vuole acquisire i dati pubblici perché vuole sfruttarli in modo più intenso e innovativo. Se dovesse limitarsi a farlo ad imitazione del soggetto pubblico (ad es. rilascio di attestazioni o “visure”) sarebbe sufficiente un suo collegamento telematico con il sistema che gestisce i dati pubblici. c) restrizione dei soggetti cui cedere i dati: al fine di assicurare un maggiore controllo sul corretto utilizzo dei dati da parte di terzi sarebbe possibile pensare di restringere il numero dei soggetti privati abilitati al trattamento dei dati personali pubblici. Si tratta di una linea antitetica a quella della proposta di Direttiva che si fonda sul principio di non discriminazione (e dunque di astratta illimitata fruibilità). Tuttavia non è difficile scorgere i prevalenti interessi generali che suggeriscono una limitazione a pochi soggetti del riutilizzo di tali dati. È evidente che in tal modo si pone il problema della scelta del o dei soggetti: ma qui i meccanismi comunitariamente compatibili sono ben collaudati e vanno dalla qualità ed affidabilità del soggetto all’eventuale offerta economica presentata per aggiudicarsi la gara. d) una ipotesi alternativa: i dati personali pubblici come res extra commercium: non si può peraltro ignorare una diversa prospettiva che configuri i dati personali detenuti dai soggetti pubblici come res extra commercium e dunque in radice sottratte ad uno sfruttamento economico diretto o tramite terzi. Dal punto di vista normativo si possono rinvenire significativi elementi nella Direttiva 95/46 essendo la cessione a terzi per scopi di lucro incompatibile con le finalità per le quali i dati sono stati raccolti. Oltretutto verrebbe a crearsi un vistosa disparità fra dati detenuti da titolari privati - che possono essere comunicati a terzi solo in ipotesi limitate e in genere con il consenso dell’interessato - e dati detenuti da titolari pubblici abilitati ad una generale disseminazione dei dati. Ma vi sono anche ragioni di ordine più generale: tutti ricordiamo che la prima spinta verso la protezione della riservatezza informatica nasce dalla preoccupazione efficacemente rappresentata dalla figura letteraria del “Grande Fratello” di George Orwell. Ed è nei confronti delle banche di dati pubbliche - le uniche all’epoca - che si appunta l’attenzione. Lo Stato dovrebbe ora trasformarsi da potenziale “nemico” della riservatezza individuale in suo difensore. tutelando in tal modo anche il rapporto di fiducia con le parti del contratto sociale. I dati personali pubblici vanno ge- 154 Da costo a risorsa - Attività produttive e protezione dei dati personali stiti direttamente dallo Stato, al pari di altri beni fuori commercio, come quelli ambientati e molti di quelli culturali. Ed il richiamo all’ambiente e all’arte non appare fuori luogo perché ci porta in un dibattito sulla riservatezza da costo a risorsa- a riflessioni che sono state ampiamente svolte nel confrontarsi fra ragioni dell’ecologia e sviluppo sostenibile, fra difesa del patrimonio nazionale e corretta fruizione dello stesso. Si tratta di problemi di difficile soluzione, ma sicuramente il dibattito sulla tutela dei dati personali assume dimensioni più vaste e implicazioni di policy di più ampio respiro. Vincenzo Zeno Zencovich - Uso a fini privati dei dati personali in mano pubblica 155 Using Personal Data Held by Public Entities for Private Purposes Vincenzo Zeno Zencovich(1) The business exploitation of personal data held by public entities is undoubtedly appealing: one has to do with a major amount of data, which are of considerable interest. Public entities have traditionally been equipped to collect and store data; however, exploitation of these data for business purposes does not fall under the scope of their standard activities – it being an undertaking that requires entrepreneurial approaches. A private entity is undoubtedly in a better position to profit from such data by turning them into a source of significant assets; indeed, information is an important production factor: the more it is available, even if not for free, the more rational the decision-making will be as regards economic actors. Therefore, the potential inherent in this matter can be easily grasped, as can the beneficial effects for businesses produced by availability and ease of use of those data. At the same time, one is bound to feel instinctively perplexed. Public bodies usually acquire personal data on the basis of an individual’s obligation to either supply such data or provide proof of his/her identity in order to obtain certain services. These data as acquired ratione imperii, i.e. by authority, would then be transferred for a consideration to third parties, who could use them for profit-seeking activities. The unfairness of this situation can be appreciated intuitively, but a broader scope of analysis allows attaining a more rational vision. The regulations applying to processing of personal data at Community level can be also regarded as guidelines for allocating information resources. The close relationship between Directive 95/46 on the processing of personal data and Directive 96/9 on the legal protection of databases should be tirelessly pointed out. The latter Directive provides safeguards for sets of information; the former one lays down restrictions on the boundless acquisition of certain items of information – i.e. personal data. Individuals are in control of the data concerning them and decide whether and how they may be acquired by third parties. The draft directive concerning “Reuse and Exploitation for Commercial Purposes of Public Sector Documents” produces significant effects on the balancing of interests that can be achieved by the joint application of the two directives. One first critical issue has already been referred to – namely, the fact that individuals are required to provide their data to public entities and therefore, are dispossessed of their data. However, this compulsory communication entails some benefits: individuals are delivered certain services, or can establish their status (1) Roma Tre University-Italy 156 Da costo a risorsa - Attività produttive e protezione dei dati personali and/or rights with certainty. There is therefore a rationale underlying this system as regards the relationship between individuals and public entities – whilst this same system proves poorly effective in economic terms with regard to the relationship between public entities and businesses. According to the system envisaged in the Draft Directive, an individual would indirectly assign his/her own data to a third party regardless of his/her consent and for no consideration. It is a fact that the third party in question would have to pay for the data, however only the public entity would be entitled to the resulting profit. Only the public entity would be entitled to a property right in respect of the data it receives from individuals on account of the existing authority and/or management relationship. A second critical issue is related to the considerations made above: data communication to a public body serves specific purposes and is necessary for performing public activities which, by definition, should be carried out in the public interest as well as being concretely useful for the individual concerned. This general interest focus underlies the activities of public entities and makes it compulsory for them to comply with principles that have long been recognised in constitutional and Community provisions – namely, lawfulness, impartiality, non-discrimination, proportionality. This results into the need for setting forth procedural rules, controls, and specific liabilities. It can be easily appreciated that the purposes of the processing change whenever data are transferred to private entities, since emphasis is put on the data controller’s economic profit; secondly, private entities are not – nor can be expected to be – subjected to the obligations that are actually typical of public entities, since they are free to act in the manner and for the purposes they find most suitable. Thirdly, responsibilities and accountability of private entities are not the same as those pertaining to public entities. At all events, whilst the latter are usually single, well-defined organisations, assigning publicly-owned data to third parties in compliance with the non-discrimination principle results into multiplying the number of entities that may process such data inappropriately and makes it quite difficult for a data subject to be in control – partly on account of the existing transborder data flows. Can these mishaps be avoided by reconciling personal data protection and free movement of data? This question can be answered in several ways, which are, however, not completely satisfactory – as the paragraphs below will show. a) Limiting the data that may be transferred to third parties: one first solution might consist in trying to limit the categories of data that may be transferred to third parties, e.g. by excluding sensitive and/or “quasi-sensitive” data or else other data such as those concerning taxation matters. The solu- V i n c e n z o Z e n o Z e n c o v i c h - Using Personal Data Held by Public Entities for Private Purposes 157 tion envisaged in the draft Directive – i.e. allowing transfer of a data in whose respect the right of access may be exercised under domestic law – would not appear to be either convincing or effective. Indeed, the access right shows a multifarious pattern and usually refers to one data and one entity – rather than to multiple data concerning several entities. On the other hand, the right of access is usually aimed at meeting a specific individual requirement. As appropriately pointed out in some court decisions, the fact that a data is kept in a public register does not make it lawful, in itself, to unrestrictedly disclose it. b) Limiting the purposes for which the data may be assigned: another solution might consist in allowing publicly-owned data to be assigned to private entities on condition that the latter use them for the same purposes for which they are used by the public entity. Though sensible, this solution is all but useful: indeed, private entities wish to acquire publicly owned data in order to exploit them more thoroughly and innovatively. If they were to limit themselves to using the data in a similar fashion – e.g. to issue certificates and/or attestations – it would be enough for them to connect electronically with the system managing the publicly owned data. c) Limiting the entities entitled to receive the data: in order to allow more effective control on the appropriate use of the data by third parties, limiting the number of private entities that are entitled to process publicly-owned data might be envisaged. This approach goes in the opposite direction to that proposed in the draft Directive, which is based on the non-discrimination principle – entailing unlimited usability, at least theoretically. However, it is not difficult to imagine the overriding general interests that point to the advisability of limiting re-use of such data to a small number of entities. This raises, most obviously, the issue of how to select the relevant entity/entities; Community-compatible parameters have long been tested in this field, ranging from quality and reliability of the recipient(s) up to the tender possibly submitted in order to be granted a public contract. d) An alternative approach: regarding publicly-owned personal data as res extra commercium: one should also take account of a different approach, in which publicly-owned personal data are regarded as res extra commercium (non-marketable goods) that may not be, as such, the subject of economic exploitation whether directly or by the agency of third parties. From a regulatory viewpoint, this position is significantly supported by Directive 95/46 – since assignment to third parties for purposes of gain is incompatible with the purposes for which the data have been collected. Additionally, this type of assignment would give rise to a markedly unequal treatment 158 Da costo a risorsa - Attività produttive e protezione dei dati personali of the data held by private data controllers as compared with those held by public data controllers – since the latter would be enabled to disseminate the data unrestrictedly, whereas the former are currently entitled to only communicate personal data to third parties under specific circumstances and with the data subjects’ consent. However, this approach is also based on more general considerations. We all remember that the first impulse towards protecting computer privacy resulted from the concerns that were aptly described in George Orwell’s literary works as the “Big Brother”. The attention was focussed on public data banks – being the only ones existing at that time. Nowadays, States should turn from potential “enemies” into defenders of privacy, which would allow them to also safeguard the trust relationship with all the parties to the social contract. Publicly owned personal data should be managed directly by States, similarly to other non-marketable goods such as environmental goods and a considerable portion of cultural heritage. The reference to environmental and cultural heritage is far from being out of the place. Indeed, the focus being on how to make privacy from a cost to a resource, this reference points to considerations that have been repeatedly made in connection with the debate on environmental protection and sustainable development, safeguarding national heritage and making appropriate use of our heritage. These issues cannot be coped with easily; however, the issue of personal data protection can be undoubtedly approached in a wider perspective and with deepranging policy implications. V i n c e n z o Z e n o Z e n c o v i c h - Using Personal Data Held by Public Entities for Private Purposes 159 Privacy e rapporti di lavoro(1) Umberto Romagnoli(2) 1. Ricordare gli inizi è sempre utile. Non di rado, è doveroso. Come in questo caso Lo statuto dei lavoratori non era ancora legge dello Stato e già si era sparsa la voce che si stava esagerando coi diritti. Non solo con quelli collettivi, ma anche e soprattutto con quelli individuali che, propiziando un morboso attaccamento alle libertà personali, avrebbero incoraggiato comportamenti sconsiderati. La voce si tramutò in un luogo comune; il quale, come i suoi fratelli, dimostrerà di avere la prerogativa di sovvertire i ritmi biologici. I luoghi comuni, si sa, nascono, crescono, ma non muoiono mai. Predire che la cultura anarco-libertaria del “tutto è lecito” sarebbe dilagata nelle aziende non era molto più realistico di quanto non lo fosse in passato. Tuttavia, la predizione venne ugualmente presa sul serio dai laudatores temporis acti per delegittimare i denigratori di una cultura industriale che volevano caratterizzata dalla prevaricante autorità-autoritaria degli imprenditori. Ogni tanto, per fortuna, il tempo è galantuomo. Così, adesso che nemmeno le giovani mamme più colte conoscono le teorie di pediatri come Spock, i figli liceali non leggono libri di filosofi come Marcuse e i padri, se sono operatori giuridici di mestiere, hanno smesso di doparsi con dosi consistenti di diritto alternativo, adesso – dicevo – è arrivato il momento di confessare quel che allora pensavano in pochi, anche se era la verità. E la verità era che, quando il carastrofismo moralistico si coniuga col trionfalismo apologetico, l’orgasmo della drammatizzazione tocca il culmine e difatti si finisce col perdere di vista che si può essere a sinistra o a destra di tutto, tranne che del buon senso. Per questo, contrapporre ad un’opinione faziosa e parziale un’opinione altrettanto faziosa e parziale, se allora fu il pedaggio pagato alla temperie di una stagione surriscaldata dalle polemiche e avvelenata da insane voglie di rivincita, adesso sarebbe peggio che ozioso. È saggio invece suggerire agli instancabili duellanti di accettare una premessa comune: ammettere cioè che il riconoscimento legale di diritti individuali di libertà nei luoghi di lavoro non va enfatizzato – né da destra né da sinistra. L’ambiente era quello che era; si sa. Tuttavia, per essere persuasiva, anche la più fondata critica della giuridificazione avrebbe dovuto essere preceduta dalla ricerca dei correttivi necessari per giustificare la scelta di lasciare le regole nell’informalità. (1) Questo scritto sarà pubblicato anche negli Studi in onore di Mario Grandi. (2) Università di Bologna - Italia 160 Da costo a risorsa - Attività produttive e protezione dei dati personali Analogamente, pur essendo condivisibile, la soddisfazione per l’intervento legislativo non avrebbe dovuto essere compiaciuta, e compiacente, al punto di pretendere che la titolarità del diritto a fare una certa cosa esonerasse di per sé da censure. Non a caso, un leader carismatico della Cgil sentì il dovere di ammonire, anche a rischio dell’incomprensione o della contestazione, quei “compagni che si erge(va)no a gelosi custodi di certe conquiste come se avessero (avuto) un tesoro da conservare dentro uno scrigno e non si accorg(evano) di montare la guardia ad un mucchietto di cenere”. Correva l’anno 1978, uno dei più cupi della più drammatica crisi che abbia colpito l’Italia nel secondo dopo-guerra, e nel mucchietto di cenere erano finite anzitutto le norme statutarie a tutela della privacy. Titolavano i grandi quotidiani nazionali: “È da lì, dallo statuto, che nascono l’assenteismo e la violenza?”, trasmettendo così all’opinione pubblica la notizia che la riservatezza legislativamente protetta incoraggiava i più lavativi a darsi continuamente malati o, peggio, poteva servire per nascondere le simpatie o le connivenze che alimentavano il terrorismo armato. Infatti, intorno alla norma che aboliva la figura del medico di fabbrica ed a quella che vietava le indagini sulle opinioni e la vita privata, si formò in fretta un alone di diffidenza e i giuristi che avevano assecondato l’ascesa della tendenza dottrinale ad assegnare ai diritti della personalità costituzionalmente garantiti universalità di direzione, e dunque rilevanza anche nei rapporti contrattuali, si rinchiusero in un pensoso silenzio. Luciano Lama non poteva condividere e reagì. Reagì con la medesima energia con cui, un quarto di secolo più tardi, un suo successore respingerà la proposta avanzata da un governo di centro-destra di rimodulare le tutele degli insider a beneficio degli outsider, perché vi leggerà quel che vi leggerebbe anche un Premio Nobel per l’economia: un pretesto, secondo Robert Solow, che spiana il terreno al proposito di “rafforzare gli imprenditori rispetto agli insider”. Lama, dunque, prese pubblicamente posizione, nella forma di una densa intervista a la Repubblica, pronunciando parole che ho sempre giudicato le più adatte a popolarizzare efficacemente l’asserzione secondo cui la relazione tra lavoro e cittadinanza ha la caratteristica instabilità di una barca con l’elefante, perché le libertà del cittadino in quanto lavoratore devono bilanciarsi con la libertà d’iniziativa economica. Infatti, se l’impresa è il luogo in cui più si manifesta l’effetto cumulativo delle disuguaglianze – le concentra, le focalizza, le radicalizza – al tempo stesso è il luogo in cui è più problematico ridurle e pressoché impossibile eliminarle, come insegna la storia ormai secolare delle cooperative di lavoro. Per questo, la normativa statutaria – con buona pace dei reduci dall’autunno caldo del ’69 disposti ad accettare soltanto interpretazioni massimaliste che la stiracchiassero come pelle di zigrino – ha sì ridisciplinato il potere aziendale, lo ha razionalizzato, lo ha procedimentalizzato, Umberto Romagnoli - Privacy e rapporti di lavoro 161 ma non poteva autorizzare ad azzerarlo. Piuttosto, al legislatore non bastava più che esso fosse contenuto entro i limiti di una rigorosa finalizzazione allo svolgimento dell’attività produttiva; voleva che il suo esercizio fosse commisurato a tutti i valori, anche extra-patrimoniali ed extra-contrattuali, di cui il lavoro è portatore per volontà dei padri costituenti. “L’idea-madre dello statuto”, scrisse Luigi Mengoni, “è che l’organizzazione tecnico-produttiva dell’impresa deve modellarsi sull’uomo, e non viceversa”, nell’ampia misura in cui l’inserimento in essa della persona tenuta a lavorarvi subordinatamente assume rilevanza giuridica quale fonte non solo di obblighi di comportamento coordinati alle esigenze dell’organizzazione, ma anche del diritto di proteggersi contro le minacce alla libertà, alla dignità e alla sicurezza. Come dire: lo statuto, più che una riforma, è stato una sfida. Una sfida che gli operatori giuridici, economici e sindacali non potevano perdere o vincere se non insieme. Ce l’hanno fatta? Naturalmente, non intendo insinuare il sospetto che non abbiano raggiunto una maturità culturale e una preparazione professionale all’altezza delle aspettative. Semplicemente, ritengo che la sfida duri tuttora e anzi non terminerà mai. Un po’ perché, malgrado la sua centralità, quella individuale è la dimensione lunare del rapporto di lavoro dipendente e un po’ perché, come ama dire Gérard Lyon-Caen, il diritto del lavoro “c’est Pénélope devenue juriste”. Quindi, se qualcuno mi chiedesse di elencare le idee nobili e generose che mi sedussero in gioventù, non mi vergognerei a mettere in cima alla lista quella che ravvisava nel costituzionalismo aziendale il sentiero percorribile dagli abitanti del pianeta-impresa per tentare di ricomporre la frattura che spacca in due il cittadino: legittimato a partecipare al governo della polis almeno quando entra nella cabina elettorale, quando si veste da produttore subalterno può vedersi negata da altri uomini la possibilità di avvalersi dei diritti derivanti dal contratto quanto di quelli connessi con la sua posizione professionale od anche col suo status di cittadino, acquistando così le connotazioni di un capite deminutus. Tuttavia, ho imparato che bisogna essere idealisti senza illusioni. Perché c’è sempre qualcuno o qualcosa che disfa la tela. Anche al di là delle intenzioni. Paradigmatica è l’accelerazione subita per effetto delle innovazioni tecnologiche dal processo di invecchiamento della protezione legale della privacy dei lavoratori; innovazioni di per sé neutre, come si desume dalla casualità delle distorsioni prodotte, che talvolta possono mortificare il legittimo potere di controllo, talaltra indeboliscono le linee di difesa del controllato. Così, per ricominciare ogni volta daccapo occorre proprio la testardaggine del diritto del lavoro ereditato dal Novecento. E la sua umiltà. Perché non è mica esatto che le sue stagioni evolutive siano immancabilmente segnate da rotture epocali, 162 Da costo a risorsa - Attività produttive e protezione dei dati personali da spettacolari dietro-front, da brack risolutivi. Anzi, la sua costante storica è la micro-discontinuità, specialmente per quanto attiene alle situazioni giuridiche soggettive che i contemporanei designano in termini di diritti di libertà del lavoratore come individuo. È infatti un errore credere che tutti i comuni mortali possano sentire ciò che ad alcuni di noi sembra di udire distintamente: un fragoroso sbatacchiamento di porte. Quella della società pre-industriale, che si chiude, e quella della società industriale, che si apre. Quella del corporativismo fascista, che pareva non chiudersi mai, e quella della costituzione democratica, che pareva non volersi aprire. Quella del post-industriale, che però non si apre né si chiude del tutto, e quella del postmoderno, che non si sa dove conduca. Le cose sono andate e vanno diversamente. Le scosse dei sommovimenti tellurici di cui discorrono storici e costituzionalisti non si propagano fulmineamente alla dimensione individuale del rapporto di lavoro. Anzi, è altamente probabile che vi giungano infiacchite. Del resto, durante la traversata nella sala-macchine nessuno riesce a capire quali pezzi musicali l’orchestra di bordo sta eseguendo per intrattenere i passeggeri in crociera. Forse, non è neanche interessato a capire. Insomma, la disciplina del rapporto individuale di lavoro è refrattaria all’innovazione, soprattutto se è repentina o destinata ad agire in profondità, e cambia adagio anche per evitare che i passaggi d’epoca descritti nei manuali scolastici possano destabilizzare una relazione sociale che possiede una valenza fondativa per l’esistenza della gente comune. Potrà impietosire o indignare, ma il suo modo di realizzare il valore della certezza giuridica si confonde con la vischiosità d’una storia infinita i cui protagonisti sono troppo piccoli e troppo soli per poter manifestare una propensione all’adattamento al nuovo che avanza meno accomodante di quella che si esprime nella ricerca delle soluzioni compatibili con l’esistente interiorizzato come un dato oggettivo immodificabile. “Gli individui”, come scrisse André Gorz, “desiderano quello che hanno la possibilità di ottenere nelle condizioni date, e non quello che potrebbero ottenere solo in condizioni diverse”. A ciò si aggiunga che il diritto individuale del lavoro costituisce dalle origini parte integrante, se non del diritto civile codificato, delle sue categorie e dei suoi referenti concettuali. Con la velocità impercettibile dei ghiacciai, infatti, si è sviluppato alla periferia d’un impero e in forma semi-clandestina, perché il diritto dei privati non tollera che la prestazione di lavoro all’altrui servizio sia sottratta al suo governo e dunque è intenzionato ad immunizzarne le regole contro i virus messi in circolazione da eventi esterni. Sennonché, i gius-privatisti che colonizzarono questo settore del sapere dava- Umberto Romagnoli - Privacy e rapporti di lavoro 163 no per scontato ciò che non poteva esserlo. Davano per scontato che il capitalismo moderno si sarebbe sorretto indefinitamente sulla capocchia d’uno spillo come il contratto individuale di lavoro e che la configurazione collettiva impressa di fatto, sotto più di un aspetto, dall’evoluzione industriale al regime dei rapporti contrattuali in cui si realizza tipicamente lo scambio tra lavoro e retribuzione sarebbe rimasta ai margini dei discorsi giuridici. Peraltro, daranno per scontata anche l’ininfluenza della costituzione post-liberale del 1948. Ormai, la storiografia giuridica ha analizzato la vicenda in misura più che sufficiente alla sua archiviazione. Pertanto, se vi accenno, è unicamente per sottolineare che la cultura giuridica degli anni ’50 trasmetteva ai giuristi del lavoro – anche a quelli che erano stati dei corporativisti convinti – il medesimo disagio che i gius-privatisti provavano davanti al documento costituzionale. Un disagio che si traduceva in un arbitrario impoverimento della sequenza di dati di cui gli interpreti devono tenere conto. In realtà, avrebbero voluto che il diritto del lavoro restasse rinchiuso dentro l’involucro di una transazione economica, pur protestando contraddittoriamente contro il persistente sequestro. Poi, è arrivato lo statuto e l’involucro è stato lacerato. 2. Infatti, è nell’area dei rapporti di lavoro dipendente che l’ordinamento giuridico italiano si è aperto all’esigenza di tutelare la privacy delle persone. Tuttavia, non è vero che tutto sia cominciato con lo statuto. È toccato a Philipp Lotmar, durante la sua pionieristica incursione nell’inesplorato territorio di una contrattazione collettiva statu nascenti, registrare con simpatia che, tra le clausole dirette ad assicurare all’operaio un trattamento riguardoso, figurava il divieto al padrone di dargli del “tu”. Come dire il grande giurista pre-weimariano intuì che regolare l’amministrazione del personale significa spesso giuridificare le buone maniere. Perciò, ove si ammetta che un atteggiamento rispettoso della privacy del lavoratore durante e fuori l’orario di lavoro sia in qualche modo equivalente ad un corretto uso della forchetta a tavola, bisogna riconoscere che la velocità con cui si è incivilita l’amministrazione del personale è stata più che discreta: la forchetta impiegò cinque secoli per entrare stabilmente nelle consuetudini degli europei. D’altra parte, se la velocità è stata inferiore alle attese degli amministrati, anche loro dovrebbero recitare il mea culpa, perché non può dirsi che si siano sforzati troppo per imparare che, se i diritti non vengono interpretati con l’auspicabile ragionevolezza, possono incentivare una condotta irresponsabile. Così, per esemplificare, non giova certamente ad intensificare i ritmi dell’evoluzione usare abitualmente a fini privati il telefono aziendale, riportare false annotazioni sui fogli di presenza, svagarsi viaggiando in Internet; a prescindere dall’esistenza di un danno reale per l’azienda. 164 Da costo a risorsa - Attività produttive e protezione dei dati personali Non me la sentirei, invece, di sostenere che dovrebbe recitare il mea culpa anche il sindacato, come se le carenze od i limiti riscontrabili nelle politiche sindacali in difesa della privacy fossero interamente riconducibili a negligenza, disimpegno od altro. Il fatto è che le aggressioni più lesive della dignità del debitore di lavoro hanno ben altra natura – più rozza ed elementare – e occorre pur stabilire un ordine di priorità: tutto e subito non si può ottenerlo. Per questo, gli stessi sindacati che contestavano la pratica delle perquisizioni personali degli operai all’uscita dagli stabilimenti, senza pretendere troppi riguardi, nell’arco degli stessi anni premevano per sottrarre all’imprenditore la licenza di licenziare, negoziando importanti accordi che prevedevano la sanzionabilità dei licenziamenti privi di giustificato motivo. Come dire che la clausola collettiva abilitante alle perquisizioni era ed è valutabile non già come una testimonianza della loro opportunità o addirittura della loro indispensabilità per prevenire furti, bensì come un indicatore empirico che permetteva di misurare il cammino che restava da percorrere per civilizzare il clima aziendale. Ciò non toglie che carenze o limiti esistessero nelle politiche rivendicative in materia. Ma, proprio per questo, è documentabile che il loro superamento è stato agevolato e accelerato dalla normativa statutaria che coinvolge e responsabilizza la rappresentanza sindacale aziendale nella elaborazione di criteri per l’esercizio del potere di controllo idonei a contemperare contrapposte esigenze che, pur non essendo equi-ordinate, aspirano alla massima realizzazione contestuale possibile. Per quanto significativa, l’esperienza generata dalle norme che subordinano la liceità del controllo sulla persona dei debitori di lavoro ad una previa codecisione collettiva ha dimensioni minuscole al confronto con quelle che assumerà l’attuazione della legge 146/1990 sullo sciopero nei servizi pubblici essenziali. In entrambi i casi, la qualità degli interessi in gioco e della loro mediazione è identica: in entrambi i casi, il sindacato dispone di diritti della personalità dei propri rappresentati allo scopo di garantirne la fruibilità nel quadro di un passabile equilibrio col godimento di diritti costituzionalmente riconosciuti a terzi. Se la legislazione limitativa dello sciopero non ha dato buona prova nei settori – trasporto aereo e ferroviario – senza la preesistente turbolenza sindacale dei quali il legislatore non si sarebbe probabilmente mosso, è tuttavia inconfutabile che, nel restante mondo del lavoro dipendente, il suo rendimento è stato e continua ad essere elevato. A questo proposito, vorrei dissuadere i più zelanti a non andare a caccia di meriti e demeriti per stilare pagelle. L’operazione non è interessante quanto ci terrebbe ad apparire. Senz’altro più proficuo è riflettere sul dato, anch’esso inconfutabile, che l’autorità amministrativa indipendente a cui spetta pilotare l’attuazione della normativa, e che in ragione della sua pluri-funzionalità è un punto di snodo cruciale delle procedure prescritte per produrre e far osservare le regole del conflitto nel ter- Umberto Romagnoli - Privacy e rapporti di lavoro 165 ziario, da sola non sarebbe mai riuscita a generalizzarne la metabolizzazione da parte dei loro destinatari. L’apporto del sindacato per aiutare la legge a superare le comprensibili difficoltà di acclimatazione è stato determinante. Finora, invece, non può dirsi la stessa cosa con riferimento alla legge 675/1996. Il suo impianto è eminentemente individualistico. Si direbbe che i suoi autori abbiano voluto mantenersi fedeli al principio di realtà caro a Roman Jakobson, il linguista, secondo il quale la parola formaggio non ha senso alcuno per chi non ne ha mai assaggiato in vita sua. Insomma, non si può né si deve parlare se non di ciò che si conosce: il che è sacrosanto. Può darsi, devono aver pensato nonostante tempestivi e autorevoli richiami, che i singoli possiedano un’apprezzabile capacità di autodeterminazione informatica e siano in grado di fronteggiare le insidie che il progresso tecnologico reca alla loro personalità: certamente, devono aver pensato, più del sindacato. Coerentemente, devono aver giudicato una forzatura prevederne interventi nei processi decisionali attinenti all’introduzione e alla gestione di sistemi automatizzati per la raccolta e l’uso di dati di carattere personale dei dipendenti: sarebbe come aspettarsi consigli affidabili sul sapore del formaggio da parte di chi ne sa poco o quasi niente. Se, come credo, questa è una delle chiavi lettura della legge in parola, è agevole stabilire la paternità del suo imprinting culturale. Essa risale ad un’opzione di politica del diritto mirante non tanto a sottostimare il ruolo del sindacato quanto piuttosto ad offrire una rappresentazione deformata del mondo del lavoro. Si è ritenuto cioè che la privacy sia il pregio o il tic di un angolo di mondo del lavoro popolato da minoranze privilegiate e, presumendo anche per questo che sarebbe stata sufficiente un’istituzione centralizzata di sorveglianza, il sindacato non possa stazionare se non nelle smisurate retrovie dove il bisogno primario di un lavoro decente è soverchiante. È questo soprassalto di pauperismo, che sa di grottesco nel contesto di una società evoluta, a pregiudicare e compromettere l’efficienza operativa di una legge a cui gioverebbe il contributo del medesimo esponente della cultura della prassi che lo statuto dei lavoratori aveva sollecitato ad attivarsi su di una tipologia di questioni strettamente affini. E ciò accadeva proprio mentre il divieto statutario di controlli sulla persona di fatto si era svuotato per conto suo e, contemporaneamente, era stato relativizzato dalla dilatazione del concetto di privacy per cui da una garanzia di riservatezza dell’individuo mediante il blocco assoluto delle informazioni si transitava alla ricerca dei mezzi per mantenere il controllo su di esse e la loro circolazione. Pertanto, l’espulsione del sindacato dal circuito “persona-informazione-circolazionecontrollo”, per dirla con Stefano Rodotà, costituisce una incoerenza di sistema che nessuna scaltrezza interpretativa dell’obsoleta normativa statutaria può sanare. 166 Da costo a risorsa - Attività produttive e protezione dei dati personali Si obietterà che la legge del 1996, se non prevede un preventivo confronto sindacale sulle ragioni e modalità di raccolta e trattamento dei dati personali, nemmeno lo preclude. Ma l’argomento è fragile, perché qui più che altrove appare necessaria una misura legislativa promozionale dell’intervento sindacale; un po’ perché la reattività del sindacato non è, come si è visto, in rerum natura e un po’ perché i rapporti di forza possono non favorirla. Antecedenti normativi in Europa non mancano. Gli stessi vertici della Comunità trasmisero nel 1989 un input per introdurre “una tutela più articolata di natura collettiva”. Ma l’indicazione non ebbe seguito sul piano della progettazione legislativa. Come dire che si è sciupata un’occasione. E non solo per restituire alla ratio della normativa statutaria la perduta incisività, e al tempo stesso allargarne il cono di luce, e dunque per stuccare le crepe emerse a livello sistemico, ma anche per arricchire una cultura delle relazioni industriali la cui articolazione binaria – o contrattazione o conflitto – fa tenerezza. In effetti, poiché le esigenze di tutela della privacy insorgono soltanto in azienda e qui si manifestano in termini che si rinnovano continuamente, il metodo più adeguato per affrontarle e soddisfarle non può essere quello dell’eteronomia regolativa. L’incessante quanto imprevedibile dinamismo evolutivo dell’informatica applicata all’organizzazione del lavoro si è incaricato di dimostrare che scarse sono le capacità di dominio della materia da parte della legge e perciò anche da parte della contrattazione collettiva che ha imparato da un pezzo a mimarne le movenze. Il metodo preferibile è quello meno sordo alla richiesta di “meccanismi omeostatici”, come li chiama Stefano Rodotà, “che consentano al diritto di evitare un destino che contraddirebbe la sua stessa natura: divenire da strumento di ordine elemento di disordine, generatore e non più risolutore di conflitti, per l’allontanarsi dalla realtà delle sue regole”. Una tecnica del genere, però, non è stata ancora individuata e messa a punto con la precisione desiderabile. Per questo, in vista dell’avvento di una seconda generazione delle norme sulla protezione dei dati personali, avanzerei faute de mieux la proposta di sperimentare il metodo della partecipazione imperniato su organismi collettivi di rappresentanza. L’originalità della proposta è assai limitata. Essa risiede unicamente nella modulazione dell’intervento sindacale. Infatti, a sostegno di quest’ultimo si è già pronunciata, non senza qualche dissenso, la giovane, ma agguerrita, dottrina che si è occupata del tema negli ultimi anni adducendo numerose motivazioni tra le quali quella che mi persuade di più attiene alla necessità di frenare lo slittamento degli atti di disposizione delle informazioni concernenti la persona del lavoratore nell’orbita della logica proprietaria di cui è paradigmatica la valorizzazione del consenso individuale che, liberamente prestato e corredato da congrue informazioni, viene ele- Umberto Romagnoli - Privacy e rapporti di lavoro 167 vato a pilastro dell’intera impalcatura legislativa. Una logica che, oltretutto, mi sembra singolare voler accarezzare e premiare nella medesima unità spazio-temporale in cui se ne teorizza la caduta: infatti, se è diventata un’eresia con riferimento al posto di lavoro, con riferimento ai dati personali non è che il riflesso di una ideologia nel senso di falsa coscienza. Se a Stefano Rodotà quella del consenso individuale per autorizzare il trattamento dei dati personali appare, giustamente, “una via di mezzo tra regulation e deregulation”, non si può negare che la proposta di declinare in chiave partecipativa il sistema di tutela della privacy nei rapporti di lavoro tende a renderla meno insicura: il consenso individuale resterà essenziale; ma sarà un po’ più libero e un po’ più informato. Onestamente, però, non credo che l’aggiustamento di ottica qui indicato come preferenziale renda più attraente la proposta. In Italia, la partecipazione non è ancora uscita dall’ambiguità. Non corrisponde ad una linea di politica del diritto che possa svolgersi in maniera trasparente. Si fa, ma non si dice. Ostacolata dai veti di imprenditori ai quali la massima di ragion pratica “nel dubbio, consultarsi” non suggerisce nient’altro che l’idea di una deplorevole abdicazione di ruolo, incontra resistenze anche da parte di un sindacalismo restio a schiodarsi dalla “presunzione di autosufficienza” pan-contrattualistica di cui parla Aris Accornero. Viceversa, il management più moderno sa che, per ogni momento di contrattazione, ce ne dovrebbero essere cento di consultazione e un sindacato consapevole che un glorioso passato non è di per sé garanzia di un luminoso futuro dovrebbe sapere che “codeterminare non è contrattare. E’ una questione di skill”. Di competenza tecnica. Di stile professionale. “Chi sa contrattare non è detto che sappia cogestire”. 168 Da costo a risorsa - Attività produttive e protezione dei dati personali Privacy in the Employment Context Umberto Romagnoli(1) 1. Starting from the beginning is always useful. At times, it is actually necessary – like in this case. The workers’ statute had not yet been passed and rumours already had it that this thing with rights had gone too far – meaning not only collective rights, but also, above all, personal rights: by favouring a morbid fondness for individual freedom, reckless behaviours would be encouraged. These rumours became commonplace and – as is the case with all items in this category – proved capable to subvert the laws of biology. It is well known that commonplaces are born, grow and never die. Foreseeing that businesses would be flooded by the anarchist and libertarian views based on the “everything is permitted” principle was not much more realistic than it had been in the past. Still, this forecast was taken seriously by the laudatores temporis acti - those praising the past – as a way to cut the ground from under the feet of those protesting against a business culture that was allegedly characterised by the entrepreneurs’ overwhelming authoritarian power. Luckily, time happens to do us a good turn every now and then. Thus, nowadays when not even the most cultured young mothers are aware of the theories put forward by such paediatricians as Dr. Spock, teenage children no longer read the books written by Marcuse and other philosophers and their fathers – working as legal professionals – have stopped getting high on considerable doses of alternative law, it is high time we acknowledged what very few people thought at that time – even though it was true. Indeed, the truth is that whenever moralistic catastrophism meets apologetical triumphalism, dramatisation reaches its climax and one ends up failing to realise that one can be to the right or left of any and every thing – apart from common sense. This is why counteracting a partial, factious view by an equally partial, factious view would be worse than useless – whilst in those days it was the toll required by the circumstances resulting from a period of overheated debates, which was poisoned by senseless vindication impulses. One can perhaps suggest that the tireless fighters should accept starting from a shared assumption – namely, acknowledging that the legal recognition of individual freedoms in the workplace is not to be emphasized excessively, either by left-wing or by right-wing supporters. The milieu was as good as it could get – this is well known. Still, even the bestgrounded criticism to juridification should have been preceded – in order to be re(1) Bologna University - Italy Umberto Romagnoli - Privacy in the Employment Context 169 ally convincing – by the search for the adjustments required in order to justify the decision of laying down no formal rules. Similarly, jubilation for the passing of legislation, though understandable, should not have been self-satisfied (and self-satisfying) – so much so that it gave rise to the belief that being entitled to do a certain thing did exempt, in itself, from being the subject of reproach. It is no mere chance that a charismatic trade union leader felt the duty – by defying misunderstandings and opposition – to warn those “comrades who jealously ward certain conquests as if they had a treasure to keep inside a coffer, without realising that they are mounting guard at a heap of ashes”. It was the year 1978, one of the darkest years in the most difficult crisis that gripped Italy in the aftermath of WWII, and the heap of ashes consisted, in the first place, of the provisions included in the Workers’ Statute concerning privacy protection. Major Italian dailies worded their headlines like this: “Is It, the Workers’ Statute, the Source of Absenteeism and Violence?” – thereby conveying the information that laws protecting confidentiality actually encouraged lazybones to request sick leave, or could be used to hide support for and/or assistance to armed terrorists. Indeed, the provisions abolishing factory physicians or prohibiting investigations on employees’ opinions and private life came to be the subject of mistrust, and those legal scholars that had supported the spreading of views according to which personal rights enshrined in constitutional instruments should be recognised as having universal value, and therefore should be applicable to contractual relationships as well, chose to pursue their meditations in silence. Luciano Lama, leader of the left-wing Cgil trade union, could not share this stance, and reacted. He reacted with the same energy shown by his successor a quarter of a century later in rejecting the proposal put forward by a centre-right government – i.e. re-defining the safeguards applying to insiders to benefit outsiders. He construed this proposal exactly as a Nobel Prize economist would do, that is to say, as an excuse for paving the way – in Robert Solow’s opinion – to the attempt at “strengthening entrepreneurs rather than insiders”. Mr. Lama therefore took publicly stance via a lengthy interview to la Repubblica daily, in which he used words I have always regarded as most suitable to effectively divulge the concept that the relationship between employment and citizens shows the same instability as that between a boat and an elephant – since the freedoms of citizens as employees should be reconciled with freedom of enterprise. Indeed, if businesses are the places where the cumulative effects of inequalities are most visible – because they get concentrated, become the focus of attention, are made harsher – they are, at the same time, the places in which reducing such inequalities is most difficult and eliminating them is as good as impossible, which is shown by the century-old history of employees’ co-operatives. This is why the work- 170 Da costo a risorsa - Attività produttive e protezione dei dati personali ers’ statute has undoubtedly downsized businesses’ power by rationalising it and setting forth procedural rules, but it could have never allowed eliminating such power – much to the chagrine of the veterans of the fights waged in the “hot autumn” of 1969, who could only accept maximalist interpretations such as to stretch the provisions in the statute to their utmost degree. In fact, Parliament could no longer accept that the boundaries of businesses’ power should consist in its serving exclusively the purposes of production; rather, exercise of that power was to take account of all the values, including non-pecuniary and extra-contractual values, that have been conferred on employment by the drafters of our Constitution. “The leading concept of the workers’ statute” Luigi Mengoni wrote, “is that the technical and manufacturing organisation of businesses should be modelled after man, rather than the other way round” – to the wide extent that inclusion into a business of an individual that is required to work inside it as an employee is to be attached juridical importance, being the source not only of obligations to behave in line with the requirements of the specific organisation, but also of the right to get protection against threats to freedom, dignity and safety. That is to say: the workers’ statute was a challenge rather than a reformation. A challenge that legal, economic and trade-union actors could only lose or win together. Did they make it? Obviously, I am not going to intimate that they did not reach cultural maturity and professional skills such as to be equal to those expectations. It is simply that I believe this challenge to go on – in fact, it will never end, partly because the individual dimension, though pivotal, is the remotest component among those making up the employer-employee relationship, and partly because, to quote Gérard LyonCaen, employment law “c’est Pénélope devenue juriste”. Therefore, if someone asked me to list the noble, generous ideas I was seduced by as a youngster, I would not be ashamed to refer, in the first place, to the concept that business constitutionalism was the path to be followed by the inhabitants of the business-planet in order to attempt healing the fracture that is splitting citizens in two. Indeed, citizens are entitled to participate in governing the polis at least when they enter a polling station, whilst in the capacity of employed producers they may be denied by others the possibility to exercise the rights resulting both from the social contract and from their professional and/or citizen status – so that they take on capite deminuti features. However, I have learnt that one should be idealist without delusions. There is always someone or something managing to unweave the cloth – even unwillingly. A typical example is provided by the accelerated obsolescence of the legal safeguards applying to employees’ privacy that has resulted from technological innovations. These innovations are neutral in themselves, as shown by the casual nature of the distortions they have produced: at times they may impinge on lawful monitor- Umberto Romagnoli - Privacy in the Employment Context 171 ing powers, at other times they actually weaken the defence afforded to the monitored parties. Thus, in order to start from scratch every time, you do need the stubbornness that is a feature of the employment law as developed in the course of the 20th century. But you also need its humility. Indeed, it is not accurate to state that the development of employment law has ever been characterised by unprecedented achievements, dramatic U-turns and final solutions. In fact, this development is characterised historically by micro-discontinuities especially with regard to the legal entities contemporaries usually refer to as freedom rights recognised to employees as individuals. It is a mistake to believe that all mortals can be aware of what some of us apparently can hear quite clearly – doors slammed with violence. The door of pre-industrial society is being closed, whilst the door of the industrial society is ajar. The door of fascist corporativism is closing – although it seemed as if it would never be closed – and the door of the democratic constitution is opening – whereas it seemed as if it would never be opened. The door of post-industrialism is closing – in fact, it has never been opened (or closed) completely – and the door of post-modernism is opening on nobody knows what. Things have gone and are going differently. The tremors due to the earthquakes referred to by historians and experts in constitutional law do not propagate as lightning to the individual dimension of the employer-employee relationship. Indeed, they are quite likely to arrive there in a much-softened fashion. On the other hand, in crossing the engine room nobody manages to understand what pieces the orchestra is playing to entertain passengers on a cruiser. Perhaps one is not interested in understanding it. In short, individual labour law is shy of innovation – especially as regards sudden or deep-ranging innovations – and changes slowly also to prevent the epochmaking transformations described in schoolbooks from unbalancing a social relationship that has a founding value for the existence of ordinary people. You may find it pitiful or be incensed by it; still, it is a fact that here, the rule of law is realized in a manner that tends to get confused with an endless story, whose main characters are too puny and too lonely in order to prove less ready to adjust to the advancing innovations than are individuals seeking solutions that are compatible with the existing circumstances – which are felt to be an objective, non-modifiable reality. To quote André Gorz, “individuals wish what they can get under the existing circumstances, rather than what they might only get under different circumstances”. It should also be considered that individual labour law has formed, from the start, an integral part not so much of statutory civil law, but of its conceptual categories and reference items. 172 Da costo a risorsa - Attività produttive e protezione dei dati personali Indeed, it has been developing on the margins of an empire in a semi-clandestine fashion, at the barely perceptible speed of a glacier: private law does not accept the performance of work by employees to be outside the scope of its regulatory power, and therefore intends to make its rules immune against the viruses spread by external events. However, private law scholars colonizing this sector of knowledge took for granted what could not be. They assumed that modern capitalism would indefinitely rest on a pinpoint – i.e. individual labour contracts – and that the collective configuration industrial evolution was conferring under many respects on the contractual relationships applying to the exchange between work and wages would only remain marginal within the juridical debate. Actually, those scholars also took for granted that the 1948 Constitution would prove ininfluential. This issue has been debated more than enough by law historians and should therefore be talked off. I am only mentioning it to stress that the legal culture of the ‘50s was such that labour law scholars – including the staunchest supporters of corporativism – felt as ill at ease as private law scholars did when faced with the text of the Constitution. This uneasiness was translated into the arbitrary depletion of the circumstances that juridical analysis should take into account. In fact, they would have liked labour law to remain inside the boundaries of economic transactions, although they protested, at the same time, against this persistent seclusion. But then, the workers’ statute was passed, and those boundaries were broken. 2. It was exactly with regard to the employer-employee relationship that the need for safeguarding individuals’ privacy was first considered within Italy’s legal system. However, not everything did begin with the workers’ statute. Philipp Lotmar first remarked sympathetically, in his pioneering exploration of the yet virgin land of collective bargaining, that the clauses aimed at ensuring that workers would be treated respectfully included the prohibition for masters to address them familiarly. That is to say, the great pre-Weimarian law scholar perceived that regulating personnel management often means juridifying good manners. Therefore, if it is acknowledged that respecting employees’ privacy during and outside working hours is somehow equivalent to properly using forks when eating, it should also be acknowledged that personnel management has been civilised at a more than moderate speed: it took five centuries for forks to become a staple item of European cutlery. On the other hand, if the managed personnel believe that speed to have been lower than expected, perhaps they should also assume their own responsibilities; in- Umberto Romagnoli - Privacy in the Employment Context 173 deed, they cannot be said to have made many efforts to learn that rights may encourage reckless behaviour if they are not construed as reasonably as is desirable. For instance, making private phone calls from one’s office, making false statements as to the clock-in time or having a good time by surfing the Internet are all but conducive to a quicker pace of evolution in this sector – regardless of the damage this may actually cause to a business. Conversely, I would not go as far as maintaining that trade unions should also assume their own responsibilities – as if the gaps and/or limitations affecting trade union policies with regard to privacy protection were exclusively due to their negligence, non-committal conduct and so on. In fact, the most damaging attempts on employees’ dignity are of a totally different nature: they are much rougher, much more elementary in nature, and a priority order is to be defined. One cannot get all and all at the same time. This is why trade unions, on the one hand, endorsed body searching of employees exiting from plants without requesting too many safeguards, whilst in those same years they exerted their pressure to prevent employers from having the power to fire their employees by negotiating important agreements under which unjustified firing was to be punished. That is to say, the collective agreement enabling searches was and is to be regarded not so much as proof of their being appropriate or even necessary to prevent theft, but rather as an empirical index that could allow appreciating the stretch of road yet to be followed in order to civilize the business environment. This does not mean that there were no gaps or limitations affecting the policies implemented in this field. However, it can be shown that exactly for this reason they could be overcome more easily and expeditiously by means of the workers’ statute, which provides that trade union representatives should participate in and be responsible for setting out criteria applying to the exercise of control powers in such a way as to reconcile opposite requirements – which, though of different rank, both strive to be complied with to the widest possible extent under the given circumstances. Though significant, the experience gathered through the provisions under which employee monitoring is only allowed on the basis of a prior collective decision-making procedure is puny compared with that related to implementation of Act no. 146/1990 – concerning strikes in the public facilities sector. In both cases, the quality of the interests at stake and their balancing is the same: in both cases, trade unions may make use of their members’ personal rights in order to ensure that they can be exercised by striking an acceptable balance with the exercise of rights that are granted to third parties by the Constitution. Whilst the provisions limiting the right to strike have not proven especially effective in those sectors – air and rail transport – whose prior turbulence in tradeunion terms was probably the reason prompting Parliament to take steps, it cannot 174 Da costo a risorsa - Attività produttive e protezione dei dati personali be denied that they have been and are still quite beneficial in the remaining employment sectors. In this regard, I would like to discourage the most zealous among you from pinpointing pros and cons to get a final score. This activity is not as interesting at it might appear to be. Definitely more fruitful considerations can be made as regards the fact – unquestionable in itself – that the independent administrative authority in charge of supervising implementation of those provisions, which is a key reference point on account of the multiple functions discharged in connection with the procedures that must be followed to lay down and ensure compliance with the relevant regulations in the tertiary sector, could have never managed by itself to have those procedures accepted by all the entities concerned. Trade unions gave a fundamental contribution towards helping the legislation to go unscathed through the – understandably difficult – acclimatation phase. Conversely, this has not been the case so far with regard to Act no. 675/1996, whose structure is in essence individualistic. One could argue that the drafters of this Act tried to abide by the reality principle so aptly described by the linguist Roman Jakobson, who remarked that the word “cheese” is meaningless for someone who has never tasted cheese in his life. In short, one can and should only talk of what one knows – which is unquestionable. In spite of timely, authoritative objections, they must have thought that individuals are likely to be gifted with considerable informational self-determination and are probably capable to cope with the dangers for their personality resulting from technological development – to a greater extent than trade unions, in any case. Consistently with this stance, they must have considered that it would be inappropriate to provide for involving trade unions in the decision-making concerning deployment and management of automated system to collect and use employees’ personal data. It would be as if one expected to get reliable advice on the taste of cheese from someone who knows as good as nothing about cheese. If, as I believe, this is one of the ways to construe the Act we are considering here, its cultural imprinting can be easily traced. It is related to a law policy perspective that is focussed not so much on the underestimation of the role played by trade unions, but on a distorted view of the labour sector. It has been considered, in short, that privacy is a benefit and/or the hobby-horse of a small portion of the labour world, which is inhabited by privileged minorities, and that trade unions can only be stationed among the huge rearguards where the primary need for a decent job is the prevailing interest – which also accounts for the idea that a single, centralised supervisory authority would be enough. This pauperistic component, which sounds absurd within the framework of an advanced society, did jeopardise and negatively affect the operational effectiveness of Umberto Romagnoli - Privacy in the Employment Context 175 a law that could only profit from the contribution of an entity – the trade union – called upon by the workers’ statute to take steps in respect of closely related issues. This happened just when the statutory ban on monitoring of individuals was losing its force – of its own accord – and, at the same time, was being re-defined as to its scope following the expansion of the privacy concept. The final result was a shift from the attempt to safeguard personal privacy by blocking all kinds of information to the search for means allowing control over information and its circulation to be retained. Therefore, expulsion of trade unions from the individual-information-circulation-control chain, to quote Stefano Rodotà, is a system inconsistency, which no technicalities in construing the outdated statutory provisions will be able to amend. One might argue that the 1996 Act does not provide for previously seeking the trade unions’ opinion as to the purposes and arrangements of the collection and processing of personal data, but it does not prevent these steps from being taken. However, this objection is poorly grounded, since in this case, more than in any other case, a legislative measure appears to be necessary in order to promote trade unions’ participation – partly because trade unions’ reactivity is far from being immediate, as described above, and partly because such reactivity may not be promoted by the existing power configuration. There is no dearth of regulatory precedents in Europe. Ever since 1989, Community leaders gave an input aimed at laying down “more detailed protection of collective nature”. However, this invitation did not produce any effects in terms of legal drafting – that is, an opportunity was wasted not only to restore the effectiveness of the relevant statutory provisions and simultaneously enlarge their scope of action, by plastering the cracks that had appeared in the structure, but also to expand the culture of employer-employee relationships, whose binary configuration (negotiate or fight) is almost endearing. Indeed, since privacy protection requirements arise in a business and manifest themselves in ever-changing ways, the most appropriate means to address and cope with them cannot consist in regulations adopted elsewhere. The unceasing, unforeseeable evolution dynamics of computer science as applied to labour organisation has shown that the law – and therefore, collective negotiation, which has learnt to mimic legislative evolution quite closely – is scarcely capable to keep this matter under control. The most preferable approach is one that is less indifferent to the demand for “homeostatic mechanisms”, to quote Stefano Rodotà, “allowing law to escape a destiny that would be in conflict with its very nature – i.e. turning from a tool bringing about order into an agent of chaos, which gives rise to conflicts without solving them, on account of the widening gap between its rules and reality”. However, such a technique has not yet been identified and developed with the required precision. This is why, pending the adoption of second-generation person- 176 Da costo a risorsa - Attività produttive e protezione dei dati personali al data protection regulations, I would put forward, faute de mieux, the proposal of testing the method based on participation via collective representational bodies. Originality of this proposal is quite limited. It only consists in modulating the contribution to be given by trade unions. Indeed, the latter has already been supported – though amidst a few dissenting opinions – by recent jurisprudence dealing with this issue. The reasons underlying this stance are of many different kinds, but the one I find most convincing has to do with the need to counteract the trend by which assignment of the personal data concerning employees is falling progressively under the scope of proprietary law – as shown by the emphasis put on the individual’s consent, which has been turned into the pillar of the whole legislative framework on condition that it is given freely and on the basis of suitable information. Actually, I find it rather puzzling that one should endorse such an approach exactly at a time when it is considered to be on the wane. Whilst it has come to be regarded as heresy with reference to the workplace, it is but the reflection of an ideology – i.e. of bad conscience – in respect of personal data. Stefano Rodotà has aptly said that authorising the processing of personal data through the individual’s consent is “halfway between regulation and de-regulation”; one cannot deny that the proposal to enhance participation mechanisms in devising privacy safeguards for the employment context serves the purpose of making such protection more secure: individuals’ consent will remain fundamental, but it will be somewhat freer and more informed. Honestly, I do not believe, however, that adjusting the viewpoint in the way I have referred to as the most suitable one will make the proposal more appealing. In Italy, participation is still the province of ambiguity. It does not correspond to a law policy that may be waged in an open manner. Such things are done, but they are not mentioned. It is hindered by the vetoes of entrepreneurs, for whom the rule of thumb saying that “when in doubt, consult” only means a regrettable waiver of their power; it is also meeting with the opposition of some trade unions, which are unwilling to get rid of the pan-contractual “self-sufficiency assumption” mentioned by Aris Accornero. Conversely, modern managers know that for each negotiation there should be hundreds of opportunities for consulting with the other parties; a trade union being aware that a glorious past is no guarantee, in itself, of a bright future should also know that “co-determining does not mean negotiating. It is a matter of skill”, of technical know-how, professionalism. “Who can negotiate is not necessarily capable to co-manage”. Umberto Romagnoli - Privacy in the Employment Context 177 Privacy and Technological Innovation Helmut Bäumler (1) Contents: 1. The Starting Point – 2. From Technological Scepticism to Privacy Enhancing Technologies – 3. The Legislative Response – 4. Data Protection Audit and IT Quality Seals – 5. Market Economy and Data Protection – 6. A Revolutionary Change – 7. Future Tasks of Data Protection Authorities – 8. Outlook for Data Protection in Europe 1. The Starting Point It is no exaggeration to say that the relationships between data protection and information technology were all but easy at the beginning. In fact, it is perfectly correct to see data protection as an answer to the challenges and risks resulting from computerisation in many different sectors. There are actually those who consider the most serious threats to the private sphere to derive from information technology in itself, so that one should not wonder that privacy watchdogs are often accused of regarding computers as the real public enemies. This has eventually lent technologyunfriendly features to the image of data protection, which would allegedly attempt to hinder any developments. Conceiving of data protection as mainly an obstacle to technological progress does not make it a palatable issue; moreover, this type of approach cannot but oblige privacy watchdogs to play the role of people who can only react to technological development without being able to influence it. In competing with information technology, data protection appears to be bound to be the loser because it has to cope with new technological variations – meaning new challenges for the protection of private life – immediately a problem is solved. On the whole, data protection has been allotted a very bleak role from this viewpoint. 2. From Technological Scepticism to Privacy Enhancing Technologies However, another approach has been receiving increased favour for the past few years in data protection circles. It does not consider technology to be the main enemy of data protection; in fact, it seeks to determine whether privacy might be effectively protected with the help of information technology – maybe even better so than with the help of conventional methods. This attempt has immediately shown that information technology tends to turn from a threat into an ally of data protection. The significance of such Privacy Enhancing Technologies (PET) was highlighted for (1) Unabhängiges Datenschutzzentrum Schleswig-Holstein 178 Da costo a risorsa - Attività produttive e protezione dei dati personali the first time in 1995 by the then Vice-President of the Dutch Registratiekamer, Mr. John Borking, during the international data protection conference in Copenhagen. Since then the issues related to development, promotion and use of PET have been a permanent feature of the international data protection debate. A typical example of PET is provided by encryption techniques, which allow securing personal data against unauthorised access. However, other technical means for restricting access, the automatic logging of accesses and changes, the application of data minimisation and data avoidance principles to technical design and other technical features are so many examples of the possibility to cope with data protection issues by means of technology. It is immediately evident that PET integration into the data protection concept allows viewing information technology in a completely different perspective. Regarding computers as allies rather than enemies of data protection can open up wholly new paths. 3. The Legislative Response Lawmakers have also realised that PET are an issue to be taken into account in data protection legislation. The European Data Protection Directive is actually relatively non-committal in respect of technical issues; its Article 6(1e) provides that data should be made anonymous as early as possible, whilst under Article 17 appropriate technical and organisational measures are to be taken to protect personal data against accidental and/or unlawful destruction, accidental loss, unauthorised alteration, disclosure or access “and against all other unlawful forms of processing of personal data”. In this context, information technologies are mainly regarded as a “conservative” tool to ensure enforcement. A step forward was made in 1997 by Germany’s Computerised Services Data Protection Act, whose section 3(4) expressly required providers of computerised services to pursue the objective of collecting, processing and using either no personal data or as little personal data as possible in configuring and selecting technical equipment. Therefore, Parliament took account for the first time not only of the way in which processing operations were organised, but also of the selection and configuration of technical equipment itself. The underlying reasons can be easily understood when considering the core provisions of the above Act in Germany. They include data minimisation, data avoidance and the obligation to enable anonymous and/or pseudonymous access to the Internet by users. A similar provision has been also included meanwhile into the general Federal Data Protection Act, whose Section 3a) also concerns configuration and selection of data processing systems. On the other hand, the underlying assumption consists in the development and availability of data processing systems with the above features, as well as in the H e l m u t B ä u m l e r - P r i v a c y a n d Te c h n o l o g i c a l I n n o v a t i o n 179 possibility for managers of information systems to find and identify these products on the market. Therefore, a fundamental step forward was made in this connection by the Data Protection Act of the Schleswig-Holstein Region, requiring that the Region’s public authorities should implement, on a priority basis, products whose compatibility with the provisions concerning data protection and security was established “through a formal proceeding”. Thus, for the first time the use of PET was not only encouraged from a theoretical viewpoint, but rather made concretely binding in a German data protection law. 4. Data Protection Audit and IT Quality Seals However, the regulations set forth in Schleswig-Holstein go further by referring to a “formal proceeding” to establish the specific features of a given product in terms of data protection and security. This has to do with the certification issue, which is addressed in Section 4(2), second sentence, of the Schleswig-Holstein’s data protection act: the Regional Government is empowered to regulate, by decree, contents, configuration and authorisation to carry out “the proceeding”, i.e. the certification of IT products. The above decree has actually come into force, therefore it can be stated that in Schleswig-Holstein the introduction of IT seals for data protection is fully regulated. More specifically, the Schleswig-Holstein’s model envisages a two-step proceeding. Manufacturers and/or providers of an IT product can apply to an auditing body that is certified by the Independent Regional Centre for Data Protection and have their own product(s) audited. The auditing bodies are evaluated as to their professional qualifications, reliability and independence before being certified. They are required to assess and evaluate products in accordance with the criteria developed and upgraded yearly by the Independent Regional Centre for Data Protection. They will subsequently send their audit report to the Independent Regional Centre for Data Protection, which will establish its soundness and methodological correctness. If all prerequisites are met, the Independent Regional Centre for Data Protection will grant the quality seal, which is valid for two years and may be renewed following a simplified procedure. The peculiarity of this model consists in the fact that the Independent Regional Centre for Data Protection – which also acts as supervisory authority pursuant to Article 28 of the European data protection directive – grants the seal as a public entity of the Schleswig-Holstein region. This is in line with the requests coming from businesses, which preferred the quality seal to be granted under public law provisions rather than under exclusively private law requirements. Some experience has already been gathered in respect of this model; auditing bodies have been certi- 180 Da costo a risorsa - Attività produttive e protezione dei dati personali fied and the first quality seals have already been granted. Work is in progress at federal level as well in Germany to draft an auditing and quality seal act, which is expected to enter into force in the near future. 5. Market Economy and Data Protection With the establishment of auditing and quality seals as new data protection tools, a veritable revolution is taking place in the data protection sector, which is barely visible at first sight but is bound to produce deep-ranging effects and, above all, new opportunities for data protection. Data protection in Germany as well as in most European countries is organised according to a prescriptive law scheme. Data protection laws provide for a certain type of conduct to be followed whilst they ban other types. Any entity failing to abide by the rules is in danger of being punished as provided for by the data protection legislation. In case of an audit, it can expect to be reprimanded and to have its infringement made public, which sometimes may be harmful for its image and even negatively affect its turnover. Under specific circumstances, this may even lead to imposition of a fine and/or institution of a criminal proceeding. However, in Germany as well as in most European countries, data protection authorities are not in a position to carry out blanket controls on businesses and public authorities – on account of the available human and financial resources. Still, one cannot rule out the possibility of a data protection audit, which is why each enterprise and each authority is to take minimum-level precautions to avoid being pinpointed as a data protection rogue. What can data protection offer to someone who abides by the relevant provisions, or actually implements a data protection concept that goes much further? What benefits can he expect? At present, no immediately tangible benefits, since data protection law is currently built after a “negative” pattern – that is to say, it is focussed on detecting infringements, raising criticisms and lodging of complaints. “Positive” data protection, in which correct data protection approaches are rewarded, is slowly developing. This is why one has the impression that with data protection there is always something to lose and very little to gain. However, if anything is ever associated with the concept of loss, it is uncommonly difficult to turn it into a success story. Data protection could benefit from the circumstance that one can get “some” benefits through it. This is the objective pursued by the introduction of market economy components into the data protection system. Audits and quality seals are important tools to achieve that objective. Indeed, they allow businesses that either implement a correct data protection concept or can offer products in line with PET requirements to achieve market advantages – which plays a key role in the market economy system that predominates throughout Europe. H e l m u t B ä u m l e r - P r i v a c y a n d Te c h n o l o g i c a l I n n o v a t i o n 181 6. A Revolutionary Change Auditing and quality seals are therefore the founding stones of a new data protection system that is focussed on providing stimuli rather than issuing obligations and prohibitions. This presentation started with the consideration that data protection must get rid of its technology-hostile approach by turning information technology into its ally. This led obviously to wondering how producers and developers of IT products can be convinced to design such products in a way that is compliant with PET criteria. Raising this issue means – more or less unavoidably – to address the auditing and quality seals issue, which in turn points to market economy considerations. Indeed, auditing and quality seals fall undoubtedly under the scope of the market advantages expected by producers and users of privacy-compliant information technology. Thus, we have ended up unawares being confronted with the issue of the stimuli, benefits and advantages related to data protection – even though our starting point was data protection as based on obligations and prohibitions and modelled after a prescriptive policy. What are the remains of the “old” data protection concept? Undoubtedly we will need clear-cut, effective data protection laws in future as well – this is actually the advantage of Europe compared with the Usa. Additionally, the fully independent supervisory authorities referred to in the EC data protection directive may not be abolished. However, their tasks can become simpler and more practicable if they have increasingly to do with certified IT products and audited data controllers in their supervisory activities. Auditing and quality seals could even result, to a certain extent, into improving their supervision. Customers would pay special attention to the actual implementation of data protection concepts in respect of products and services advertising their auditing and quality seals features. One might argue that probably thousands of customers’ eyes can see better than the eyes of the few professional data protection supervisors. At all events it must be clear that auditing and quality seals as well as an increasingly market-oriented data protection concept should not replace the amply tested tools of “traditional” data protection, but rather supplement them by adding new options. 7. Future Tasks of Data Protection Authorities The “new” data protection concept will also entail a change in the tasks committed to data protection authorities. In addition to the legal competence, they will be increasingly in need of technical know-how. The staff structure in their offices should therefore be modified accordingly. If they do not wish to be directly involved in issues related to auditing and seals, this will be done by private entities – a very promising market is about to open in this sector. If data protection authorities in- 182 Da costo a risorsa - Attività produttive e protezione dei dati personali tend to exert their influence in respect of technical standards, they must address these issues more intensively among themselves. Meetings and workshops devoted so far mostly to the exchange of views on legal issues related to data protection should leave ampler room for technical issues. This is especially important in light of the fact that law-making remains – as it was the case in the past – mostly a matter for national consideration, whereas technology is per se of transnational nature. A typical example is provided by the Internet, which operates in the same way in Rome as well as in Oslo or Moscow. Regarding the Internet, absorbing Internet’s specific work culture can open up new ways for data protection authorities to organise their work processes. Many discussions and voting procedures could be carried out via the Internet in future. It will be considerably easier to process complex work packages in a transnational manner by a subdivision of tasks. An example is provided by the – already existing – Virtual Privacy Office, which includes most data protection authorities in Germany as well as those from Canada, Poland, Switzerland, Slovakia and Netherlands. The Virtual Privacy Office is only the beginning of these new developments and can make available potentialities that will facilitate discharge of the increasingly complex, rapidly changing tasks committed to data protection authorities. The information offer of the Virtual Privacy Office can be accessed on the Internet by visiting the following web site: www.privacyoffice.org 8. Outlook for Data Protection in Europe Data protection in Europe has made a huge step forward with the adoption of the EC data protection directive. The directive has resulted into a comparable level of data protection and transparency for citizens throughout Europe. Still, the EC data protection directive entails a major drawback in addition to this unquestionably beneficial effect – namely, it takes account of technical issues to a very limited degree. In principle this reflects the state-of-the-art debate on data protection in the early ‘90s. Everybody knows that the dynamics of information technology results into very rapid changes to the framework applying to data protection. Continuously adjusting the data protection directive to technical evolution would be a daunting task; this is why it could be considered whether a European regulation applying to audits and quality seals might be developed as a first step in addition to the EC data protection directive. There are ample opportunities for dealing with these issues in a transnational perspective. The IT market is international and every single IT manufacturer and provider cannot but be interested in bringing his own products as much as possible into line with international standards. Should European criteria be laid down for data protection auditing and quality seals, manufac- H e l m u t B ä u m l e r - P r i v a c y a n d Te c h n o l o g i c a l I n n o v a t i o n 183 turers and developers of new IT products would probably strive to comply with those criteria. Data protection would come significantly closer to achieving a longcherished objective, i.e. influencing information technology from the start. Data protection and technological innovation – which are referred to in the title of my presentation – would thereby go hand in hand. This is quite pleasant as an outlook; indeed, it sounds so promising that it does make sense to try and make it real. 184 Da costo a risorsa - Attività produttive e protezione dei dati personali Garanzie e nuove tecnologie Giuseppe Casadio(1) Sono consapevole della non adeguata attenzione che la mia organizzazione (tutto il sindacato) dedica alla specifica e modernissima declinazione della tematica dei diritti individuali e collettivi dei lavoratori a cui presiede l’autorità di garanzia, oggetto di questo convegno. Mi piacerebbe discutere delle ragioni di questa inadeguatezza (quelle indicate da Paissan mi paiono sommarie). Ma questo spero potremo farlo in un prossimo incontro da noi organizzato, auspico con il prezioso contributo dell’autorità di garanzia. Certo è che sul piano della elaborazione siamo poco oltre qualche convegno sulla normativa di base; sul piano dell’azione sindacale poco oltre qualche sporadica esperienza di contrattazione collettiva in realtà produttive di avanguardia e alla tradizionale attività di tutela individuale in casi di conclamata discriminazione; sul piano del pensiero poco oltre la fedeltà ai principi (preziosi) sanciti negli articoli 4 e 8 dello Statuto dei lavoratori e al patrimonio di giurisprudenza che ne è seguito. Questo vale in Italia, ma, in verità anche in Europa. Fatti, pur importanti, come la recente, più volte citata, esperienza dell’accordo sul tele-lavoro o la partecipazione della Ces a qualche audizione finalizzata alla emanazione delle attese direttive comunitarie non possono considerarsi alla stregua di un impegno sindacale pieno e consapevole. Per me, per noi, questo incontro, l’invito che il presidente Rodotà ci ha rivolto a prendere la parola sono una sollecitazione che raccogliamo con serietà per una nostra più diretta partecipazione al farsi del diritto comunitario; per un potenziamento della nostra azione negoziale a livello nazionale e nelle imprese; per elevare la conoscenza e la capacità di intervento dei nostri gruppi dirigenti. D’altronde l’organizzazione che qui rappresento ha ben dimostrato in questi mesi la sua quasi ossessiva fedeltà all’obiettivo della difesa e della espansione dei diritti, individuali e collettivi, delle persone nel lavoro e nella cittadinanza. E il riscontro di consensi che le nostre iniziative hanno registrato, noto forse anche agli ospiti stranieri, va così interpretato. Gli episodi di mobilitazione sociale che hanno contrassegnato i mesi che abbiamo alle spalle non si spiegano con la potenza organizzativa della Cgil; noi abbiamo voluto dare voce ad un altissimo sentimento di dignità delle persone, di rispetto di tutte le differenze, di valorizzazione di tutte le identità, innanzitutto nel lavo(1) Confederazione generale italiana del lavoro Giuseppe Casadio - Garanzie e nuove tecnologie 185 ro; abbiamo sintetizzato questa volontà in uno slogan di cui abbiamo forse anche abusato: per i diritti. E questo slogan ha intercettato una enorme disponibilità, un diffuso sentire (il nesso con le tematiche qui oggi approfondite è evidente). Ci siamo mossi sul terreno che ci è proprio, quello del diritto sostanziale del lavoro (anche se questo flusso di sentimenti e aspirazioni, come si è visto, non è recintabile, in una sola dimensione). Ci siamo mossi con determinazione perché, è necessario dirlo con forza, molte azioni messe in campo da questa maggioranza di governo si proiettano in direzione opposta. Atti legislativi già adottati e, ancor più, altri più consistenti in via di definizione manomettono in profondità il diritto del lavoro, fino a negare l’esistenza di quella “asimmetria di potere fra le parti del contratto” che del diritto del lavoro, in questa parte del mondo che chiamiamo Europa, è il fondamento teorico e culturale. Come si potrà dare effettività anche ai diritti individuali già oggi formalmente sanciti nella L. 300 (e più in generale nell’ordinamento lavoristico) depotenziando la funzione della rappresentanza collettiva, equiparando il contratto di lavoro ad un ordinario contratto commerciale? Eppure ciò è teorizzato nel libro bianco sul Mercato del Lavoro e normato nei principi del ddl delega sul lavoro in discussione al Senato. A quali condizioni di fatto (anche inerenti la possibilità di esprimere e praticare i propri convincimenti politici, sindacali, di fede religiosa, di appartenenza a sensibilità e orientamenti civili ed umani) sarà disposto ad acconsentire il singolo lavoratore quando si troverà solo davanti al potenziale datore di lavoro a sottoscrivere le clausole del proprio contratto individuale? Condivido a questo proposito tutte le considerazioni testè esplicitate dal Prof. Romagnoli sul ruolo che possono e devono essere chiamati a svolgere i soggetti della rappresentanza collettiva al fine di dare effettività ai diritti individuali. E quale soggetto, autorità, istituzione, tutelerà il singolo lavoratore, a fronte di abusi, se il sindacato si sarà nel frattempo trasformato in una istituzione che dopo averlo collocato presso quella impresa, ha certificato la congruità di quel contratto individuale, magari ricevendone in cambio qualche prebenda? Questo, ancora, prevede il disegno di legge sul mercato del lavoro in via di approvazione. Queste che sto formulando non sono apocalittiche ipotesi della irrealtà; sono simulazioni fondate nei dispositivi del nuovo diritto del lavoro in fieri oggi in Italia. Spero di non essere considerato inopportuno e invadente se colgo l’occasione per lanciare, anche da questa autorevole e qualificata sede un preoccupante grido di allarme. Questa grave tendenza regressiva caratterizza la prospettiva contro cui ci bat- 186 Da costo a risorsa - Attività produttive e protezione dei dati personali tiamo con vigore da mesi, e continueremo a batterci, in ragione, se me lo consentite, delle stesse motivazioni che mi spingono, lo ripeto, a raccogliere con molto impegno la sollecitazione che da qui ci viene ad allargare a nuovi ambiti la nostra azione per i diritti delle persone che lavorano. Giuseppe Casadio - Garanzie e nuove tecnologie 187 Safeguards and New Technologies Giuseppe Casadio(1) I would like to start by saying that I am well aware of the inadequate attention dedicated by my organisation (and the trade union as a whole) to this specific and very modern subject concerning the protection of the individual and collective rights of workers by the data protection Authorities, which is at the basis of this conference. I would like to discuss the reasons for this inadequacy (those indicated by Paissan in my opinion are unsubstantial), but we will do that at the next meeting, which we are going to organise, I hope, with the invaluable support of the data protection Authority. Certainly, as far as any discussion on this subject matter is concerned, we have hardly gone past some meetings on ground rules; at a trade union level, we have hardly gone beyond some occasional cases of collective bargaining and our traditional activity of individual protection in cases of clear discrimination; on a theoretical level, hardly beyond our compliance with the (invaluable) principles sanctioned in articles 4 and 8 of the statute of workers and the ensuing relevant heritage of case law. This is true in Italy, but also in Europe. Events like the recent, and already mentioned, case of the telework agreement or the CES participation at some hearing aimed at producing the expected community guidelines, although important, cannot be considered as an exhaustive and conscientious trade union commitment. I think that by bidding us to take the floor, Chairman Rodotà has invited us to participate more directly in developing community law; in fostering our bargaining action at a national and corporate level; in improving our knowledge and the intervention capacity of our executives. After all, the organisation I represent here has over the last months effectively shown its nearly obsessive loyalty to the objective of defending and increasing the individual and collective rights of the people, as workers and citizens. And this is how the consent recorded by our initiatives - of which perhaps our foreign guests are aware - has to be interpreted. The episodes of social mobilization over these last months cannot be explained by Cgil’s organisational power; we have wanted to give voice to a high sentiment of dignity, respect for all discrepancies, enhancement of all identities, especially in the labour milieu; we have summarised our intent in a slogan, which perhaps we have also misused, which is: “for the rights”. And this slogan has been widely accepted (1) Confederazione generale italiana del lavoro - Italy 188 Da costo a risorsa - Attività produttive e protezione dei dati personali and shared (of course its connection with the subject we are dealing here today is quite clear). We have moved on familiar ground, that of labour substantive right (even if this flow of sentiments and inspirations, as we have seen, cannot be fenced in, in only one dimension). We have moved with determination because, and this has to firmly underscored, many initiatives taken by our government head in the opposite direction. Legislative acts that have already been adopted, and even more those that are being developed now, deeply undermine the labour right, to the extent of denying the existence of that “asymmetry of power among the parties to a contract” which in this part of the world called Europe, is the theoretical and cultural basis of labour. How can we support the individual rights already officially sanctioned by Law 300 (and more in general by the labour system), when the function of collective representation is being undermined, and labour contracts placed at the same level as an ordinary trade contract? And yet this is theorised in the white book on the Labour Market and embodied in the principles set forth in the delegated Decree Law on labour being discussed by the Senate. On what factual conditions (also inherent in the possibility of expressing and practising one’s own political, trade union, religious, civic and human beliefs) will the individual worker agree to when, all alone, he will face his employer and sign the clauses of his individual contract? I share, in this regard, all the considerations set forth by Prof. Romagnoli before on the role that trade unions can and have to be called to play for the purposes of giving effectiveness to individual rights. And what entity, authority, institution will protect the individual worker when he suffers abuses if the trade union in the meantime changes into an institution that after placing a worker in a given corporation, certifies the congruity of the individual contract, maybe in return for some profit? This, again is what is envisaged by the bill on the labour market that is being considered. The things I am saying are not apocalyptic assumptions of an unreal situation; they are simulations based on the provisions on the labour law in the process of being developed in Italy today. I hope you will not consider me as inappropriate and intrusive for having seized this opportunity to launch a concerned cry of alarm also in front of this eminent and qualified forum. We have been fighting this serious regressive trend for months, and will continue to do so for the same reasons that will urge me to meet the invitation to extend our action in favour of the rights of workers to new ambits. G i u s e p p e C a s a d i o - S a f e g u a r d s a n d N e w Te c h n o l o g i e s 189 La nuova consapevolezza dei consumatori Enrico Letta (1) Io parto da una frase molto importante che ritengo essere il nocciolo dell’intervento che Mauro Paissan ha svolto prima. Quella appunto della logica per cui il rapporto tra iniziativa economica e i diritti fondamentali deve essere interpretato come un rapporto di alleanza e non di funzionalizzazione, di trade off. Questo elemento – credo – deve condizionare il ragionamento che oggi noi facciamo sul tema della privacy, del costo, del passaggio dal costo alla risorsa. In questa prospettiva, la privacy è certamente un tema nuovo e, come tale, deve obbligare chi si occupa di vicende economiche ad affrontarlo con una mentalità differente rispetto al passato. Ma in cosa consiste questa novità? In primo luogo, nella inedita consapevolezza che contraddistingue negli ultimi anni i comportamenti dei consumatori. Si tratta di un punto per me centrale, che del resto voi affronterete in modo approfondito domani. Le vicende economiche risultano di certo influenzate da questo nuovo protagonismo dei consumatori, che, attraverso le loro scelte, indirizzano gli andamenti del mercato e impongono a chi offre i prodotti di tener conto di questo cambiamento di approccio e di aspettative. In termini più chiari, oggi i consumatori valutano le politiche di privacy dell’impresa come un elemento discriminante. È un fenomeno non ancora generalizzato – questo è evidente – ma tutti gli indicatori a nostra disposizione configurano una tendenza ormai consolidata e in qualche modo indiscutibile, perché unilaterale e senza soluzione di continuità. Ciò impone alla generalità degli operatori economici la necessità di tener conto di un nuovo elemento che condiziona gli orientamenti dei consumatori e diventa – ed eccolo il trait d’union con l’iniziativa economica – fattore chiave nel determinare la competitività delle imprese, specie in una fase in cui alla competizione non ci si può più sottrarre, soprattutto alla luce dell’emergere, su scala globale, di nuovi attori sempre più agguerriti e dinamici. In questa prospettiva può essere affrontata anche la questione fondamentale della fidelizzazione del cliente, in funzione della quale il rispetto della privacy diventa una sorta di valore aggiunto, un elemento qualificante nella percezione del giudizio sulla prestazione di una determinata azienda. Un simile processo vale per la singola azienda, ma anche per il fenomeno ormai crescente delle multi-utilities, che vivono del fatto di poter usufruire su più campi e su più settori del concetto per cui l’informazione sul cliente e il rapporto col cliente è un valore economico. Si tratta – è chiaro – di un elemento nuovo, di straordinaria e fondamentale importanza, (1) Camera dei deputati - Italia 190 Da costo a risorsa - Attività produttive e protezione dei dati personali che investe, ad esempio, anche tutto il terreno dell’applicazione delle direttive comunitarie nel campo della liberalizzazione delle public utilities, nel quale con l’on. Rasi nella scorsa legislatura abbiamo compiuto, mi sembra, un lavoro molto positivo per il Paese. Settore, tra l’altro, nel quale il concetto di informazione, di rapporto con il cliente, diventa un valore economico e spinge l’impresa che fornisce un servizio a ricercare sinergie con altri soggetti, con prevedibili ripercussioni sull’attività dell’Autorità per la concorrenza, che deve valutare questi sviluppi in termini di concentrazioni e di violazione delle leggi antimonopolio. E questo perché l’impresa che opera in più settori rischia di trasgredire le regole della concorrenza per ciascun ambito di attività. Più in generale, la questione si riflette anche su un altro tema cruciale, quale quello che attiene al marketing. Per chiarirci: il non rispetto della privacy del cliente produce un effetto assolutamente controproducente per l’impresa. Effetto, per giunta, amplificato dalla facilità e dalla velocità di trasmissione delle informazioni offerte dai nuovi media. In questa prospettiva, sono convinto che ognuno di noi sia quotidianamente alle prese con la necessità di salvaguardare il proprio indirizzo di posta elettronica, e di tutelarsi dalla quantità, francamente insopportabile, di informazioni e notizie. Sovraesposizione mediatica? Forse. È interessante comunque notare come queste dinamiche seguano un percorso in qualche modo antitetico rispetto a quello della pubblicità. Infatti, così come nell’ambito del marketing, si può riscontrare un andamento abbastanza lineare di crescita dei risultati economici di una azienda e di un prodotto, a seconda della quantità di risorse che quella azienda e quel prodotto investono in pubblicità, in quello della privacy osserviamo un andamento speculare, ma opposto, per cui, superata una certa soglia di ricezione delle informazioni, l’utente finisce per subire un effetto saturazione, che lede all’immagine, al brand, del prodotto o dell’azienda, che invece si vorrebbe promuovere. Quindi: tematiche nuove per le imprese, per i consumatori, per coloro che distribuiscono i prodotti. Ma soprattutto tematiche rispetto alle quali la privacy diventa, a seconda di come viene gestita, un fattore importantissimo, di successo o di insuccesso. Tutto questo suggerisce, inoltre, la nascita di nuove professionalità, specie tra coloro che affrontano il tema della privacy in termini di consulenza aziendale, strategica o di customer care. Entrando più nello specifico – e vengo alla parte conclusiva del mio intervento – è utile concentrarsi sulla situazione italiana e capire quali siano i miglioramenti da approntare nel nostro Paese. Su questo aspetto, soprattutto dal punto di vista legislativo, vi è sicuramente un problema di chiarimento dei tanti dubbi interpreta- Enrico Letta - La nuova consapevolezza dei consumatori 191 tivi che oggi ci sono, legati prevalentemente all’assenza di un testo unico di riferimento. Un testo che stiamo aspettando da tempo, e che dovrebbe essere emanato, pare, in tempi abbastanza rapidi. Ovviamente ce lo auguriamo, soprattutto perché la definizione di un quadro regolatorio certo, razionale, lineare è indispensabile in una fase in cui i soggetti economici e sociali che devono relazionarsi tra loro in questo settore scontano la cronica assenza di punti di riferimento ben identificabili. Dunque, regole chiare, nessun dubbio interpretativo, responsabilità ripartite. Questo chiediamo e questo – mi sembra – sta venendo in questi mesi, grazie anche all’attivismo del Garante, che sta portando avanti una grande opera di comunicazione alle imprese, soprattutto alle Pmi. Per procedere a qualsiasi trasformazione, è necessario, tuttavia, che si abbia una lucida percezione dei tempi che stiamo vivendo. Le facili approssimazioni sarebbero oggi quanto mai deleterie. Anni fa, ai primordi della Rete e della sua utilizzazione, c’è stato un periodo in cui in molti immaginavano che Internet modificasse completamente il modo in cui si produceva e si vendeva. Per la gran parte di noi l’ecommerce, ad esempio, era la nuova frontiera nella vendita dei prodotti. In realtà – ce ne siamo resi conto solo recentemente – l’e-commerce altro non è se non una modalità di acquisto e vendita. A contare è ancora la qualità del prodotto. E poi, proprio per quanto attiene alla commercializzazione, incidono tutti quegli elementi tipici anche delle altre modalità di commercio, prime fra tutti le infrastrutture fisiche. Perché ho fatto questo riferimento? Perché – a mio avviso – quello del commercio elettronico è un caso che ben sintetizza il modo un po’ caotico e non eccessivamente ragionato con cui le imprese si sono lanciate in un settore nuovo e poco conosciuto. È mancata – spesso manca ancora – le selettività delle scelte strategiche. E questo mi pare contrassegnare, più in generale, anche gran parte degli atteggiamenti nei confronti delle nuove frontiere aperte alle attività economiche dall’innovazione tecnologica. È necessario, piuttosto, comprendere quali sono gli elementi davvero decisivi e puntare tutto su questi. Inoltre, occorre acquisire la consapevolezza che, specie in settori nuovi, le regolamentazioni e l’intervento dello Stato non sempre sono costi aggiuntivi e “laccioli” che frenano le attività imprenditoriali. È vero: il Legislatore non può permettersi errori di prospettiva o di approssimazione. Ma allo stesso modo – si pensi a tal proposito alla reazione nei confronti di tutta la normativa in materia di sicurezza – anche i soggetti economici devono accettare le iniziative legislative e i regolamenti applicativi come una forma di tutela, e non come fattori limitativi. Quanto tempo abbiamo impiegato e di quanto ancora abbiamo bisogno perché tutte le nostre attività vengano messe a norma? È opinione abbastanza diffusa che il nostro sistema sia ingessato da troppi regolamenti e da troppe leggi. A mio avviso, tuttavia, non si tratta di un problema di quantità, ma di efficacia nell’imple- 192 Da costo a risorsa - Attività produttive e protezione dei dati personali mentazione e nell’applicazione di queste stesse leggi. Proviamo a pensare alla resistenza con cui l’intero sistema ha reagito al complesso di norme e regolamenti che disciplinano la sicurezza in materia di ascensori. L’eventualità da scongiurare è quella che le stesse imprese si trovino a bypassare le norme perché considerate eccessivamente onerose, sia in termini di adattamento e comprensione, che di costi. I livelli di attenzione vanno quindi attivati subito, nella fase legislativa e di preparazione regolamentare. C’è inoltre il livello comunitario, sul quale in questa sede non è possibile dilungarsi. Mi fa piacere, tuttavia, notare che, rispetto alla situazione della media dei Paesi dell’Unione, l’Italia occupa una posizione all’avanguardia. Il fatto stesso che Stefano Rodotà sia anche presidente dei garanti europei è un elemento importante per noi, sia perché in questa materia il livello legislativo comunitario è semplicemente decisivo, sia perché in una fase quale quella attuale occupare un posto di prestigio nelle istituzioni comunitarie assume un ruolo politicamente strategico. L’altro punto chiave da sottolineare è attinente al coinvolgimento diretto degli operatori nella elaborazione delle norme e riguarda, ad esempio, tutta la materia dei codici di autoregolamentazione, peraltro ancora aperta in Italia. Chiudo con un tema che mi sta particolarmente a cuore. Il riordino quadro dell’intero comparto delle Autorità indipendenti, reale condizione perché il garante, così come le altre autorità, riescano a essere efficaci fino in fondo e indipendenti. La discussione va avanti già da tempo e ha coinvolto soggetti di entrambi gli schieramenti, che hanno portato ciascuno idee e proposte di riforme. Il mio auspicio è che si vada avanti in questa direzione, soprattutto dopo che il ministro della Funzione Pubblica ha espresso la volontà del governo di portare avanti una logica di riordino del settore. Credo che sia importante che questa – che é una materia di riforma istituzionale pura – trovi in Parlamento un confronto libero e aperto. Sul tavolo ci sono numerose proposte formalizzate in disegni di legge che mantengono delle specificità laddove questo è necessario, soprattutto nel caso del garante della privacy, per il quale una omologazione con altri organi e altre autorità indipendenti sarebbe nefasta. Tuttavia, molti sono gli elementi utili per rendere più lineare il rapporto con le altre autorità indipendenti e con gli altri livelli istituzionali, e anche il rapporto legato alla materia dei contenziosi amministrativi, per esempio, che ritengo potrebbero trovare un giusto e positivo chiarimento in sede parlamentare. L’intento è quello di razionalizzare e di rendere più efficiente l’intera materia, con ovvi vantaggi in termini di soddisfacimento delle richieste dei cittadini e degli utenti. Il tutto al fine di avvicinare istituzioni, cittadini e imprese, e contribuire davvero al processo di maturazione di questo Paese. Enrico Letta - La nuova consapevolezza dei consumatori 193 Consumers' New Awareness Enrico Letta (1) I would like to start from a very important passage I consider to be the core of the presentation given by Mauro Paissan – namely, that the relationship between enterprise and fundamental rights should be seen as an alliance rather than as a trade-off. I think that this item should be given top priority in analysing the privacy issue nowadays – the costs of privacy, the transformation of privacy from a cost to a resource. In this context, privacy is undoubtedly a very new issue and should be addressed by scholars in a totally different perspective compared with the past. What does this novelty consist in? I think it consists first and foremost in the unprecedented awareness that has featured in consumers’ behaviour for the past few years. This is a key issue in my view; actually you will be addressing it tomorrow in depth. Indeed, there is little doubt that economy is influenced by this new stance taken on by consumers, who set the pattern of economic events through their choices and require producers and marketers to take account of this change in approach and expectations. More specifically, consumers nowadays consider privacy policies of businesses as a major determinant in their decision-making. Although this is not yet a mass-scale, all-round approach, nevertheless all the available information shows that this is a consistently upward trend as well as one that cannot be questioned because it is unilateral and shows no intermissions. Therefore, economic actors as a whole are required to take into account a new item that influences consumer choices and thereby becomes – here is the link with enterprise and industry – a key feature in ensuring competitiveness, especially at a time when you can no longer escape competition given that increasingly aggressive, dynamic actors arise unrelentingly in a global scenario. This is the perspective in which to also address the fundamental issue of customer loyalty, as a function of which respect for privacy can become a sort of added value – a qualifying item to appreciate the performance of a given enterprise. This is the case for individual businesses, but it applies to an even greater extent to the growingly common “multi-utilities” – whose existence is grounded on the concept that customer information and customer relations are economic assets. This is unquestionably an extraordinary as well as fundamental innovation – for instance, as also regards the application of Community directives concerning liberalisation of public utilities, which is a sector where highly positive results could be achieved for our country together with the Hon. Mr. Rasi during the past legislature. In this sec(1) Chamber of Deputies, Italy 194 Da costo a risorsa - Attività produttive e protezione dei dati personali tor, the information on and relationships with customers are becoming an economic asset and increasingly leading businesses that provide services to pursue a synergic approach by involving several entities. This, in turn, is raising new issues to be coped with by the antitrust authority, which is called upon to assess these developments in terms of concentrations and violations of anti-monopoly laws. Indeed, when doing business in several sectors you run the risk of breaching competition rules in each of the sectors at stake. From a more general standpoint, these considerations apply to another key issue, i.e. marketing. That is to say, failure to respect customer privacy is ultimately counterproductive for an enterprise, and this effect is enhanced further by the ease and quickness of information transmission afforded by new media. I am sure that all of us are daily aware of the need to protect our own e-mail addresses against the by now definitely insufferable amount of information and news. Is this a case of media overexposure? Maybe, however I believe it is interesting to consider that the dynamics underlying this phenomenon are exactly the reverse of those conventionally applying to advertising. Indeed, in the marketing sector one can usually observe that the results achieved by a given business or product increase in basically direct proportion to the resources invested in advertising said business or product. In the privacy sector, the effect produced is exactly the reverse; that is to say, there is an information reception threshold beyond which users get eventually saturated, which spoils the image/the brand of the product and/or business that is being advertised in this manner. Thus, there are new issues to be taken into account by businesses, consumers, and distributors. Above all, the privacy issue can become the key to a successful economic initiative depending on how it is managed. Furthermore, these considerations point to opportunities for creating new professions, in particular as regards addressing the privacy issue in terms of business and/or strategic consultancy or else of customer care. Let me now tackle a couple of points more in detail – so as to approach my conclusions. I think it is helpful to focus on the Italian situation and establish what improvements are to be made in our country. There is undoubtedly the need to clarify several interpretive doubts, in particular from the standpoint of legislation. This is related mainly to the lack of a consolidated reference instrument. We have been waiting for this instrument for a long time, and I understand that it is to be issued shortly. We all hope that it will be so, above all because clear-cut, sensible, and streamlined regulations are indispensable at a time when economic and social actors that are required to interact in this sector are negatively affected by the long-standing absence of clearly identifiable reference points. Therefore, the objectives should be to set out unambiguous rules, do away with interpretive doubts, and allocate re- Enrico Letta - Consumers' New Awareness 195 sponsibilities. This is what we would like to get, and this is what – I believe – has been happening for the past few months, partly thanks to the active role played by the Garante, which is making a major communication effort in respect of businesses, in particular SMEs. However, prior to making changes one should get a crystal-clear picture of the attending circumstances. Simplistic approximation would only be deleterious. There was a time, a few years ago, when Internet had just been discovered and was considered capable to modify all the production and sales mechanisms. Most of us believed that e-commerce, for instance, would be the new sales frontier. In fact, we realised only recently that e-commerce is ultimately a means to perform sales and purchases. What still matters is product quality. Then, account should be taken – exactly in view of marketing products – of all the components that can usually be found in the other types of commerce, first and foremost physical infrastructures. What is the point of all this? In my view, the e-commerce case is an excellent example of the rather disorderly, not especially reasoned approach followed by businesses to cope with a new, unfamiliar sector. There was, indeed there still is, no selective approach in strategic choices – which is, I believe, a feature applying more generally to the stance taken with regard to the new frontiers opened up by technological innovation in the economic sector. One should rather try and understand what components are really decisive and stake all on them. Furthermore, one should become aware that regulations and State interventions do not always carry additional costs and hindrances for businesses, especially as regards new sectors. There is little doubt that lawmakers cannot afford to see things from the wrong angle or be sloppy in their work; however, economic actors should be ready to view legislation and implementing regulations as safeguards rather than limitations – only think, in this regard, of the reaction brought about by all the legislation on safety matters. How long did and will it take for all our activities to be brought into line with safety laws? Our country is widely held to be hampered by an excess of legislation and rules. However, I think that it is not a question of quantity, but of effectiveness in implementing and applying such legislation and rules. Let me quote, as an example, the resistance aroused by the set of laws and regulations applying to safety measures for elevators. The danger to be averted is that the businesses concerned decide eventually to dodge the laws and regulations at stake because they are regarded as too burdensome in terms both of the adjustments required and their understandability and of the costs involved. Therefore, it is necessary to pay the utmost attention from the start, i.e. in drafting legislation and/or implementing regulations. Then there is the Community level to be considered, on which I am not going to dwell. Let me only recall that our country has proved to be on the forefront 196 Da costo a risorsa - Attività produttive e protezione dei dati personali in this area, compared with the situation existing on the average in EU countries. The fact that Stefano Rodotà is currently the chair of the European data protection working party is itself important for us, both because Community legislation plays a key role in this sector and because it is strategically fundamental to hold an influential position within the Community in the current phase. Still on this point, another key requirement consists in directly involving economic actors in the law-making process. Reference can be made, for instance, to the broad-ranging issues related to codes of conduct and professional practice – which are as yet unsolved in Italy. Let me conclude by mentioning a topic I am especially keen on – that is, how to re-organise the whole framework of independent authorities, which is a prerequisite for the Garante as well as the other authorities to be effective and independent to the highest possible degree. There has been a debate on this for some time, which has allowed both majority and opposition members to voice their views and put forward proposals. I hope that further progress will be made in this direction, especially considering that the Minister for the Public Administration expressed the Government’s intention to streamline the regulations applying to this sector. I think that this issue, related to institutional reformation, should be addressed by Parliament via an open-minded, free discussion. There are several proposals tabled in bills submitted to Parliament, in which account is taken of individual peculiarities insofar as this is necessary – in particular, it would be deleterious for the data protection authority to be equated to other independent bodies and authorities. Still, there are many items that can help simplify its relationships with other independent authorities and institutions as also regards, for instance, the handling of disputes under administrative law – a topic that might be appropriately clarified by Parliament. This is aimed ultimately to streamline and enhance the effectiveness of this sector as a whole, which cannot but be beneficial in terms of meeting the demands coming from citizens and users so as to bring institutions closer to citizens and businesses and contribute concretely to the maturation of our country. Enrico Letta - Consumers' New Awareness 197 Contributi S ESSIONE III I MPRESA , UTENTI E CONSUMATORI Sessione III – Impresa, utenti e consumatori Impresa, Utenti, Consumatori: verso un nuovo rapporto Giuseppe Santaniello(1) Sommario: 1. New economy. Imprese, consumatori, utenti. Verso un nuovo rapporto sulla base della privacy – 2. La privacy: costi e benefici – 3. La tutela del consumatore e dell’utente. Le innovazioni - Gli interventi della Comunità europea – 4. Gli antesignani: i sistemi anglosassoni – 5. La legge italiana – 6. Conclusioni 1. New Economy. Imprese, Consumatori, Utenti. Verso un nuovo rapporto sulla base della Privacy Nella fase attuale di profonde trasformazioni e innovazioni dei sistemi economici su scala mondiale il fattore privacy non poteva non collocarsi con la sua particolare rilevanza di significati individuali e sociali e soprattutto con la sua trasfigurazione da costo economico a risorsa dell’impresa. In un interessante libro, dal titolo “Il mondo che cambia”, Antony Giddens (uno dei più influenti sociologi del nostro tempo) ha rilevato che la new economy non può essere ridotta, attraverso una interpretazione superficiale, a una dimensione speculativa legata a una particolare fase di espansione dei mercati, bensì essa incide in profondità sui valori fondanti dei sistemi di convivenza tra gli individui e tra i popoli. In tale quadro emerge uno specifico ciclo evolutivo, per cui nei mercati privacy oriented si sta delineando un rapporto del tutto nuovo, intercorrente fra i tre protagonisti dello scenario economico, l’imprenditore, il consumatore, l’utente, fra i quali si determina per effetto delle regole della privacy una situazione di sostanziale armonizzazione di interessi e di condivisione di obiettivi per molteplici profili. Attraverso la funzione emergente della riservatezza quale fonte di risorse, il sistema non è orientato soltanto verso l’operatore commerciale e la protezione dei suoi diritti, ma pone l’accento anche sulla rilevanza dei consumatori e degli utenti. I quali per tal modo si configurano come fattori di equilibrio del ciclo produttivo e soprattutto come soggetti partecipi, non più in un ruolo inerte. (1) Vice presidente Garante per la protezione dei dati personali - Italia Giuseppe Santaniello - Impresa, Utenti, Consumatori: verso un nuovo rapporto 201 2. La privacy: costi e benefici Ciò premesso, si rileva che i costi della protezione dei dati personali vanno misurati in termini sia pubblici, sia privati. Vi è un costo sopportato dalle strutture amministrative pubbliche nel momento in cui si apre la fase attuativa della leggebase, e vi è un costo pubblico di gestione delle normative che con ritmo incalzante si susseguono nella regolamentazione di una materia in continuo divenire. Tali oneri non sono specifici della privacy, bensì sono generalizzati per ogni tipo di legislazione a carattere innovativo, che richieda l’organizzazione di nuovi nuclei strutturali e funzionali. D’altra parte sussistono una serie di oneri che incidono esclusivamente sulla imprenditoria privata, poiché gli interventi aziendali finalizzati alla data protection hanno forti valenze di tipo commerciale. Basti avere quale punto di riferimento il costo degli adeguamenti strutturali di un’impresa in termini di infrastrutture tecnologiche, di gestione dei processi di trattamento dei dati personali nonché di formazione e aggiornamento del personale preposto a tali compiti. Però tali costi non sono inerti passività aziendali, bensì generano una serie di positività per le imprese. Un impegno degli imprenditori finalizzato a soddisfare le aspettative dei consumatori, degli utenti di beni e dei servizi materiali e immateriali, sollecita le opportunità competitive dell’impresa, promuovendo l’individuazione di formule innovative, per la fidelizzazione dei clienti e la conquista di nuovi mercati. Ogni politica commerciale di ampia prospettiva poggia sul rapporto fiduciario col cliente e ha tra suoi fini un miglioramento di tale relazione. Anzi il vantaggio competitivo, prodotto dalla applicazione di regole aziendali per il corretto trattamento delle informazioni personali, è l’effetto del consolidamento del rapporto fiduciario tra fornitore e consumatore, che la tutela della riservatezza determina. Un recente studio realizzato negli Usa dal Boston Consulting Group ha evidenziato che la crescita del commercio elettronico aumenterebbe, in rapido tempo, oltre il doppio, se l’utente si sentisse sicuro ed avesse fiducia del rispetto della propria privacy nelle transazioni in rete. E già nell’ottobre del 1997 la Commissione europea indicò delle linee di quadro, per sottolineare l’importanza della tutela e della sicurezza delle informazioni personali, al fine di effettuare attività commerciali o comunicazioni private su Internet (Ensuring trust and security in electronic communication, 8 ottobre 1997). La Commissione sottolineò che la tutela dei dati personali (mediante apposite misure di sicurezza dei dati, da parte delle imprese) è il frutto di un’attività composita e permanente, che richiede interventi di tipo organizzativo, sottoposti a continuo aggiornamento e verifica. E soggiunse che le informazioni personali devono essere protette a prescindere dalla loro forma o supporto (cartaceo, informatico o di altro tipo) su cui sono registrate. 202 Da costo a risorsa - Attività produttive e protezione dei dati personali E osservò che il principio di adeguatezza indica una relazione tra misure adottate (o da adottare) e una serie di riferimenti, quali il grado di sensibilità dei dati personali trattati, i criteri di distribuzione interni al titolare, i flussi esterni con altri responsabili, le procedure di divulgazione, il metodo di archiviazione. Ed è significativo che su un piano internazionale si è registrata una sostanziale convergenza fra le imprese e l’utenza nel conferire il valore di risorsa alla tutela della privacy on line, ai fini del potenziamento delle infrastrutture telematiche che costituiscono la fondamentale articolazione della società dell’informazione. Il sondaggio Harris Westin evidenziò come per il 52% degli utenti di computer la tutela della privacy sia il fattore principale che influenza la loro decisione di collegarsi in rete. La conferenza ministeriale europea di Bonn del luglio 1997, nel segnalare l’esigenza delle reti informative globali di offrire ogni opportunità per il rafforzamento dei valori democratici e sociali, ravvisò nella collaborazione e nel supporto degli utenti la forza trainante dello sviluppo delle reti, condizionatamente a una adeguata tutela dei dati personali, al fine di incrementare il rapporto di fiducia fra utenza e rete. Ciò costituiva la dimostrazione che l’investimento in privacy è un fattore costitutivo per lo sviluppo di nuovi prodotti e servizi. 3. La tutela del consumatore e dell’utente. Le innovazioni. Gli interventi della Comunità europea In tale prospettiva della riservatezza quale risorsa di sviluppo dell’impresa, assume valore di fattore essenziale la tutela del consumatore e dell’utente. Il fattore determinante del processo, che ha portato negli ordinamenti dei Paesi partners dell’Unione europea all’esplicito riconoscimento dei diritti dei consumatori e alla loro tutela diretta, è rappresentato dall’attività svolta dalle istituzioni comunitarie. Secondo l’art. 153 del trattato CE (come modificato dal trattato di Amsterdam) la Comunità contribuisce alla protezione della sicurezza e degli interessi economici dei consumatori, alla promozione del loro diritto all’informazione e all’organizzazione dei loro interessi. Ed è stato con il trattato di Maastricht che la protezione dei consumatori, non specificamente considerata originariamente dal trattato di Roma, è divenuta politica comunitaria a pieno titolo, in relazione agli obiettivi di fornire un contributo di rafforzamento delle misure protettive dei consumatori. L’evoluzione, che ha condotto a una specifica politica comunitaria, è stata sostenuta a livello organizzativo da una apposita direzione generale della Commissione, col compito di vigilare sul rispetto degli interessi dei consumatori nell’impostazione delle politiche comunitarie, di rafforzare la trasparenza del mercato, di migliorare la sicurezza dei prodotti e dei servizi di consumo in circolazione nel mercato unico, di accrescere la fiducia dei consumatori, in particolare attraverso un più Giuseppe Santaniello - Impresa, Utenti, Consumatori: verso un nuovo rapporto 203 nutrito flusso di informazioni, di instaurare un dialogo sistematico tra la Commissione e le organizzazioni rappresentative dei consumatori. Da tali fattori viene in rilievo una figura del tutto nuova del consumatore, la cui funzione, di primaria importanza, travalica perfino l’ambito contrattuale intercorrente col fornitore o col produttore, per inserirsi nel quadro degli obiettivi di trasparenza del mercato e di ottimizzazione della qualità dei prodotti. Con la decisione del 25 gennaio 1999 la Comunità si è dotata di uno strumento operativo unitario, stabilendo il quadro generale per le attività volte a promuovere gli interessi dei consumatori e a garantire loro un elevato livello di protezione. Tale quadro è adottato per il periodo 1999-2003 a sostegno e completamento della politica degli Stati membri, e comprende azioni di ausilio ad attività delle organizzazioni europee dei consumatori e di sostegno finanziario a progetti specifici. Gli interventi riguardano quattro settori: salute e sicurezza dei consumatori in relazione a prodotti e servizi; educazione e informazione dei consumatori sui diritti di cui godono; promozione e rappresentanza dei loro interessi. Grande interesse ha mostrato il legislatore comunitario anche per l’accesso dei consumatori alla giustizia. È emerso con particolare rilievo non solo il tema della tutela giustiziale del singolo consumatore, ma anche quello della tutela giurisdizionale degli interessi collettivi e diffusi dei consumatori, in particolare della legittimazione processuale degli enti esponenziali di tali interessi. Dal complesso di queste misure protettive emerge anche una linea prospettica del tutto nuova: quella per cui gli interventi sono rivolti a tutelare non solo le imprese concorrenti nel mercato, ma a garantire anche il consumatore come soggetto che contribuisce con le imprese stesse al regolare andamento di quel modello concorrenziale del mercato, che deve essere salvaguardato per assicurare, nell’interesse generale, un continuo e dinamico sviluppo economico. Alla nozione di consumatore e alla questione relativa alla sua tutela si affianca la figura dell’utente, specialmente in relazione ai servizi pubblici di cui essi sono utilizzatori. Vi sono punti di assimilazione del cittadino utente al cittadino consumatore, ma vi sono anche elementi differenziali tra la posizione di soggezione in cui può trovarsi il consumatore, quale contraente debole nella stipulazione di contratti aventi ad oggetto beni di consumo offerti dai privati, e quella dell’utente di servizi pubblici sottoposto alle determinazioni imposte dall’impresa pubblica erogatrice dei servizi. Ed è proprio su tale profilo che la tutela dei diritti fondamentali della persona può dispiegare la sua efficacia ai fini del corretto ed equo rapporto tra il fornitore pubblico dei servizi e l’utente. 204 Da costo a risorsa - Attività produttive e protezione dei dati personali 4. Gli antesignani: i sistemi anglosassoni Ho citato finora riferimenti normativi prevalentemente di fonte comunitaria per i profili della disciplina consumeristica. Ma va ricordato che, in ordine storico, gli antesignani di tale tutela sono stati il sistema giuridico americano e quello britannico, i quali per primi (e già da molto tempo) hanno accordato protezione anche giurisdizionale a quegli interessi che non sono necessariamente individualizzati (come i diritti soggettivi) ma rivestono carattere ultraindividuale, o categoriale o di gruppo organizzato. Sicchè trascendono il singolo soggetto e si esprimono in una entità collettiva: essi si definiscono interessi collettivi e interessi diffusi. In tale ambito si è collocata, nei sistemi di matrice anglosassone (e non tanto per tradizione codicistica quanto per influsso di common law o per regolamentazioni autodisciplinari) la difesa degli interessi delle associazioni di consumatori e di utenti. Va ricordato che la grande forza innovativa caratterizzante gli ordinamenti giuridici anglosassoni ha riservato alle suddette associazioni consumeristiche l’ingresso della tutela giudiziaria attraverso il riconoscimento delle c.d. azioni di classe (class action). 5. La legge italiana Per quel che riguarda l’ordinamento italiano la l. 281/1998 ha introdotto la disciplina generale dei consumatori e degli utenti. Essa riguarda principalmente tre temi. In primo luogo sotto il profilo sostanziale garantisce i diritti fondamentali e gli interessi individuali e collettivi dei consumatori e degli utenti. In secondo luogo, sotto il profilo processuale, promuove la protezione di tali diritti e interessi, definendo il ruolo delle associazioni dei consumatori in giudizio. In terzo luogo si occupa della rappresentanza a livello istituzionale dei consumatori e degli utenti, istituendo il consiglio nazionale. In particolare la legge tratta dei diritti alla qualità dei prodotti e dei servizi, alla correttezza, trasparenza ed equità nei rapporti contrattuali concernenti beni e servizi, nonché dei diritti all’erogazione di servizi pubblici secondo standard di qualità ed efficienza. 6. Conclusioni Lo sviluppo dei diritti fondamentali della persona, nel cui contesto la privacy mantiene il suo ruolo essenziale, si iscrive nel ciclo attuale di mutazione della società e delle istituzioni, dei modi di essere e di operare degli individui e delle collettività e particolarmente in quella dinamica economica fortemente accelerata, la cui formula definitoria è mondializzazione. Giuseppe Santaniello - Impresa, Utenti, Consumatori: verso un nuovo rapporto 205 In tale visuale la privacy rivela la sua duplice valenza: sia come formula di garanzia per tutti i soggetti, sia come opportunità per le imprese operanti nel mercato. Ma va considerato che il mercato tende a globalizzarsi sempre più, in una dimensione spazio-temporale ad ampiezza crescente. E se da un lato esso si presenta pieno di potenzialità produttive e generatore di nuove risorse sotto tutte le latitudini, dall’altro lato deve evitare il rischio di tensioni, di disequilibri, di scompensi. Occorrono quindi fattori riequilibranti e riumanizzanti, i quali possono rinvenirsi soltanto nella tutela dei diritti fondamentali. Sicchè la formula strategica per determinare uno sviluppo del tutto positivo è quella di crescita di un mercato globale che sia attento ai principi dei diritti fondamentali. In tal modo prendono valore gli sviluppi di un’economia globalizzata, purchè affiancata dalla globalizzazione delle garanzie. 206 Da costo a risorsa - Attività produttive e protezione dei dati personali Businesses, Users, Consumers: Toward a New Relationship Giuseppe Santaniello (1) Contents: 1. New Economy. Businesses, Consumers, Users: Toward a New Relationship Based on Privacy - 2. Privacy: Costs and Benefits - 3. Protection of Consumers and Users. Innovations. European Community’s Initiatives - 4. Forerunners: The Anglo-Saxon Systems - 5. Italian Legislation - 6. Conclusion 1. New Economy. Businesses, Consumers, Users: Toward a New Relationship Based on Privacy In the current phase featuring deep-ranging changes and innovations of economic systems worldwide, the privacy factor was bound to play a major role on account of its significance for individuals and society as well as, above all, because of its potential for turning from a cost into a resource for businesses. In his interesting book on “A Changing World”, Anthony Giddens – one of the most influential contemporary sociologists – remarked that the new economy should not be considered to merely reflect speculative attempts in connection with a specific market expansion phase – as might be suggested by a superficial analysis. In fact, it deeply influences founding values underlying the coexistence of peoples and individuals. Within this framework, a specific evolutionary cycle can be identified, in which a wholly new relationship is taking shape between the main economic actors – i.e. entrepreneurs, consumers, and users - as regards privacy-oriented marketplaces. Because of the effects produced by privacy rules, the interests at stake are growingly harmonised and the targets to be achieved are increasingly shared under many respects. Thanks to the emerging function of privacy as a resourceful aid, the whole system is not focussed only on commercial operators and the protection of their rights; in fact, emphasis is also put on the important role played by consumers and users. The latter become in this way balancing factors in the production cycle – above all, they become actors rather than simply passive bystanders. 2. Privacy: Costs and Benefits Given these premises, it should be pointed out that the costs of personal data protection are to be assessed in both public and private terms. There are undoubt(1) Vice-President, Italian Data Protection Authority G i u s e p p e S a n t a n i e l l o - B u s i n e s s e s , U s e r s , C o n s u m e r s : To w a r d a N e w R e l a t i o n s h i p 207 edly costs that are incurred by a State’s administrative machinery at the time of implementing the basic Act; on the other hand, there are public management costs in connection with the quick-paced enactment of provisions to better regulate this ever-changing sector. These costs are no specific feature of privacy legislation, since they actually apply to all types of innovative legislation that requires organisation of new structural and functional components. There are additionally costs to be borne exclusively by private enterprises, since business actions aimed at ensuring data protection entail considerable commercial costs. Only think of the costs related to adjusting technology infrastructures in a business, managing personal data processing, training and upgrading staff in charge of these activities. However, such costs are no mere business liabilities: in fact, they are a source of assets for businesses. The entrepreneurial commitment towards meeting the expectations of consumers and users of goods and physical/non-physical services can enhance businesses’ competitive chances by promoting the development of innovative approaches to increase customer loyalty and acquire new markets. Any far-sighted commercial policy must be based on customer trust and is aimed at improving such trust. In fact, the competitive advantage resulting from application of business rules for appropriate personal data processing is the outcome of the enhanced trust between supplier and consumer generated by the protection of privacy. A study recently carried out in the USA by the Boston Consulting Group showed that the growth of E-commerce would more than double in a short time span if users felt safe and were confident that their privacy was respected during network transactions. Ever since October 1997, the European Commission laid down framework guidelines to stress the importance of the protection and security of personal information, in order to carry out commercial activities and/or private communications on the Internet (Ensuring Trust and Security in Electronic Communications, 8 October 1997). The Commission pointed out that data protection by way of specific security measures to be adopted by businesses is the outcome of a complex, permanent activity requiring organisational measures that should be continuously updated and assessed. It was also added that personal information should be protected irrespective of its format and/or the media (paper, computerised, or any other kind) on which it is stored. In the Commission’s paper it was also highlighted that the adequacy principle was based on the relationship between adopted (or yet to be adopted) measures and a set of reference criteria such as the degree of sensitivity of the personal data undergoing processing, the controller’s internal circulation rules, external flows to other processors, dissemination procedures, archiving methods, and so on. 208 Da costo a risorsa - Attività produttive e protezione dei dati personali On the international level, businesses and users can be said to have significantly shifted towards the shared understanding of the protection of online privacy as a resource, with a view to strengthening the electronic infrastructure that is the backbone of the information society. A Harris Westin survey has shown that 52% of computer users consider privacy protection to be the main factor influencing their decision to go on the Net. The 1997 Bonn Ministerial Conference pointed out the need for global information networks to provide the amplest opportunity for strengthening democratic and social values and pinpointed user cooperation and support as the driving forces for network development – provided adequate data protection is ensured – so as to enhance the trust relationship between users and the Net. Thus, investing in privacy is to be regarded as a basic feature of quality products and services. 3. Protection of Consumers and Users. Innovations. European Community’s Initiatives Being privacy to be regarded as a resource for business development, the protection of consumers and users takes on fundamental importance. Within the EU, the basic factor that has led to the express recognition of consumer rights as well as to their protection has been the activity carried out by community institutions. Under Article 153 of the EC Treaty – as amended by the Amsterdam Treaty , the European Commission contributes to protecting security and economic interests of consumers, promoting their right to information and organising their interests. It was thanks to Maastricht Treaty that consumer protection – not specifically taken into account in the Rome Treaty – became a component of community policy in its own right with a view to contributing to the enhancement of consumer protection measures. The process leading to a specific community policy was supported in organisational terms by the creation of an ad-hoc general directorate of the Commission, which is responsible for verifying that consumer interests are respected in the shaping of Community policies, as well as for increasing market transparency, improving the security of product and consumer services in the single market, enhancing consumer trust – in particular by expanding information flows -, and setting up and maintaining a dialogue between the Commission and consumer representatives. The above developments have been shaping a wholly new type of consumer, whose function is to be attached fundamental importance since it actually goes beyond the scope of the contract stipulated with suppliers/producers – in fact, it is becoming a part of the market openness policy and product quality optimisation. G i u s e p p e S a n t a n i e l l o - B u s i n e s s e s , U s e r s , C o n s u m e r s : To w a r d a N e w R e l a t i o n s h i p 209 Following its decision of 25 January 1999, the European Community was provided with a unified operational tool in which the general framework applying to the activities aimed at promoting consumer interests and ensuring a high protection level was laid down. This framework was adopted for the 1999-2003 period to support and supplement the policies adopted by the individual Member States; it envisages the support of European consumer organisations as well as the funding of specific projects. Four areas of activity were identified, namely consumer health and education in connection with products and services, education and information of consumers as to their rights, promotion and representation of consumer interests. Considerable attention was also paid at Community level to the availability of legal remedies for consumers. The legal safeguards afforded to individual consumers as well as the judicial protection of the collective interests applying to consumers – in particular as regards the locus standi of consumer organisations intended to further such interests – were found to be especially important. These protective measures also point to a wholly new development, i.e. the fact that the individual measures are aimed not only to protect such companies as operate on the market, but also to provide safeguards for consumers; the latter should be actually regarded as entities contributing - jointly with businesses - to ensuring operation of the market competition model, which must be protected in order to allow continued, dynamic economic development and benefit society as a whole. Consideration of the “consumer” concept and its protection should be accompanied by the analysis of the role played by “users” – with particular regard to public facilities catering for their needs. There are several similarities between user-citizens and consumer-citizens; however, there are also differences between the subjection status of consumers – considered as weak parties in the stipulation of contracts concerning consumer goods offered by private entities – and the subjection status of users of public facilities, who are subjected to the decisions made by the public company delivering the relevant service(s). This is exactly an area, in which the protection of fundamental human rights can prove effective in order to ensure fair, balanced relationships between public service providers and users. 4. Forerunners: The Anglo-Saxon Systems I have referred so far mainly to Community law sources as regards consumer legislation. However, it should be stressed that the forerunners of this type of protection can be found in the American as well as in the British legal systems. They have been 210 Da costo a risorsa - Attività produttive e protezione dei dati personali the first to (also) grant judicial protection to interests that are not necessarily individual-oriented – such as individual rights – as they are of supra-individual nature, i.e. they concern a given category or organised group. From this viewpoint, their scope goes beyond that of the individual’s interest: they are called collective and/or community interests, being the expression of a community group. In Anglo-Saxon systems, the protection of the interests of consumer and user associations has been ensured within this framework – not so much on the basis of statutory instruments, as because of the influence of either the common law or self-regulatory tools. It should be pointed out that the innovation drive of Anglo-Saxon legal systems reserved the legal remedy consisting in the recognition of the so-called class actions exactly for consumer associations. 5. Italian Legislation As to Italy’s legal system, Act no. 281/1998 set forth the general regulatory framework applying to consumers and users. Three main topics can be distinguished. Firstly, the Act guarantees the fundamental rights as well as the individual and collective interests of consumers and users from a substantive viewpoint. Secondly, as regards procedural issues, the protection of those rights and interests is supported in that the role to be played by consumer associations in judicial proceedings is specified. Thirdly, the issue of the institutional representation of consumers and users is addressed; to that end, the Act provides for setting up the National Board of Consumers and Users. More specifically, this Act addresses the rights to product and service quality, fairness and openness in contractual relationships concerning goods and services, and the delivery of high-quality, effective public services. 6. Conclusion The development of fundamental human rights, in whose framework privacy retains its fundamental role, is part and parcel of the changes currently involving our society and institutions, the conduct and life-styles of both individuals and communities – in particular, it is part of the quick-paced economic development mechanism that is usually referred to as globalisation. In this context, privacy shows its dual role – being both a safeguard for individuals, and an opportunity to be seized by businesses. However, the growing globalisation of markets should be also taken into account, as it entails the extension of space and time coordinates. On the one hand, G i u s e p p e S a n t a n i e l l o - B u s i n e s s e s , U s e r s , C o n s u m e r s : To w a r d a N e w R e l a t i o n s h i p 211 markets are rich in production potentialities and can generate new profits at all latitudes; on the other hand, it is necessary to prevent the risk that markets are exposed to tensions, unbalances and decompensation. It is necessary, above all, to counteract such unbalances and humanise market dynamics – which can only be achieved by ensuring the protection of fundamental human rights. Therefore, the key to achieve fully positive developments consists in ensuring growth of a global marketplace that is mindful of fundamental human rights – in whose framework privacy retains a fundamental role. Within this new boundary, the values underlying a universalised economic system can be implemented on the foundations of globalised safeguards so as to achieve widespread progress. 212 Da costo a risorsa - Attività produttive e protezione dei dati personali Competizione economica: i vantaggi della protezione dei dati Giuseppe Tesauro(1) La relazione che lega concorrenza e informazione ovvero, guardando l’altro lato della medaglia, concorrenza e protezione dei dati, ha in primo luogo una dimensione sostanziale, che però non è così lineare come potrebbe a prima vista apparire. Infatti, se la concorrenza perfetta implica come condizione necessaria una puntuale e completa informazione tra tutti gli operatori (quindi l’assenza di asimmetrie informative), è anche vero che lo scambio di tali informazioni può trasformarsi in uno strumento che facilita condotte collusive. È evidente che questa problematica è di fondamentale rilevanza per una Autorità preposta alla tutela della concorrenza, dal momento che in molti contesti diventa cruciale distinguere se la protezione dei dati è essenziale per evitare scambi di informazioni in grado di consentire il coordinamento (esplicito o tacito) tra imprese concorrenti, o se invece tale scambio possa rendere così trasparente il mercato da incentivare strategie competitive a vantaggio del consumatore finale. La rilevanza del tema è dimostrata dal fatto che gli organi di giustizia, sia comunitari che nazionali, hanno da tempo sostenuto la natura illecita dello scambio di informazioni. La liceità o meno dello scambio di informazioni è in primo luogo legata alla natura sensibile dei dati. Questo implica che lo scambio di segreti aziendali, così come di informazioni sulle strategie d’impresa (quali i prezzi o le politiche di marketing) o sulla struttura d’impresa (ad esempio sui costi o sulla funzione di domanda) è elemento potenzialmente sufficiente per individuare uno “spirito anticoncorrenziale” della condotta. Secondo fattore da valutare riguarda la forma con la quale tali dati vengono trasmessi. Infatti, uno scambio di dati aventi natura sensibile in modo disaggregato è da valutare diversamente dal medesimo scambio ma in forma aggregata, ovvero in modo tale da non consentire ai concorrenti di risalire alle informazioni sui singoli operatori. Terzo elemento è la tempistica nel senso che uno scambio di dati sensibili e disaggregati in modo sistematico e ravvicinato nel tempo consente un grado di conoscenza e una capacità di reazione tra concorrenti in grado certamente di agevolare il reciproco coordinamento su equilibri non concorrenziali. Altro elemento è la divulgazione limitata ai partecipanti allo scambio di tali informazioni. Si tratta forse del fattore centrale nell’analisi, dal momento che se i da(1) Presidente Autorità garante per la concorrenza ed il mercato - Italia Giuseppe Tesauro - Competizione economica: i vantaggi della protezione dei dati 213 ti vengono utilizzati solo tra gli operatori concorrenti la loro funzione non può che essere quella di strumento facilitante la collusione, essendo veicolo per l’osservazione delle azioni e pertanto di reazione tra le imprese. Viceversa, se le informazioni sono rese pubbliche, dove per pubbliche si fa riferimento alla divulgazione soprattutto ai consumatori, è possibile che queste assumano la veste di strumento che aumenta la trasparenza nel mercato, facilita il confronto tra i prezzi, la qualità e la gamma dei prodotti/servizi offerti e quindi incentiva il gioco competitivo tra le imprese. La stessa Commissione, già nella Relazione sulla politica della concorrenza del 1977, aveva chiarito che la differenza, o meglio una delle differenze, tra scambi di informazioni statistiche consentiti e scambi vietati concerneva proprio la limitazione della diffusione ai soli operatori e non a vantaggio del mercato (inteso come insieme dei consumatori e dei concorrenti non aderenti allo scambio). Questo tipo di analisi è stata seguita in varie istruttorie condotte dall’Autorità garante della concorrenza e del mercato, da ultimo nel recente caso nel settore assicurativo. Si trattava di un sistema di scambio di informazioni su dati estremamente sensibili (tariffe, premi, tipologie di polizze, sconti, previsioni future, ecc) tra le principali compagnie assicurative, posto in essere tramite una società terza, che è stato qualificato come pratica concordata avente un oggetto illecito, in quanto in grado di facilitare l’uniformazione delle condotte commerciali delle imprese, quindi di determinare premi commerciali più elevati rispetto a quelli che si sarebbero registrati in un mercato concorrenziale. A tale conclusione l’Autorità è giunta rilevando (i) la natura sensibile dei dati (si trattava di informazioni acquisibili solo dalle imprese e non dal mercato), (ii) la disaggregazione delle informazioni poi trasmesse ai partecipanti (i dati erano individuati per singola società), (iii) la divulgazione limitata alle compagnie aderenti al sistema e (iv) alla continuità nel tempo del sistema di trasferimento dei dati di input e di output. Oltre ad essere rilevante essendo il primo caso nel quale lo scambio in sé è stato ritenuto lesivo della concorrenza avendo un oggetto illecito, in grado di facilitare condotte coordinate, esso è stato utile al fine di chiarire i limiti oltre i quali lo scambio di informazioni diventa lesivo della concorrenza. Inoltre, è stato ribadito il principio secondo il quale non rileva la “modalità” attraverso la quale lo scambio viene posto in essere, nel senso che le parti possono anche servirsi di una società terza, senza che questo incida sulla illiceità della condotta. Ciò che rileva è la natura riservata dei dati scambiati, la possibilità di risalire a ogni operatore e la limitazione della loro conoscenza alle parti e non anche ai consumatori. In un simile contesto il trasferimento di quei dati tra le imprese era uno strumento pro-collusivo e certamente non incentivante la trasparenza e in definitiva la concorrenza tra le imprese. La necessità di condurre questo tipo di analisi è stata avvertita in numerosi al- 214 Da costo a risorsa - Attività produttive e protezione dei dati personali tri casi istruttori, nei quali lo scambio di informazioni è stato spesso qualificato come strumentale o come condotta ricompresa in una più complessa e vasta intesa, frequentemente in seno ad una associazione di categoria. Non è facile distinguere se e quando i dati oggetto di scambio meritano protezione, ovvero devono necessariamente rimanere nell’ambito dell’impresa e non diventare oggetto di scambio tra concorrenti, o viceversa meritano la massima divulgazione per favorire il confronto concorrenziale. Una informazione chiara e trasparente al pubblico dei consumatori, in grado di rendere agevole la valutazione delle tariffe, il confronto e la comparazione sui vari parametri tra imprese, potrebbe essere uno strumento importante per rendere trasparente il mercato, aumentare il grado di conoscenza del consumatore sul servizio e quindi indurlo a porre in concorrenza le compagnie nella formulazione delle offerte. I settori ove tale problematica emerge sempre più di frequente sono quelli ove è necessaria una qualche forma di regolamentazione o di controllo pubblico. E’ questo il caso del settore farmaceutico, settore nel quale la rilevazione dai dati sulle vendite appare talvolta funzionale al controllo della spesa farmaceutica pubblica. La ricerca del confine tra dati da proteggere e dati invece da rendere pubblici diventa in questi casi questione delicata. Infatti, in tale settore (oggetto di vari interventi anche comunitari - da ultimo il caso comunitario di abuso Ims) le rilevazioni sulle vendite è arrivato ad un livello di dettaglio da poter praticamente consentire di risalire al farmaco venduto dal singolo medico in un’area di pochissime farmacie. Proprio per il rischio che una simile disaggregazione, frequenza e sensibilità di dati, possa trasformarsi in uno strumento quantomeno disincentivante la concorrenza tra le imprese, l’Autorità ha espresso alcune “preoccupazioni” in una segnalazione al legislatore. Si tratta della segnalazione sulla “Rilevazione dei dati di vendita dei medicinali a carico del Sistema sanitario nazionale”, del 29/03/2001, nella quale è stata rilevata la possibile distorsione della concorrenza derivante da alcune disposizioni, sulla raccolta dei dati concernenti la vendita dei farmaci, effettuata dalle farmacie pubbliche e private, contenute nell’accordo collettivo nazionale tra il Ssn e le farmacie del 3 aprile 1997, nella l. 448/98 (“Misure di finanza pubblica per la stabilizzazione e lo sviluppo”) e nel decreto del Ministero della Sanità n. 7032/99. Le disposizioni prevedevano la raccolta da parte di Federfarma dei dati di vendita contenuti nel fustello dei medicinali dispensati con onere a carico del Servizio sanitario nazionale per la trasmissione al Ministero della Sanità. Tale sistema è stato recentemente esteso dalla legge finanziaria 2001 anche alla raccolta dei “dati presenti sulla ricetta leggibili otticamente relativi al codice del medico, al codice dell’assistito ed alla data di emissione della prescrizione”. L’Autorità ha ritenuto che il sistema potesse produrre effetti restrittivi della Giuseppe Tesauro - Competizione economica: i vantaggi della protezione dei dati 215 concorrenza qualora alcune delle informazioni raccolte fossero state portate a conoscenza delle imprese farmaceutiche. Nessuna distorsione della concorrenza appariva, al contrario, rilevabile con riferimento all’acquisizione di tali dati da parte degli organi del Servizio sanitario nazionale, ovvero delle Asl, delle Regioni e del Ministero della Sanità, essendo in questa ipotesi le informazioni acquisite funzionali al controllo e alle politiche relative alla spesa farmaceutica. Per quanto riguarda invece la cessione di tali dati da parte di Federfarma a soggetti privati, possibilità espressamente prevista, le stesse fonti normative primarie e secondarie non specificavano limiti o cautele in merito al tipo di informazioni che potessero essere cedute o alla loro aggregazione. L’Autorità ha quindi ritenuto che la cessione di tali dati ai soggetti privati, in assenza di specifici limiti e cautele, potesse consentire un utilizzo improprio degli stessi, in grado di ridurre o alterare la concorrenza fra imprese farmaceutiche. La diffusione dei dati in oggetto poteva, innanzitutto, elevare in modo eccessivo la trasparenza del mercato, rendendo più facili condotte non competitive. In particolare, per i farmaci soggetti ad obbligo di prescrizione (medicinali etici in classe A, B e C), la conoscenza diretta o indiretta (attraverso un’aggregazione minima dei dati di vendita) delle modalità di prescrizione da parte dei medici poteva alterare le politiche informativo-promozionali delle imprese farmaceutiche inducendole a porre in essere iniziative dirette anche a ripartizioni territoriali, incidendo in tal modo sui meccanismi di concorrenza. Con riferimento a questa tipologia di farmaci, l’attività informativa-promozionale rappresenta, infatti, uno dei principali ambiti nei quali si svolge il confronto concorrenziale fra le imprese farmaceutiche. Sulla base di tali considerazioni, l’Autorità ha ritenuto opportuno che la disciplina relativa al sistema di raccolta dei dati di vendita dei farmaci soggetti a rimborso venisse integrata con limiti e cautele per l’eventuale cessione a privati dei dati raccolti in base ad un obbligo imposto dalla legge. In primo luogo, è stato rilevato che dovesse essere espressamente esclusa la possibilità che vengano ceduti dati relativi al medico e al paziente. Inoltre, per quanto riguarda i dati di vendita, avrebbe dovuto essere stabilito che essi potessero essere ceduti solo in forma aggregata non in grado di individuare, direttamente o indirettamente, la posizione delle imprese concorrenti con riferimento ad ambiti territoriali estremamente circoscritti; il livello di aggregazione minimo doveva identificarsi con l’ambito spaziale corrispondente al territorio provinciale, ovvero con quello corrispondente alle singole Aziende Sanitarie Locali. Quanto descritto evidenzia la difficoltà di individuare una chiara linea di confine tra dati da proteggere a tutela della stessa struttura competitiva del mercato e dati invece da diffondere per agevolare lo “spostamento” dei consumatori e quindi la aggressività in termini di strategie concorrenziali tra le imprese. La rilevanza della riservatezza di dati ed informazioni confidenziali viene in ri- 216 Da costo a risorsa - Attività produttive e protezione dei dati personali lievo poi in relazione ai procedimenti di concorrenza, in cui vanno considerati insieme ed in rapporto ad altri valori meritevoli di tutela. Una prima questione è l’interferenza della disciplina della privacy sul trattamento delle informazioni confidenziali nell’ambito dei procedimenti di concorrenza. Il regime introdotto dalla disciplina sulla privacy non interferisce direttamente sul regime della riservatezza e dell’accesso prevista dalla normativa antitrust. Questo primo punto mi sembra pacifico, ove si consideri la legge n. 675/96 che in sostanza fa salvi i regimi di comunicazione e diffusione di dati da parte di soggetti pubblici (art. 27, comma 2), nonché le vigenti norme in materia di accesso ai documenti amministrativi (art. 43, comma 2). In secondo luogo, la riservatezza che generalmente viene in rilievo in materia di concorrenza è quella relativa, tranne alcune eccezioni, alle informazioni confidenziali di carattere commerciale delle imprese coinvolte nei procedimenti antitrust. Si tratta cioè di dati non direttamente riconducibili al cosiddetto nucleo duro della privacy, ossia i cosiddetti “dati sensibili” riconducibili alla dignità della persona e di diretta estrazione costituzionale, che nella legge 675/96 ricevono a buon diritto una tutela rafforzata. Ciò, ben inteso, non perché si intende negare riconoscimento alle informazioni confidenziali delle persone giuridiche, parimenti ricomprese nell’ambito di applicazione della legge in questione; ma solo perché, nell’ipotesi di contrapposizione insanabile tra diritto alla riservatezza e diritto di difesa – che in materia di concorrenza possono trovarsi in posizione confliggente - l’esito del contemperamento assume toni meno drammatici di quanto potrebbe risultare in un conflitto con dei dati sensibili legati alla dignità di una persona fisica(2). Ciò premesso, la disciplina specifica del regime della riservatezza in materia di concorrenza viene essenzialmente in rilievo nell’ambito del regime dell’accesso. Nel quadro di un procedimento antitrust il diritto delle parti “imputate” ad accedere ai documenti raccolti nell’ambito dell’istruttoria è ampiamente riconosciuto perché è null’altro che il corollario del diritto di difesa delle parti; ma va contemperato con altri interessi meritevoli di tutela, quali appunto la riservatezza di informazioni di natura personale o commerciale comunicate dalle parti del procedimento, dai denuncianti o parti terze estranee al procedimento. La disciplina nazionale è interamente ispirata a quella comunitaria. In ambito comunitario, in particolare, i principi rilevanti sono esplicitati nella Comunicazione sul diritto di accesso ai documenti acquisiti nei procedimenti antitrust(3), dove la (2) Ciò detto, anche in relazione alla esigenza di riservatezza di informazioni commerciali delle imprese è forse possibile identificare un ancoraggio costituzionale, un po’ più mediato, nel diritto di proprietà e nello stesso diritto relativo alla libertà di iniziativa economica. (3) Comunicazione della Commissione relativa alle regole procedimentali interne per l’esame delle domande di accesso al fascicolo nei casi di applicazione degli articoli 85 e 86 del Trattato CE, degli articoli 65 e 66 del Trattato CECA e del regolamento CEE 464/89, sul controllo delle concentrazioni tra imprese, in GUCE del 23/1/97, n. C 23/3. Giuseppe Tesauro - Competizione economica: i vantaggi della protezione dei dati 217 Commissione fornisce un quadro completo della disciplina rilevante, sistematizzando taluni principi elaborati dalla giurisprudenza comunitaria nella materia(4). La disciplina nazionale prevede dei principi sostanzialmente analoghi. Per cominciare, la disciplina in questione si pone in un rapporto di specialità rispetto al regime generale sancito dall’art. 22 della nota legge n. 241/90 sulla trasparenza dei procedimenti amministrativi per il fatto che sussiste nei procedimenti antitrust l’esigenza di contemperare contrapposti interessi, da un lato il diritto di difesa delle parti, di cui, come si è detto, l’accesso è diretto corollario, dall’altro la salvaguardia di altri interessi meritevoli di tutela, quali la riservatezza di informazioni di natura personale o commerciale comunicate dai partecipanti al procedimento o comunque acquisite dall’Autorità attraverso l’esercizio dei propri poteri investigativi. La specialità della disciplina dell’accesso in materia di concorrenza è stata avallata dal giudice amministrativo (sentenze n. 873 del 15/04/99, Vendo Musica, e n.103 del 14/01/2000, Vetri), nonché ormai anche codificata nell’ordinamento dall’emendato art. 23 della legge 241, nella nuova formulazione recentemente introdotta dall’art. 4, comma 2, della legge n. 265/99. Sotto il profilo soggettivo, il diritto d’accesso è innanzitutto, ed in forma più generosa, riconosciuto alle parti “imputate” del procedimento, che lo esercitano come strumento di esercizio dei diritti di difesa. Inoltre, anche gli altri soggetti che partecipano al procedimento in funzione di un interesse giuridicamente rilevante hanno diritto ad accedere ai documenti del fascicolo. Si tratta in sostanza, di quei soggetti portatori di interessi pubblici o privati, nonché le associazioni di consumatori, cui possa derivare un pregiudizio, diretto, immediato e attuale dalle infrazioni oggetto dell’istruttoria o dai provvedimenti adottati in esito alla stessa ” (cfr. art. 13, comma 1 e art. 7 dpr 217/98). In sostanza, il legislatore identifica l’interesse legittimante all’accesso con il pregiudizio che un soggetto può ricevere dalle infrazioni oggetto di accertamento o dall’esito di un procedimento dell’Autorità. Sotto il profilo oggettivo, sul modello di quanto previsto in sede comunitaria, la legge identifica tre categorie di documenti suscettibili di segretazione: ossia le informazioni riservate, comprensive, tra l’altro, degli atti contenenti informazioni che permettono di svelare l’identità di coloro che hanno fornito l’informazione o che desiderano mantenere l’anonimato rispetto alle parti, nonché taluni tipi di informazioni comunicate alla Commissione a condizione che ne venga rispettata la riservatezza; ii) i segreti commerciali, intendendo per tali quelle informazioni che oggettivamente hanno un valore commerciale sensibile, e la cui divulgazione può arrecare pregudizio economico all’impresa; iii) le note interne, ossia ogni elaborazione degli uffici con funzioni di studio e preparazione del contenuto degli atti nel corso dell’istruttoria, nonché la corrispondenza eventualmente intercorsa con altre (4) Si veda in particolare la sentenza 29 giugno 1995, Solvay c/Commissione, causa T-30/91, p. II-1775. 218 Da costo a risorsa - Attività produttive e protezione dei dati personali istituzioni (art. 13, comma 5). Mentre con riferimento a quest’ultima categoria è sempre esclusa l’azionabilità al diritto di accesso - e così anche in ambito comunitario -, per le prime due l’ostensibilità è garantita entro certi limiti, peraltro differenti per l’una e l’altra categoria di documenti. Per quanto riguarda in particolare le informazioni riservate, si pone un principio “positivo” di accesso cui si può derogare eccezionalmente, sicché questo è di regola consentito nei limiti in cui ciò sia necessario per assicurare il contraddittorio(5). In merito, per converso ai segreti commerciali, la norma prevede una forma di tutela rafforzata, ponendo il principio opposto di sottrazione all’accesso, salvo che dette informazioni non forniscano elementi di prova di un’infrazione o elementi essenziali per la difesa di un’impresa, nel qual caso gli uffici ne consentono l’accesso, limitatamente a tali elementi (6). In altri termini, le divergenze testuali delle disposizioni in causa lasciano pensare ad una deliberata volontà del legislatore di assicurare per la sola categoria dei segreti commerciali una sorta di tutela rafforzata. Concretamente, l’Autorità procede, in relazione alla documentazione per la quale sia stata richiesta la segretazione, al bilanciamento degli opposti interessi all’accesso ed alla riservatezza. (5) L’art. 13 § 2 d.p.r. n. 217/98 prevede che “Qualora i documenti contengano informazioni riservate di carattere personale, commerciale, industriale e finanziario, relative a persone e imprese coinvolte nei procedimenti, il diritto di accesso è consentito, in tutto o in parte, nei limiti in cui ciò sia necessario per assicurare il contraddittorio” (6) L’art. 13 § 3 d.p.r. n. 217/98 prevede che “I documenti che contengono segreti commerciali sono sottratti all’accesso. Qualora essi forniscano elementi di prova di un’infrazione o elementi essenziali per la difesa di un’impresa, gli uffici ne consentono l’accesso, 219 Giuseppe Tesauro - Competizione economica: i vantaggi della protezione dei dati 219 Business Competition: Advantages of Data Protection Giuseppe Tesauro(1) The relationship between competition and information – or, if you consider the other side of the coin, competition and data protection – has substantive features, which are not, however, as simple as one might imagine. Indeed, if a prerequisite for perfect competition is full, detailed information of all stakeholders – i.e. the lack of information asymmetry -, it is unquestionable that the exchange of such information may turn into a tool facilitating collusion. These issues obviously play a key role with regard to an authority that is in charge of safeguarding competition, since in many cases it is fundamental to establish whether data protection is indispensable to prevent information exchanges that might allow competing business to explicitly or tacitly co-ordinate their activities, or maybe those exchanges can enhance market transparency to such a degree that competitive policies are devised with an overall benefit for end-consumers. Proof of the importance of this subject matter is given by the fact the both Community and national judicial authorities have been long upholding the view that information exchanges are unlawful. Lawfulness of information exchanges is related, first and foremost, to the sensitive nature of the data. This implies that the exchange of business secrets and/or information on corporate strategies – such as prices or marketing policies – and corporate structure – such as costs and demand patterns – is potentially enough to establish the existence of “anti-competitive” conduct. A further consideration to be made has to do with the manner in which those data are conveyed. Exchanging disaggregate sensitive data is to be evaluated differently from exchanging those same data in aggregate form, i.e. in a way preventing competitors from tracking information on the individual operators. A third issue has to do with timing, in that exchanging sensitive, disaggregate data in a systematic fashion and at short time intervals allows competing entities to attain a degree of knowledge and response capability such as to undoubtedly facilitate their striking a non-competitive balance. Another item to be taken into account is disclosure as limited to the participants in the exchange of this type of information. This is perhaps the key consideration here: indeed, if the data are only used by competing operators, they cannot but be used as a tool to facilitate collusion – providing a key to interpret activities and react accordingly. Conversely, if the information is published – where published means disclosed to, above all, consumers – it is likely to become a tool enhancing market trans(1) President, Italian Anti-Trust Authority 220 Da costo a risorsa - Attività produttive e protezione dei dati personali parency, facilitating comparison of prices, quality and products/services on offer and, therefore, promoting competitive company strategies. The Commission itself, in its Report on competition policies of 1977, had highlighted that the difference, or rather one of the differences, between lawful and unlawful exchanges of statistical information had to do exactly with the scope of its dissemination – i.e. among market operators rather than within the marketplace as a whole, where marketplace includes consumers and competitors not involved in those exchanges. This type of analysis was carried out in several proceedings instituted by the Italian anti-trust authority – of late, with regard to the insurance sector. In this case it was a system for exchanging information on quite sensitive data – rates, premia, types of policy, discounts, forecasts, etc. – among the most important insurance companies, which had been set up by way of a third-party company. This system was considered to be an instance of concerted practice with a view to unlawful purposes since it could facilitate adoption of unified commercial policies by the relevant undertakings, which would be able to set higher commercial premia compared with those applying to a competitive market. This conclusion could be drawn by the Authority on the basis of (i) the sensitive nature of the information – which could only be gathered by undertakings rather than by the market as a whole, (ii) the disaggregation of the information subsequently forwarded to the participants – the data were specifically intended for the individual companies, (iii) the fact that dissemination was only limited to the companies adhering to the system, and (iv) the continuing nature of input and output data transfers. The importance of this case consists not only in its being the first one in which the exchange of data as such was considered to be in breach of competition rules – being aimed at unlawful purposes in order to facilitate concerted practices – but also in the fact that it could usefully highlight the boundary beyond which exchanging information becomes an anti-competitive practice. Additionally, it allowed re-affirming the principle that the manner in which such exchange takes place is irrelevant – since the parties may also make use of a third-party company without this producing any effects on unlawfulness of their conduct. What really matters is the confidential nature of the exchanged information, the possibility to track each individual operator and the fact that the information is only available to the parties at stake rather than to consumers as well. Given the specific background, transfer of the data among the businesses involved was a means to facilitate business collusion rather than to enhance transparency and ultimately competition. The need for this type of analysis was felt in many other proceedings, where the exchange of information was often found to be either instrumental to or part of a larger, more complex agreement that had frequently been made within a trade association. It is not easy to establish if and when the exchanged data deserve protection or else must absolutely remain inside a business without becoming the subject of an ex- Giuseppe Tesauro - Economic Competition: Advantages of Data Protection 221 change between competitors, or perhaps should be disseminated to the highest possible degree in order to promote competition. Clear-cut, open information to consumers such as to facilitate price assessment as well as comparisons of the different business parameters might be a major tool to enhance market transparency, increase consumers’ awareness of a service and therefore encourage them to get businesses to compete in offering their products. The sectors in which these issues arise with increasing frequency are those requiring some type of public regulation and/or control. This applies to the pharmaceutical sector, where sales data surveys sometimes appear to be instrumental to the control of public expenditure in that sector. Setting the boundary between the data to be protected and the data to be made public becomes a highly sensitive issue under these circumstances. Indeed, sales data have become so detailed in this sector – which has also been the subject of Community measures, including lately the IMS misuse case – that they practically allow identifying the individual drug as sold by the individual physician in an area including very few pharmacies. Exactly because of the risk that such a level of disaggregation coupled with the frequency and sensitivity of the surveyed data might turn into a factor discouraging, if nothing, business competition, our Authority expressed its “concern” in a report submitted to Parliament. This report relates to the “Survey of Sales Data in respect of Drugs Paid for by the National Health System” of 29.03.01 and points out the possible distortion of competition resulting from certain provisions on the collection of drug sales data as performed by public and private pharmacies in pursuance of the national collective agreement between NHS and pharmacies of 3 April 1997 as well as of Act no. 448/1998 (including “Public Financial Measures for Stabilisation and Development”) and the Health Minister’s decree no. 7032/1999. Those provisions required Federfarma [the federation of Italy’s drug manufacturers] to collect sales data as included in the package tags removed from drugs paid for by the National Health System and subsequently forward them to the Ministry of Health. This system was recently extended by the 2001 Budget Act to the collection “of optically readable prescription data concerning physician’s code number, patient’s code number and prescription issue date”. Our Authority considered that this system might produce restrictive effects on competition if any of the collected data were made known to drug manufacturers. Conversely, no distortion of competition appeared to result from acquisition of those data by NHS bodies, since the acquired data were instrumental to control and policy-making in respect of pharmaceutical expenditure. As for Federfarma’s assignment of the data to private entities – which is expressly permitted under the law – primary and secondary legislation sources do not specify limitations and/or precautions applying to the type of information that may be assigned or else to the aggregation level. Therefore, our Authority ruled that as- 222 Da costo a risorsa - Attività produttive e protezione dei dati personali signment of such data to private entities in the absence of specific limitations and precautions might allow inappropriate use of those data such as to reduce or alter competition among pharmaceutical businesses. Dissemination of the data at stake could, first and foremost, enhance market transparency excessively by facilitating non-competitive practices. This applies, in particular, to prescription drugs – so-called ethical drugs included in A, B and C classes – since direct and/or indirect knowledge of physicians’ prescription patterns, based in the latter case on the loose aggregation of sales data, may affect businesses’ information and promotion policies by leading them to take steps aimed eventually at slicing up a given territory – which cannot but alter competition mechanisms. Indeed, with regard to these drugs information and promotion activities make up one of the main areas in which pharmaceutical businesses usually compete. Based on the above considerations, our Authority considered it appropriate for the provisions on collection of sales data concerning refundable drugs to be supplemented by the specification of limitations and precautions with regard to the possibility of providing private entities with data that are collected pursuant to law. Firstly, it was stressed that the assignment of data concerning physicians and patients should be expressly ruled out. Additionally, as for sales data, it should be required that they be only transferred in aggregated format so as to prevent establishing, whether directly or indirectly, the positions of competing businesses within a limited geographic area; the minimum aggregation level should consist in the geographic area corresponding to a province, or else to the individual local health care agencies. This shows how difficult it is to set clear-cut boundaries between data that should be protected in order to safeguard market competition, and data that should be disseminated to facilitate consumers’ “shift” and therefore enhance businesses’ adoption of aggressive competition policies. The privacy issue in connection with confidential data and information is also to be taken into account as regards competition proceedings, where it is to be considered both jointly with and as related to other values deserving protection. A first topic to be considered has to do with the way in which privacy regulations may interfere with processing confidential information in connection with competition-related proceedings. Privacy regulations do not interfere directly with confidentiality and access regulations included in antitrust laws. This first argument cannot be disputed, in my view, especially if one considers that Act no. 675/1996 practically leaves unprejudiced the provisions on data communication and dissemination by public bodies (Section 27(2)) as well as those regulating access to administrative records (Section 43(2)). Secondly, the confidentiality issues that are relevant with regard to competition matters have to do mostly with confidential business information disclosed by businesses that are involved in antitrust proceedings. That is to say, they have to do with data that cannot be classed directly among the so-called core privacy data – i.e. “sen- Giuseppe Tesauro - Economic Competition: Advantages of Data Protection 223 sitive” data, which are related to human dignity and protected directly by the Constitutional Charter, being aptly the subject of enhanced safeguards under Act no. 675/1996. This does not mean that confidential information of legal persons is not taken into consideration – in fact, it falls under the scope of application of the data protection Act; however, if right to privacy and right to defence happened to be in conflict – as may be the case in competition-related proceedings -, the impact of the attempt to strike a balance between those rights should be regarded as less devastating than that possibly resulting from a conflict involving sensitive data related to dignity of individuals.(2) Having said this, the provisions specifically applying to privacy in connection with competition issues are to be taken into account mainly with regard to access issues. Within the framework of antitrust proceedings, the right of “defendant” to access documents collected in the preparatory phase is widely recognised, it being no less than the logical consequence of the parties’ right of defence; however, this right should be reconciled with other interests deserving protection, such as the confidentiality of personal and/or business information that may be disclosed by the parties themselves, the complainants or third parties. National laws are wholly modelled after Community legislation. In particular, the relevant principles underlying the latter were highlighted in the Notice on right of access to documents acquired in the course of antitrust proceedings(3), where the Commission provided a full picture of the relevant provisions by systematising principles developed in Community case law concerning this subject-matter.(4) National law is grounded on basically similar principles. To start with, the relevant provisions particularise the general rules laid down in Section 22 of Act no. 241/1990 on openness of administrative proceedings. A feature of antitrust proceedings consists in the need to reconcile opposing interests – on the one hand the parties’ right of defence, whose direct consequence is the abovementioned right of access, on the other hand the need to ensure respect for other interests deserving protection – such as confidentiality of personal/business information that may be disclosed by the parties to the proceeding or else acquired by the Authority exercising its own investigational power. The fact that competition-related provisions particularise the general rules referred to above was upheld by administrative courts in several decisions and eventually enshrined in the amended text of Section 23 of Act 241/1990 (further to Section 4(2) of Act no. 265/1999). As for the entities concerned, the right of access is granted first and foremost to the parties acting as “defendant” in a proceeding, such parties using this right as a tool (2) Having said this, perhaps the confidentiality requirements applying to business information might be grounded – albeit less directly – on constitutional principles by referring to ownership law and freedom of enterprise. (3) COMMISSION NOTICE on the internal rules of procedure for processing requests for access to the file in cases pursuant to Articles 85 and 86 of the EC Treaty, Articles 65 and 66 of the ECSC Treaty and Council Regulation (EEC) No 4064/89, published in OJEC of 23.01.97 (no. C 23/3) (4) See, in particular, the Decision of 29 June 1995, Solvay v. Commission, Case T-30/91. 224 Da costo a risorsa - Attività produttive e protezione dei dati personali to exercise the rights of defence. Furthermore, the other parties to the proceeding claiming legally enforceable rights are entitled to access the documents included in the case file. Here reference is made basically to entities representing private and/or public interests as well as to consumer associations, which may suffer direct, immediate, present harm on account either of the infringements that are the subject of the proceeding or of the measures taken upon conclusion of the proceeding (see Section 13(1) and Section 7 of Presidential Decree no. 217/1998). Basically, our lawmakers have identified legitimation to access in the harm possibly suffered by an entity either because of the infringements being investigated or on account of the measures that may be taken once the proceeding by our Authority is finalised. As for the substantive matter, three categories of document liable to secrecy rules are referred to in our law after the model set forth at Community level – i.e. confidential information, including records containing information disclosing the identity either of the information providers or of individuals intending to remain anonymous as well as certain categories of information that is supplied to the Commission on condition that it is kept confidential; ii) business secrets, meaning information that is commercially valuable, whose disclosure may be prejudicial to a company in economic terms, and iii) internal notes, i.e. any drafts prepared by officers in order to evaluate and develop the contents of documents to be used in the preparatory phase as well as any correspondence with other institutions (Section 13(5)). Whereas the right of access may never be enforced with regard to the latter category – which is also the case at Community level - , disclosure of the relevant documents is allowed to a certain extent with regard to the former two categories; the extent of disclosure is actually different in the individual case. As regards, in particular, confidential information, an “affirmative” access principle applies that may be derogated from on an exceptional basis – therefore, access is allowed, as a rule, insofar as it is necessary to ensure due process.(5) Conversely, with regard to business secrets a sort of enhanced protection is provided for – access being denied, as a rule, except where the information can provide items of evidence in connection with an infringement, or else essential items of information for a business to defend itself, in which case access is permitted with regard to such items.(6) In other words, the different wording used in the two provisions referred to here would point to the lawmaker’s deliberate intention of ensuring a sort of enhanced protection exclusively with regard to business secrets. In practice, we seek to balance the opposing interests (privacy vs. access) in dealing with documents for which a request of classification has been made. (5) Under Section 13(2) of Presidential Decree no. 217/98, “If a document contains confidential information of a personal, business, industrial or financial character with regard to individuals and businesses involved in the proceedings, the right of access shall be granted, in whole or in part, insofar as it is necessary to ensure due process”. (6) Under Section 13(3) of Presidential Decree no. 217/98, “Documents containing business secrets may not be accessed. If they can provide items of evidence of an infringement, or else essential items of information for a business to defend itself, access shall be granted with regard to said items”. Giuseppe Tesauro - Economic Competition: Advantages of Data Protection 225 The Anonymous Consumer Herbert Burkert(1) Contents: I. Introduction – II. What is the “Anonymous Consumer” – III. Why should we have the Anonymous Consumer? – IV. Does the Anonymous Consumer Make Sense Business-wise? – IV.1. Is the Anonymous Consumer technically possible? - IV.2. Are there still any useful business purposes for non-personal data? – IV.3. Is anonymous data as valuable as personal data? – V. Why do we see so few “Anonymous Consumer” models, and how can we have more of them? – VI. Summing up I. Introduction I intend to approach the issue of the “Anonymous Consumer” by posing four simple questions and looking for brief but not so simple answers: (1) What is the Anonymous Consumer? (2) Why should we have the Anonymous Consumer? (3) Does the Anonymous Consumer make sense - business-wise? And - finally - should the last two questions have been answered in the affirmative, why do we see so few models of the “Anonymous Consumer” and how may this situation be amended? II. What is the Anonymous Consumer? A consumer is any natural person who in the meaning of Art. 2e of the Directive 2000/ 31 is “acting for purposes which are outside his or her trade, business or profession.”(2) The Anonymous Consumer then is a consumer the data on whom, if there is any, cannot be regarded as “personal data” in the meaning of Art. 2 a) of the Directive 95/46 (3), because this data, if any, he or she can no longer be identified ... “directly or indirectly, in particular by reference to an identification num(1) President, Research Centre for Information Law, University of St. Gallen. (2) Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000, on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce), Official Journal 17 July 2000, No. L 178 p.1. (3) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal of the European Communities of 23 November 1995 No L. 281 p. 31. 226 Da costo a risorsa - Attività produttive e protezione dei dati personali ber or to one or more factors specific to his [or her] physical, physiological, mental, economic, cultural or social identity.” Without returning to the debates of the past on the limits of identification and what can really be perceived as “anonymous” in view of the increasing amount of additional knowledge that is available in computer systems today(4), it should suffice for the moment to remember that while to decide whether data is anonymous is a binary decision, this decision has to take into account a large number of “environmental” variables. III. Why should we have the Anonymous Consumer? This question may sound surprising because of its simplicity. If laws require the “Anonymous Consumer” then, of course, we should have the “Anonymous Consumer”. However, behind the question there seems to be a fundamental dilemma of data protection: Data protection is about informational self-determination, and self-determination implies choice. In this context it would be the choice between remaining, becoming or being anonymous and resting identifiable. If the “Anonymous Consumer” is required by law then such choice would be eliminated by the paternal decision of the law maker. Taking away such a choice would de-legitimize the very own normative position of a law maker implementing data protection. Such reasoning, however, would be based on a fallacy, and the normative position can easily be re-legitimized simply by re-questioning the notion of “choice” and by recalling the basic requirements of “choice”: - How frequent are the situations in which a consumer has a real choice between anonymity and identification? - How frequent are the situations in which a consumer can make an educated decision between anonymity and identification? - How frequent are the situations in which a consumer can exercise his or her preference regardless of his or her previous decision? Not very frequent, indeed. - In view of such limitations of choice data protection legislation has wisely supplemented the self-determination principle with a number of other safeguards, like e.g. the data processing principles for data quality and quantity. One of these principles is the “minimum principle” requiring that when designing information handling systems the first question should be whether personal information is needed at all, and if it is such information should be han(4) See already: Burkert, Herbert: Das Problem des Zusatzwissens. In: Kaase, M. et al. (eds..); Datenzugang und Datenschutz. Konsequenzen für die Forschung. Frankfurt am Main 1980, 170-176. Herbert Burkert - The Anonymous Consumer 227 dled as sparingly as possible. Only very recently, the “minimum principle” has only very recently been restated in Recital 30 of Directive 2002/58/EC(5): “ (30) Systems [...]should be designed to limit the amount of personal data necessary to a strict minimum. [...]Where [...] activities cannot be based on aggregated data, they should be considered as [...] services for which the consent of the subscriber is required.” We may therefore summarize: Precisely because choice, as real choice, plays such an important role in the self-determination value system of data protection we do need the “Anonymous Consumer”. The “Anonymous Consumer” remains fully consistent with the normative requirements of data protection. Normative positions, however, have to acknowledge economic forces. This is necessary not to give in into the futility of enforcement in view of such forces, but in order to get a better understanding of the probabilities and conditions of enforcement so that better suited tools of enforcement can be employed. Such tools would have to take into account “the law of natural resistance to law”; or to put it positively, such tools have to consider the attractiveness of the regulatory concept they represent. The next question therefore is: IV. Does the Anonymous Consumer Make Sense Business-wise? This is a very broad question; obviously there are different factors to be considered in different business environments. We will stay here on a more general level. On that level the concept of the “Anonymous Consumer” is occasionally qualified as an absurdity because - very simply - deliveries to real people need real world addresses and real payments from real people to real people have to be settled. However, such a simplistic view neglects technical and organizational opportunities. To understand these opportunities better, it seems useful to break down the initial question into three sub-questions: - Is the “Anonymous Consumer” technically (and/or organizationally) possible (4.1 below)? - If so, are there also reasonable business uses for anonymous consumer data (4.2 below)? - And, finally, are such uses of anonymous data economically equivalent to the use of personalized data (4.3 below)? (5) Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Official Journal of 31 July 2002, L 201, p. 37. 228 Da costo a risorsa - Attività produttive e protezione dei dati personali IV.1. Is the Anonymous Consumer technically possible? In a different context(6) we have described the concepts of “Privacy Enhancing Technologies”. Such technologies (i.e. ensembles of technical and organizational measures) make it possible to interact with persons as individual entities without, however, revealing the personal identity of these persons. Some such measures could e.g. easily be implemented (and are already being partially implemented) to solve the delivery and payment problem: Easily accessible places like e.g. filling stations could be designated as delivery points where customers would pick up the goods they have purchased online. Customers would identify themselves via code numbers they have received from the selling company rather than by revealing their personal identity. Forms of payments have already been tested in which e.g. banks act as trusted third parties ensuring payments for deliveries without revealing the identity of the customer to the selling company. On a more general level several approaches could be imagined to create “Anonymous Consumers”. In business transactions - identifiers could be destroyed after a transaction to make any new matching of identifiers and identified object impossible; - identifiers could be entrusted to third parties or trusted entities within business operators or consumer organizations acting behind “Chinese Walls”; - and finally identifiers could be left with the consumer. All these concepts invite technical and organizational imagination; some of these concepts, as indicated above, have already been implemented. With increasing processing speed, miniaturization, higher compression rates, and stronger processing power we can also well imagine a number of innovative engineering solutions which would work particularly well in the context of “Anonymous Consumer” designs. So, basically, the Anonymous Consumer is both technically and organizationally possible. IV.2. Are there still any useful business purposes for non-personal data? This question is best answered by another question: Is there useful planning with (anonymous) statistical data? If not, we should close our statistical offices. - In fact statistical data is useful precisely because it is anonymous: It is the anonymity of the data which helps to ensure (although it is no absolute guarantee) its validity. Data mining applications are using anonymous data to identify consumption patterns and improve production and logistics. Websites assign identifiers for opti(6) Burkert, Herbert: Privacy Enhancing Technologies.: Typology, Critique, Vision. In: Agre, Philip E.; Rotenberg, Marc (eds): Technology and Privacy: The New Landscape. MIT-Press. Cambridge 1997, 125-142. 229 Herbert Burkert - The Anonymous Consumer 229 mization purposes without tracing the identity. So there are sufficiently wide areas in which anonymous data is useful for business purposes. IV.3. Is anonymous data as valuable as personal data? To state it clearly: Consumers who have chosen to remain anonymous cannot be reached as easily with customer targeted information. Other measures of outreach would, of course, still be possible. “Anonymous Consumers” could even still be the object of improved and continuous customer relationship models; with, however, the final choice of being reached resting with the customer. In terms of marketing response, such a design would , of course, reduce the probability of reach which in turn might change the effort/effect-ratio of direct customer relationship models. The profitability of business organizations, however, does not depend on the profitability of a single activity or a group of activities but on the overall profitability of the entity. Privacy considerations and considerations of customer choice are, of course, part of any comprehensive cost-benefit-analysis of a company. The problem of privacy in such models (this applies for security considerations as well) is that it enters calculations more as a soft than as a hard figure. Soft figures are figures which require individual cost (and benefit) assessments based on individual perceptions which in turn are based on a number of factors on which it is difficult to achieve at least inter-subjective consent. Businesses, again with strong differences among business areas, have over the last years put a stronger emphasis on the benefits of consumer privacy, at least judging from advertisement campaigns; although such a statement would need closer scrutiny since at times, particularly banks and insurance companies read privacy simply as confidentiality towards third parties with out necessarily endorsing an “Anonymous Consumer” concept for their own operations. In summary - while anonymous data is by far not synonymous with useless data the outcome of an evaluative comparison largely depends on the privacy input into the cost-benefit analysis. V. Why do we see so few “Anonymous Consumer” models, and how can we have more of them? We have stated so far - that the “Anonymous Consumer” is technically and organizationally possible; - that the “Anonymous Consumer” is still useful in the business context, al- 230 Da costo a risorsa - Attività produttive e protezione dei dati personali though there are questions about his or her comparative value to the “Identified Consumer”; - and that availability of the “Anonymous Consumer” model is a normative necessity. Against these observations it is striking that there are so few models in operation and if they are they are usually not offered as an equivalent choice. We have already indicated one of the possible explanations: - The comparative value of anonymous information is seen as doubtful. We can assume there are other “environmental” factors at work in this situation. We tentatively list some of them - The perhaps most often used argument is that the consumer does not want it. And where there is no demand, there is no supply. This argument is in contrast with consistent results in opinion polls over the last years, which return privacy as very highly valued. This result in turn is, of course, in contrast with very many so-called real-life decisions where consumers constantly seem to give up their privacy in exchange for easy comfort. However, this contrast rather seems to prove that there are no equally comfortable anonymous solutions available to allow real time decisions to be in tune with long term preferences which then would finally turn the demand problem into a supply problem. - Another element is, of course, still a lack of awareness. One of the standard text books on marketing(7) published after the general European directive does not contain references to privacy related issues although it carries a remarkable section on “marketing and society”. There is also - judging from the available sources - very little experience with the use of Privacy Enhancing Technologies in the context of marketing. - Businesses may be subject to a fallacy as regards the effectiveness of personalized marketing which may lead to a tendency to overrate the benefits of identification and underestimate the benefits of privacy. - There are other elements in the business environment, outside the direct control of businesses which discourage the concept of the “Anonymous Consumer”. There are areas where consumers have to identify themselves for public policy reasons. These obligations should not be confounded e.g. with age verification requirements. Such requirements could be fulfilled by technical and organizational means - using Privacy Enhancing Technology approaches like digital signatures. - Consumer Protection is sometimes juxtaposed with Privacy Protection (7) Kotler, Philip; Armstrong, Gary; Saunders, John; Wong, Veronica: Principles of Marketing. The European Edition. Prentice Hall: London etc. 1996. - Boone, Louis E.; Kurtz, David L.: Contemporary Marketing , 9th ed. 1999 introduces the issue as an internet (technology) related problem in a small 5 line section in its chapter on social and regulatory issues (p. 86). Herbert Burkert - The Anonymous Consumer 231 and - would in such a constellation - indeed discourage the implementation of “Anonymous Consumer” models. Again, however, we meet with habits but not with necessities of thinking: Appropriate use of organizational and technological imagination has and will design consumer protection friendly privacy devices. An anonymous charge card e.g. with printout facilities would provide better means of itemized cost control than detailed records kept at business organizations. In essence then, this list basically leaves us with the initial observation: The comparative value of identifiable consumer information is regarded higher than the value of anonymous information and - as a result of this, no sufficient “Anonymous Consumer” models are produced for the market. To change this situation - against the background of the normative requirements - a cost relevant incentive, possibly in terms of “hard” figures, for the creation of “Anonymous Consumer” models has to be created. Several such incentives to increase the observance of data protection have been discussed in various contexts; e.g. the offer to undergo privacy audits and to ease other supervisory measures in exchange. I assume incentives of a more substantial nature are needed to change the outcome of internal cost/benefit-assessments. In parallel to similar current reflections on information security(8), I suggest - particularly against the background of the current regulatory situation in the European Union - to reflect more on measures to substantially increase the costs of privacy infringements in terms of hard figures by increasing fines, civil damages, introducing punitive damages, and facilitating the transfer of costs of privacy investigations to the investigated party. Since such costs enter cost assessments still only as risk figures, which in turn are the product of the expected disadvantage and the probability of being held responsible, such measures have to be accompanied by facilitating privacy infringement procedures. Since almost thirty years now data protection agencies in Europe have constantly emphasized their educative rather than their interventionist function. It is in this spirit that at the European Commission Workshop on Data Protection, in October 2002, during the session “Better Compliance: Guidance, Enforcement and Self-Regulation” , Mrs Susan Gold, Chair for the UNICE Data Protection Working Group had re-emphasized the general assumption: “In order to ensure compliance, the best sanction is the fear of bad publicity and peer pressure. For all organisations the threat of negative publicity in relation to data protection is more than sufficient to encourage, and (8) See: Schneier, Bruce: Fixing Network Security by Hacking the Business Climate. June 2002. Available at : http://www.counterpane.com/presentation4.pdf [last verified 10 February 2003). 232 Da costo a risorsa - Attività produttive e protezione dei dati personali hopefully to ensure, compliance.”(9) Unfortunately, as we have seen with other business regulations in the not so recent past, this is hardly sufficient. Such considerations, as the one quoted above, do unfortunately not enter cost/benefit analyses as hard figures. On the other hand supervisory authorities in the United States have passed substantial fines or transferred considerable sums of investigation costs to investigated parties. It is obvious that a “penalty” oriented approach is not an overall solution to every problem and that the European approach has certainly helped to raise awareness for privacy issues. The recent US approach on the other hand clearly offers ways how to introduce privacy into internal business equations more effectively. It can also not be neglected that there are fundamental differences in the legal environment between most of the European countries and the possibilities and opportunities of US law on these matters, and it is an open question whether and to what effect and with which costs such elements are transferable from one legal culture into another. Again, however, it has been the European Union which at various occasions has made a point of upholding privacy protection as a universal principle and has strived to help this principle gain effect in a process of regulatory convergence, as represented e.g. by the safe harbor approach trying to bridge US and European Union concerns. It is about time that the European Union realizes that convergence works into both directions and that there are elements in the US approach which would deserve at least closer scrutiny. In a nutshell: Art. 24 of the Directive 95/46 is in urgent need of a reappraisal. VI. Summing up So in summing up the answers: Yes, we should have the “Anonymous Consumer”; consumers do want to have a true choice and consumers should have a true choice. This is part of the value system on which we operate and law is there to enforce it. The “Anonymous Consumer” is technically and organizationally possible. The “Anonymous Consumer” model, however, is still not sufficiently attractive as a business model. This situation could be amended - if in the process of regulatory convergence the balance of the cost/benefit analysis could be slightly tilted in favor of privacy by introducing some new cost factors for non-compliance. (9) http://europa.eu.int/comm/internal_market/en/dataprot/lawreport/speeches/gold_en.pdf - page 5 of her summary. Herbert Burkert - The Anonymous Consumer 233 Prevenzione e risarcimento dei danni Pierluigi Monateri(1) Nel mio intervento affronterò tre punti. In primo luogo farò riferimento ad alcuni casi decisi dalle Corti, per chiarire alcuni concetti che credevo elementari e che invece ieri, nel discorso di Etzioni, ho visto ancora confusi, come lo sono credo volutamente nei discorsi di Posner o di altri. Quindi passerò a un secondo punto che è quello di affrontare l’economia della privacy, come ha fatto ieri Gellman, per vedere quali sono le storture tipiche che il discorso economico subisce quando ci si rivolge alla privacy, ovvero come il discorso normale dell’economista viene piegato in considerazioni che, normalmente, non si fanno, in virtù dell’oggetto particolare della privacy. Infine arriverò a considerare la privacy come fattore strategico nella competizione globalizzata che oggi esiste fra Europa e America. Quindi partirò da un punto molto elementare, nel senso di cose che dovremmo sapere, e le affronterò dal punto di vista del legalese, come ha detto Etzioni. Sicuramente il legalese è noioso, ma è fatto per affrontare il mondo in modo preciso. Certamente spesso il legalese è usato per raggirare il prossimo, però sempre ... con precisione! E allora incominciamo col dire che la questione della tutela della privacy non ha nulla a che fare con l’onore e l’identità personale, e, soprattutto ovviamente non ha nulla a che fare col public interest alla rivelazione di dati per evitare che dei reati siano commessi. La privacy in sé ha anche poco a che fare con la tutela dell’onore quale diritto a non vedersi attribuire fatti non veri e infamanti. Allo stesso modo essa si differenzia dal diritto all’immagine e all’identità, i quali, ovviamente, valgono come diritto a non vedersi attribuire fatti e opinioni che non ci appartengono anche se non sono infamanti. In questi casi siamo sempre nell’ambito del rispetto della verità, di ciò che comunque è vero, sia o meno infamante. La riservatezza di per sé, invece, concerne proprio il problema della privativa sui fatti della propria vita, indipendentemente dal fatto che siano infamanti o meno, o altro; si tratta proprio della definizione di un diritto di proprietà, diciamo così, sui fatti della propria vita, anche se avvenuti in pubblico. Fatti neutri, indipendentemente dai loro riflessi morali o sociali, onde lo stesso nome e indirizzo o, appunto, le proprie preferenze alimentari, di consumatore di libri e così via. In tale ottica analizzerò solo tre casi tra cui l’ultimo che Buttarelli ci ha fatto presente ieri, ed è ovvio in questo discorso che se c’è una questione di public interest il diritto o meno di privativa sui propri fatti indifferenti viene meno, per cui questi fat(1) Università degli Studi di Torino - Italia 234 Da costo a risorsa - Attività produttive e protezione dei dati personali ti devono essere rilevati, onde non c’è più possibilità di uso ideologico di questi esempi per contrastare il diritto alla privacy. Cominciamo dal caso del tenore Caruso, per passare a quello degli eredi Petacci e per finire con il caso della Bnl che è stato deciso recentemente dal tribunale di Orvieto. Il caso Caruso è stato deciso dalla Corte Suprema nel ’56, laddove il tenore Caruso si lamentava perché in un film venivano rappresentati alcuni fatti della sua vita privata e famigliare: si vedeva il tenore da bambino che rompeva una brocca e il padre lo picchiava; si vedeva il padre perseguitato dai propri creditori; si vedeva il tenore che dopo i fischi meditava il suicidio sulle scogliere di Bari; si vedeva il tenore che abbracciava una donna all’epoca dei fatti libera, ma sposata all’epoca della proiezione del film. Quindi si può dire che fossero tutti fatti indifferenti, ma gli eredi Caruso si lamentavano della loro divulgazione. La Corte Suprema stabilì in una sentenza che é ancora scritta in un bellissimo italiano, anche se totalmente sbagliata, che, chi non ha saputo o voluto tenere celati i fatti della propria vita, non può pretendere che il segreto sia mantenuto dalla discrezione altrui. Ora, questa è la classica ipotesi dal punto di vista economico, in cui non si ha alcuna titolarità sui fatti, ma un loro semplice “possesso”, onde nel momento in cui perdiamo il possesso dei fatti allora questi diventano liberi e sono commercializzabili. Questa posizione è cambiata nel caso Petacci del ’63. Senza stare ora a narrarne i fatti basti ricordare che la Corte Suprema ha riconosciuto che esiste una titolarità sui fatti della propria vita privata, una titolarità ben al di là del semplice possesso, come vedremo, nel senso che se anche se ne perde il controllo, e questi vengono divulgati si può pretendere che gli altri non li divulghino ulteriormente, che è poi la posizione che è stata assunta dal legislatore. Il caso più recente del tribunale di Orvieto del 2002, che riguarda la Bnl, è particolarmente interessante per noi in quanto applicazione della legge sulla privacy. In tale caso si trattava di alcuni fogli sparsi lasciati sul davanzale di una finestra della banca, fra i quali si trovava la posizione debitoria di alcuni soggetti. Un terzo, che per caso conosce questi soggetti, rinviene tali fogli sparsi con le notizie che riguardano la loro esposizione debitoria e li avvisa. Costoro fanno azione per la violazione della loro privacy e chiedono un risarcimento di 600 mln di vecchie lire. Il tribunale riconosce la sussistenza della violazione della privacy che deve essere in questi casi tutelata, e, rispetto a tanti discorsi sofisticati che abbiamo fatto, possiamo apprezzare la dura rozzezza della realtà italiana. Giacchè, ovviamente, al di fuori dell’Italia a nessuna banca verrebbe in mente di trattare i propri clienti come le banche italiane fanno, e se mai succedesse, quella banca sarebbe penalizzata, ad esempio negli Stati Uniti con dei punitive damages che la metterebbero out of business. Peraltro, nella fattispecie i dati sull’esposizione debitoria degli attori era- Pierluigi Monateri - Prevenzione e risarcimento dei danni 235 no stati ricavati pure in modo illecito, ma erano poi stati distrattamente abbandonati sul davanzale. Il Tribunale ha stabilito un risarcimento di ora 25.000,00 euro per ciascuno degli attori a titolo di danno morale. Invero nella decisione non c’è alcun ragionamento su come si arriva a questa cifra, quindi il problema vero è ovviamente che noi non abbiamo un ragionamento su come arrivare a giustificarla. 25.000,00 euro è tanto o poco? Dal punto di vista della sanzione della Bnl è niente. Tuttavia si potrebbe forse adottare una teoria hayekiana e sostenere che una cifra, un prezzo, ci comunicano sempre molte più informazioni di quelle che sappiamo dire a parole, onde di fronte ad una cifra monetaria abbiamo delle impressioni che poi non sappiamo verbalizzare completamente, e forse dal punto di vista del danno morale italiano classico lo standard di 25.000,00 euro per il foglietto abbandonato sul davanzale rappresenta una somma adeguata, una somma che noi potremo ritenere adeguata anche se non sappiamo spiegare il perché, così come con un mero ricorso all’equità non l’ha saputo spiegare neanche il Tribunale. Ovviamente disponiamo di criteri generali sul risarcimento del danno morale, determinati dalla Cassazione, ed essi sono la densità della sofferenza subita dalla vittima, la gravità del fatto dannoso, la presenza di dolo, colpa o concorso di colpa, e addirittura la condizione economica delle parti. In particolare, in base a tale ultimo criterio, si potrebbe addirittura giungere a dei danni potenzialmente punitivi, giacchè se la parte che ha cagionato la violazione della privacy è molto ricca, mentre l’attore è molto povero, il criterio delle condizioni economiche delle parti, in base alla precedente sentenza della Corte di Cassazione n. 1371 del ’67, permetterebbe di arrivare ad un risarcimento che deve essere sensibile per il soggetto che ha provocato il danno. Ma veniamo ad affrontare l’economia della privacy, in quanto, dopo tutto, la liability cioè le regole di responsabilità civile, non sono che un riflesso giuridico di considerazioni che poi devono avere a che fare con l’economia dei beni che tuteliamo. Orbene in vari discorsi americani, e nella stessa voce privacy che Posner ha redatto per il dizionario Palmgrave di Law & Economics edito da Newman, si mette addirittura in discussione che ci possa essere una titolarità sui fatti indifferenti, dal momento che tale titolarità non sarebbe efficiente. Io credo che alla fin fine Posner abbia ragione, perché se fosse efficiente l’America tutelerebbe la privacy molto di più di quello che facciamo noi. Non ho mai visto, infatti, l’ordinamento americano sposare una teoria inefficiente. Ma ciò vuol dire che molte cose che ci vengono raccontate sul fatto che invece tutelare la privacy è efficiente, e fa bene al sistema economico, forse rientrano nei discorsi ideologici, forse sono discorsi di falsa coscienza. Però, secondo me, Posner ha torto dal punto di vista dei ragionamenti norma- 236 Da costo a risorsa - Attività produttive e protezione dei dati personali li, e cercherò di dimostrarlo molto brevemente. Naturalmente noi possiamo considerare questa risorsa, chiamata privacy come libera, o come affidata ad un titolare, poi possiamo decidere se questo titolare è chi detiene l’informazione, il consumer, ad esempio, o invece chi investe per avere quelle informazioni, quindi ad esempio l’impresa. Può la privacy essere una risorsa libera? Solo le risorse che non hanno un valore economico possono essere libere, altrimenti, se hanno un minimo di valore economico non possono essere libere, altrimenti non verrebbero allocate in modo efficiente. Ora, evidentemente, i fatti che per così dire costituiscono il dominio di una risorsa di privacy hanno un valore economico, altrimenti non verrebbero raccolti, distribuiti, e non verrebbero commercializzati. Quindi la privacy non può essere libera, onde può essere solo di colui che la detiene all’inizio, cioè il consumer, oppure può essere dell’impresa. Allora se noi diciamo che é di colui che la detiene, ovviamente avremo una allocazione normale, cioè la allocazione mediante contratto, perché se i vari soggetti privati hanno la titolarità sui fatti della loro vita, allora questa può venire allocata mediante contratto, e noi sappiamo che questo è il modo più efficiente per allocare le risorse, è il modo per raggiungere la frontiera paretiana. Però Posner non dice così, dice che in questi casi invece occorre che la risorsa sia attribuita a chi ha investito tempo, denaro e costi per procurarsi quella risorsa, ovvero è andato a procurarsi i dati di varie persone, le informazioni su di loro, le ha collezionate e quindi ha creato un bene. Questo ragionamento significa che i privati non hanno un diritto sulle informazioni che li concernono, mentre queste sono possedute legalmente dalle imprese che hanno investito per procurarsele. Tale ragionamento va benissimo, ma rappresenta la teoria del valore-lavoro. Vi è da chiedersi, allora, perché rispetto alla privacy colui che impiegato il lavoro per ottenere la risorsa se ne approria: se ciò vale per la privacy, perché non vale per tutte le risorse scarse? Se il ragionamento di Poster vale per la privacy, allora le terre debbono venire distribuite ai contadini, e i macchinari devono appartenere al proletariato. I cultori dell’economia neo-classica hanno ripetuto fino alla nausea che “nessun pasto è gratis”, e nondimeno ci vengono poi a raccontare che le informazioni sono la risorsa principale della nuova economia, e che tale bene essenziale può essere gratis per l’impresa! Dai più grandi maestri del mercato apprendiamo non c’è una cosa come un free lunch, ma scopriamo che invece esistono delle cose come le free-infos. Ciò è già di per sé buffo, ma diventa veramente paradossale se sosteniamo con- Pierluigi Monateri - Prevenzione e risarcimento dei danni 237 temporaneamente che le infos come risorsa spettano a chi ha investito lavoro per procurarsele. Questa è una allocazione marxista delle risorse che va molto bene, ma sicuramente non è la allocazione mediante il contratto di mercato. Delle due l’una: o bisogna riconoscere che il contratto non è il modo più efficiente per allocare le risorse, o si deve concludere che sul punto i maggiori economisti deviano il discorso economico per giungere ad un risultato che non è in linea con le premesse comunemente assunte della teoria economica. Se tali premesse fossero seguite si giungerebbe de plano ad affermare che esiste una titolarità sulla privacy, e che è proprio tale titolarità che assicura una sua allocazione efficiente in base al contratto, giacchè essa sola assicura che la risorsa graviti verso gli usi socialmente più vantaggiosi. In caso diverso ci dovremmo accontentare di utilizzi subottimali delle risorse connesse. Perché avviene questa deviazione dalle premesse? Cerchiamo di vederlo analizzando, per finire, il contesto strategico della privacy. Secondo me aveva ragione Gellman all’inizio quando diceva che non si può separare la politica dall’economia della privacy. Io ovviamente credo che in teoria, adottando un qualunque modello consueto, è efficiente proteggere la privacy, perché è semplicemente una questione molto rozza di calcolare quanto ciascuno di noi investirebbe per tutelarsi contro la divulgazione e l’espropriazione dei propri fatti, rispetto a quanto invece deve pagare l’impresa semplicemente per chiedere il consenso e collazionare questa informazione. Siccome in teoria i costi di autotutela di tutti i soggetti potenzialmente coinvolti sarebbero molto alti, allora è più economico tutelare la privacy. In pratica, però, questo non avviene, perché uno dei paradossi è che questo costo che i consumatori avrebbero ad autotutelarsi non viene pagato. Ovvero sebbene nei questionari i consumatori dimostrino una forte preferenza per la tutela della loro privacy, in pratica essi non sono disposti ad attivarsi per la sua tutela. Quindi in realtà il costo è teorico L’autotutela diffusa, che porta a concludere a favore della tutela della privacy, è un costo che in pratica non viene pagato, e quindi, dal punto di vista della business efficiency, risulta più conveniente abbassare ulteriormente i costi delle imprese non tutelando la privacy, e quindi esonerandole dai costi associati alla gestione dei diritti di privacy dei consumatori. La società nel suo complesso in realtà ci guadagna a non far pagare le acquisizioni di dati all’impresa, perché, ammessa la tutela della privacy, l’impresa deve effettivamente pagarne i costi associati, mentre i consumatori non pagano il loro costo di autotutela, perché in realtà non si autotutelano, quindi in realtà una società che tutela di meno la privacy affronta costi sociali complessivi inferiori. 238 Da costo a risorsa - Attività produttive e protezione dei dati personali Credo che tale differenza tra i costi fittizi dell’autotutela e i costi reali dell’impresa in regime di tutela legislativa della privacy debba venire esplicitamente assunta, e non nascosta nelle pieghe ideologiche del dibattito, mediante operazioni maldestre di stortura dei ragionamenti consueti. Veniamo così veramente al nocciolo della competizione globale tra America e Europa giacchè a me sembra evidente che, sul punto, la cittadinanza americana, una volta tanto, nel mercato globale delle idee, si pone come una cittadinanza di seconda classe. Peraltro ciò avviene in un’area strategica come quella dei diritti di cittadinanza dei consumatori, che rappresentano la vera essenza della cittadinanza globalizzata. L’atteggiamento americano rappresenta però una sfida insidiosa, poiché si tratta di una cittadinanza di seconda classe, ma più efficiente, come abbiamo dimostrato. Da un lato una race to the bottom nel campo della cittadinanza rappresenta una sicura sciagura possibile nel mondo della globalizzazione. Dall’altro lato standard troppo elevati di cittadinanza possono rendere i sistemi che li sostengono troppo deboli nel mondo della competizione globale. Ormai non è più possibile realizzare la cittadinanza in un solo paese. Ciò significa o dover rinunciare ai propri standard, o provare a farli trionfare a livello di convenzioni sovra-nazionali. In entrambi i casi la sfida sulla cittadinanza tra Europa e America è soltanto agli inizi. Pierluigi Monateri - Prevenzione e risarcimento dei danni 239 Prevention of and Remedies for Damage Piergiuseppe Monateri(1) I am going to deal with three main issues in my presentation. Firstly, I will refer to a few court decisions in order to clarify concepts that I considered to be basic, whereas I realised that they are still blurred – as shown by Professor Etzioni’s presentation yesterday – and they are probably knowingly so as regards Posner’s and other scholars’ writings. I will then deal with another issue – I will try and address privacy economics, as Mr. Gellman did yesterday, in order to highlight the flaws typically affecting economic considerations whenever privacy issues are taken into account – that is to say, how privacy-related peculiarities result into twisting economic principles to serve considerations that otherwise would not be contemplated. Finally, I will deal with privacy as a strategic factor in the globalised competition currently existing between US and Europe. Let me start from a basic consideration, i.e. from something we all should be aware of. I am going to address this from a “legalese” viewpoint, to quote Prof. Etzioni. Undoubtedly legalese is boring, however it has been developed to deal with worldly circumstances accurately. Undoubtedly legalese has been also developed to fool our neighbours, however with legalese you can fool them accurately. Let us start from the concept, therefore, that privacy protection is in no way related to personal reputation and identity – above all, it has obviously nothing to do with public interest in data disclosure to prevent commission of certain offences. Indeed, privacy as such is minimally related to protection of one’s honour in terms of the right not to be associated with untrue, defamating events/statements. Similarly, it is different from the right to one’s image and identity, which is to be construed as a person’s right not to be associated with events and opinions that are unrelated to that person – regardless of defamation. In these cases the focus is on respect for truth, for what is fundamentally true whether or not it provides information. Conversely, privacy as such is related exactly to monopoly over facts and circumstances of one’s own life regardless of whether they may be defamating; it is related to the establishment of ownership rights, so to say, in respect of facts and circumstances of one’s own life, even though they may have occurred in public. Such facts and circumstances are neutral, i.e. they are considered independently of their social and/or moral effects – this is why they include one’s name and address, as well (1) Turin University - Italy 240 Da costo a risorsa - Attività produttive e protezione dei dati personali as food preferences, reading habits, and so on. Given these premises, I am going to deal with only three cases including the latest one mentioned by Mr. Buttarelli yesterday. Obviously, if public interest is at stake, the monopolistic right over one’s facts and circumstances no longer applies – therefore, the examples I will be referring to may not be used to object to privacy rights. I will start from tenor Caruso’s case, to discuss then the Petacci estate case and finally, the BNL-bank case, which was recently decided upon by Orvieto court. The Caruso case was dealt with by the Supreme Court in 1956. Mr. Caruso claimed that a film depicted certain events of his private and family life: the tenor was shown when, as a child, he broke a pitcher and was beaten by his father; then the film showed his father being harassed by creditors, and the tenor who, after being hooted, contemplated suicide on Bari sea-front rocks; the tenor was then shown embracing a woman that was not married at that time, although she was married when the film was released. Therefore, it might be argued that all these circumstances were indifferent facts, however the Caruso heirs complained against their being disclosed. In its decision – which is written splendidly in Italian, though completely wrong –, the Supreme Court ruled that whoever has been unable or unwilling to keep circumstances related to one’s own life confidential has no title to demand that others should keep those same circumstances a secret. Well, this is a typical economic view, according to which one has no ownership rights in respect of the information concerning certain circumstances – being merely “the holder” of the information. Therefore, immediately one ceases being the holder, the information becomes freely available and may be marketed. A different stance was taken in the Petacci case of 1963. Without dwelling on the relevant details, let me only point out that the Supreme Court recognised the existence of ownership rights in respect of circumstances related to one’s own private life – such rights being wider in scope than those related to possession, in that if you lose control over the information related to those circumstances, and the information is subsequently disclosed, you may demand that the others do not disclose it further – which is actually the stance taken by lawmakers. The most recent case decided upon by Orvieto court in 2002, which concerned a bank (Bnl), is especially of interest for us as it is an instance of application of the data protection act. The case had to do with some loose sheets of paper that had been left on a windowsill outside a bank agency – among which information on a few customers’ outstanding debts was included. A third party who happened to be acquainted with those customers found the misplaced sheets with the information on the customers’ debts and informed the persons concerned. The latter sued the bank on account of breach of privacy and claimed damages for a total of 600 million Liras. Pierluigi Monateri -Prevention of and Remedies for Damage 241 The court ruled that there had been breach of privacy, which should have been safeguarded. Compared with so many sophisticated considerations we have made so far, here one can appreciate the harsh, rough reality of Italy’s situation. Indeed, no bank outside Italy would ever dream of treating its customers the way Italian banks currently do; should it ever happen, that bank would be punished, for instance in the States, by the so-called punitive damages, which would place it immediately out of business. Additionally, in the case at stake the information on the plaintiffs’ outstanding debts had been collected unlawfully – to be then recklessly left out on a windowsill. The Court awarded damages for a total of 25,000 euros to each plaintiff, on account of non-pecuniary damage. It should be stressed that no reference is made in the decision to the criteria used for calculating such amount; therefore the actual issue to be addressed here consists in the fact that we do not know yet how to account for it. Are 25,000 euros a lot of money, or not? They are a trifle if regarded as punitive damages for the Bnl-bank. However, one might apply a Hayekian approach by arguing that any figure, any price do communicate much more information than what is conveyed by words – therefore, when confronted with money figures one gets an impression that cannot be fully described in words. Perhaps if one considers the amount of non-pecuniary damages typically awarded by Italian courts, 25,000 euros for having left some sheets of paper on a windowsill might be regarded as adequate compensation – even though one cannot explain why, indeed the court itself was unable to account for its decision and merely referred to fairness considerations. Of course there are general criteria applying to compensation for non-pecuniary damage – they have been set forth by the Court of Cassation and include the degree of suffering experienced by the victim, the seriousness of the damage, the presence of intention, negligence or contributory negligence and the parties’ economic status. In particular, based on the latter criterion one might actually envisage potentially punitive damages: if the party that caused the breach of my privacy is very rich, whilst I am quite poor, the criterion related to the parties’ economic status could allow awarding damages that are substantial also with regard to the defendant’s assets – pursuant to the precedent set by the Court of Cassation’s decision no. 1371/1967. Let us now address the issue of privacy economics, since – after all – liability is nothing else but the legal reflection of considerations that have to do with the economics of the goods we wish to protect. Well, in several US texts as well as in the “Privacy” page written by Prof. Posner for Palmgrave’s Law & Economics dictionary, published by Newman, the existence of ownership rights in respect of mere indifferent facts is actually questioned 242 Da costo a risorsa - Attività produttive e protezione dei dati personali – since such rights would be allegedly inefficient. I believe that Prof. Posner is right, all things considered: indeed, if the above approach were efficient, America would protect its privacy much more than we do. I have never seen an inefficient theory being supported by the US legal system. However, this means that many things that are said as to the cost-effectiveness of protecting privacy, which would be beneficial for the economic system, are actually a matter of ideological stance – perhaps they reflect a false conscience. However, in my opinion Prof. Posner is wrong if the standard line of reasoning is followed – and I am going to show it briefly. Obviously, one can regard this resource called privacy either as free or as committed to a controller; one may then decide whether the controller is he who holds the information, for instance a consumer, or maybe he who invests to get that information, for instance an entrepreneur. May privacy be a free resource? Only resources devoid of economic value may be free; otherwise, if they have a minimum economic value, they may not be free because they would not be allocated effectively. Now, it is obvious that the facts making up – so to say – the domain of a privacy resource do have some economic value – otherwise, they would not be collected, circulated and marketed. Therefore, privacy may not be free: it may only be owned either by him who held it at the beginning, i.e. the consumer, or by the entrepreneur. If privacy resources are owned by him who holds them, this means that they will be allocated in a standard manner, i.e. via a contract: if different private entities hold ownership rights in respect of the circumstances concerning their lives, then such rights may be allocated on a contractual basis – and we know that this is the most effective way for resource allocation, allowing the Paretian limit to be reached. However, this is not what Prof. Posner said. He said that in these cases it is necessary for the resource to be allocated to him who has spent his time and money to get that resource – who has obtained the data concerning several individuals: he who has collected the information concerning them and has given rise thereby to a good. Based on this line of reasoning, it can be concluded that private entities have no rights in respect of the information concerning them, which is legally owned by the companies that have invested to get that information. This is perfectly fine – only, it is exactly an instance of the work-value theory. Thus, one might wonder as regards privacy why he who has worked to get a resource should become the owner of such resource – if this applies to privacy, why should it not apply to all scarce resources? If Posner’s reasoning applies to privacy, then all land should be distributed to peasants, and machines should belong to proletarians. Pierluigi Monateri -Prevention of and Remedies for Damage 243 Supporters of neo-classical economics have been repeating ad nauseam that “there is no such thing as a free lunch” – still, they cheekily tell us that information is the main resource of the new economy, and that this fundamental good may be available for free as regards businesses! The greatest market gurus tell us that there is no such thing as a free lunch, but then we discover that there really exist free infos. This is funny in itself, however it becomes paradoxical if one maintains, at the same time, that who has invested his work to get information is entitled to own such information. This is a Marxist allocation of resources, which is perfectly fine – however, this has positively nothing to do with allocation by means of market agreements. It is either this way or that way: either we acknowledge that contracts are not the most effective means to allocate resources, or we should conclude that the greatest economists are departing from a logic line of reasoning regarding this subject matter to achieve results that are not in line with standard economic tenets. If these tenets were fully complied with, one could not but conclude that ownership rights in respect of privacy do exist; indeed, it is exactly the existence of such rights that can ensure effective allocation of the privacy resource on a contractual basis, since it is the only way to ensure that this resource is made to serve the socially most beneficial purposes. Otherwise, one should put up with less than optimal uses of the relevant resources. Why should one deviate from those tenets? Let us try to understand it by analysing, in the end, the strategic context of privacy. In my opinion, Mr. Gellman was right when he said that privacy policies should not be kept separate from privacy economics. Obviously I think that, theoretically, protecting privacy by means of any of the conventional models is effective – it is quite simply a matter of calculating how much each of us would invest to protect himself against disclosure and dispossession of one’s own facts as compared with what a business is required to pay in order to simply request a person’s consent and collect the relevant information. Given that the self-protection costs to be incurred by all the entities potentially concerned would be quite high, it is more cost-effective to protect privacy. However, this is not what actually occurs. One of the main paradoxes consists in the fact that the costs consumers would have incurred to protect themselves are not paid. That is to say, even though consumers do appear to markedly prefer privacy protection based on the questionnaires they are requested to fill in, in fact they are not ready to take any steps to ensure such protection. Therefore, the costs theoretically related to widespread self-protection, which would lead one to conclude 244 Da costo a risorsa - Attività produttive e protezione dei dati personali that it is better to protect privacy, are actually costs that go unpaid – therefore, in terms of business efficiency, it is more cost-effective to further reduce business costs by not protecting privacy, i.e. by exempting businesses from the costs related to managing consumers’ privacy rights. Indeed, society as a whole does profit from failing to require that businesses should pay for acquiring information. Having recognised the need to protect privacy, a company will have to actually pay the costs this entails – whereas consumers do not pay their self-protection costs, since they actually do not protect themselves. Therefore, in a society where privacy is less protected overall social costs are actually lower. I believe that this difference between fictitious self-protection costs and real costs incurred by businesses whenever privacy is protected by law should be taken into account explicitly rather than remain hidden in the ideological folds of this discussion because of the awkward attempt at twisting standard reasoning patterns. If we acknowledge this difference explicitly, we come to grips with the core of the global competition between America and Europe. Indeed, it is quite evident to me that, for once, American citizenship in the global marketplace of ideas is to be regarded, from this viewpoint, as a second-rate citizenship. And this is occurring in a key area such as that related to consumers’ citizenship rights, which are the veritable essence of globalised citizenship. However, the American stance poses a tricky challenge: though second-rate, this citizenship is actually more efficient, as we have already shown. On the one hand, a race to the bottom in respect of citizenship is undoubtedly a possible evil in the globalised world; on the other hand, too high a citizenship standard may weaken the systems supporting such standard in the globalised competition race. It is no longer possible to limit citizenship to a single country – which entails either waiving one’s own standards, or attempting to impose them via supranational conventions. In both cases the citizenship challenge between Europe and America has just begun. Pierluigi Monateri -Prevention of and Remedies for Damage 245 Analisi economica del diritto alla riservatezza Marco Maglio (1) Sommario: 1. Quanto vale la privacy? – 2. I rapporti tra analisi economica del diritto e riservatezza – 3. La classificazione dei costi della privacy - 4. Il nodo della clausola del bilanciamento di interessi – 5. L’efficienza delle regole di data protection – 6. La ricerca del consenso dell’interessato – 7. Possibili interventi per favorire l’efficacia della tutela – 8. Il rischio intrinseco nell’analisi economica – 9. Le opportunità dell’analisi economica del diritto: la trasformazione della privacy da costo statico ad investimento dinamico – 10. La nobile e mobile frontiera della privacy 1. Quanto vale la Privacy? Quanto vale la privacy? Mi rendo conto: questa è una domanda provocatoria, che contiene in sé alcuni elementi di forte ambiguità. Eppure siamo abituati a misurare ogni cosa e a privilegiare quello che riteniamo di grande valore. “Ogni cosa ha un prezzo”, si sente dire spesso con un po’ di cinismo e la vita quotidiana ci offre frequenti dimostrazioni che confermano la tendenza ad una pericolosa sovrapposizione tra valori etici e valori economici. Per fortuna il diritto alla riservatezza mal sopporta questo genere di confusioni: è un presupposto della nostra libertà – ormai credo sia chiaro a tutti - e, in quanto tale, il suo valore è inestimabile. Forse per questo motivo, quando si parla di riservatezza sono frequenti le discussioni sui limiti da assegnare alla privacy, sui sistemi per tutelarla e per sanzionarne le violazioni mentre ogni valutazione che attenga al valore (stavo per dire al “prezzo”) da attribuire a questo diritto non ci sembra rilevante, e per certi versi ci inquieta. Non possiamo però ignorare che anche la nostra riservatezza si inserisce in un contesto sociale fittamente attraversato da flussi economici e la mia domanda iniziale voleva invitare a questa considerazione, con un pizzico di sano realismo. In effetti, come diceva un personaggio shakespeariano, l’origine delle cose ne condiziona il destino: se questo è vero non deve sorprendere che la radice etica della privacy abbia portato a sviluppare la riservatezza come un rigido complesso di norme di comportamento, utilizzando le forme ed i metodi della scienza giuridica. Coerentemente con questo approccio, nella storia secolare della privacy, finora ci si è preoccupati di fissare dei principi generali, di tradurli in regole giuridiche formalizzate e di stabilire meccanismi e procedure attraverso le quali tutelare questo di(1) Università degli studi di Parma - Italia 246 Da costo a risorsa - Attività produttive e protezione dei dati personali ritto, che è anche un profondo e diffuso valore sociale. L’immediata conseguenza di questa impostazione è che la discussione prevalente in materia di privacy si anima attorno alla ricerca in astratto dell’equilibrio tra diritti e doveri, tra obblighi e sanzioni. Vorrei però cimentarmi con un esercizio di saggezza pratica, che credo sia una delle aspirazioni cui deve tendere l’attività del giurista, e provo con una semplificazione estrema a ridurre alla radice l’essenza del meccanismo giuridico sul quale si basa la protezione dei dati personali. Da questa semplificazione emerge che questa tutela si traduce in un fatto preciso: nella facoltà individuale di scegliere quale ambito di circolazione attribuire alle proprie informazioni personali. Esercitando questo potere di scelta ognuno di noi, come è stato autorevolmente osservato, è chiamato ad essere garante di se stesso. La definizione del livello di privacy nasce da una scelta essenzialmente individuale, pur con tutte le eccezioni e le garanzie autoritative previste dall’ordinamento. Certo è eccessivo parlare a questo riguardo di “autonomia privata”, come si usa fare nel diritto dei contratti, ma è chiaro che le decisioni in materia di privacy passano attraverso valutazioni individuali. Cosa succede nella pratica? Mi sarei aspettato che il buon senso comune sollecitasse la curiosità di analizzare in che modo queste scelte individuali vengono esercitate in concreto. Ma probabilmente aveva ragione Cartesio quando affermava con ironia che “il buon senso è la cosa del mondo meglio distribuita: infatti perfino coloro che nelle altre cose difficilmente si accontentano, non ne desiderano più di quel che ne hanno”. Così mi sembra che la purezza della teoria abbia finora evitato contaminazioni con le esigenze della ragion pratica, anche se il buon senso avrebbe suggerito una maggior attenzione ai comportamenti effettivi dei destinatari delle norme. Si conferma la classica contrapposizione che la tradizione giuridica anglosassone descrive bene con la formula: law in the books vs. law in action. Ma resta la questione di fondo: dato che la privacy si lega inscindibilmente ad una scelta individuale, secondo quali criteri queste scelte individuali vengono effettuate? E quali conseguenze producono queste scelte individuali rispetto al benessere complessivo della società? In altri termini: quali benefici e quali sacrifici comporta, per l’individuo e per la collettività, riconoscere e proteggere la riservatezza individuale? Per dare una risposta a queste domande l’approccio giuridico tradizionale da solo non mi sembra sufficiente per cogliere la complessità del problema. Va integrato con una ricostruzione che esamini se le regole esistenti siano in grado di indirizzare le scelte individuali verso la massimizzazione del benessere collettivo e sappiano quindi incentivare i comportamenti efficienti, tanto da parte di coloro ai quali i dati personali si riferiscono, quanto da parte dei soggetti che trattano tali informazioni. Questa prospettiva credo possa essere utilmente esplorata con gli strumenti classici dell’analisi economica del diritto. Marco Maglio - Analisi economica del diritto alla riservatezza 247 Certamente non vanno trascurati, per una corretta ricostruzione dei meccanismi di scelta individuale, anche altri elementi che esulano da valutazioni di carattere esclusivamente economico. Non va ad esempio dimenticato che il meccanismo del consenso per la tutela dei dati personali è chiamato ad operare in quella che la moderna sociologia qualifica come “società orizzontale”, fortemente influenzata dal consumismo nei suoi miti e nelle sue strutture. Il consumo è oggi un linguaggio sociale, qualcosa che tende ad aumentare i desideri degli individui piuttosto che a soddisfarli. Nel mondo contemporaneo si assiste ad una dematerializzazione della realtà e l’attenzione dell’uomo è distolta dal mondo naturale e concentrata sulla televisione, sul mondo della comunicazione che è diventato un valore assoluto, un obiettivo in sé. Credo che sarebbe ingenuo pensare che tutto questo non abbia conseguenze sull’utilizzo dello strumento del consenso da parte di ognuno di noi e sulle scelte che esso ci impone di compiere. Anche le valutazioni psicologiche che orientano le scelte individuali vanno accuratamente tenute presenti e mi piace segnalare l’esperienza di Daniel Kanheman e John Cole premiati proprio in questi giorni con il Premio Nobel per l’Economia. La lezione di questi due studiosi è anzitutto di carattere metodologico e riguarda il ruolo dell’osservazione empirica nello sviluppo delle scienze umane: aiutarci a capire che componenti irrazionali influenzano le nostre decisioni e tenerne conto quando si elaborano modelli astratti che descrivono i comportamenti individuali. Sociologia e psicologia hanno quindi il loro peso nell’esame dei meccanismi che portano alle scelte individuali. Ma certamente la prospettiva introdotta dall’analisi economica del diritto alla riservatezza è stata finora trascurata rispetto ad un tema che invece sollecita un interesse sempre crescente, non solo sul piano dei diritti rivendicati, ma anche su quello delle conseguenze subite dalla libera iniziativa economica. Peraltro va messo in evidenza, come ricordavo in apertura, che questa sovrapposizione di valutazioni economiche rispetto a un valore sociale e culturale come la privacy rappresenta una provocazione in re ipsa: lo osservava, già vent’anni fa, chi si è occupato di questo stesso tema. 2. I rapporti tra analisi economica del diritto e riservatezza Infatti il contributo dell’analisi economica del diritto alle teorie dei diritti della personalità è stato limitato e solitamente accompagnato dal sospetto di essere o dissacrante o inutile. La privacy ha attirato occasionalmente l’interesse degli economisti a partire dalla fine degli anni Settanta; risalgono a quegli anni alcuni lavori di Richard Posner e un convegno su The Law and Economics of Privacy(2). Anche in Italia l’eco di questi (2) Gli atti del convegno, coordinato dal Center for the Study of the Economics and the State dell’università di Chicago, sono stati pubblicati nel 1980, in un fascicolo monografico del Journal of Legal Studies. 248 Da costo a risorsa - Attività produttive e protezione dei dati personali dibattiti d’oltreoceano ha lasciato traccia in un seminario sul diritto all’identità personale promosso nel 1981 dal Centro di Iniziativa Giuridica Piero Calamandrei. Posner, dal quale non si può prescindere per capire come siano nati i rapporti tra Economics and Privacy, considera la riservatezza non come un bene o valore in sé, ma piuttosto come un bene o un valore intermedio, strumentale rispetto alla produzione di reddito, e più in generale di benessere. Dopo questa premessa, Posner esamina la nozione di privacy sotto quattro profili: seclusion, innovation, confidentiality of communication, concealment of personal facts(3). Complessivamente da quest’analisi emerge un quadro della privacy ricco di ombre e di sfumature negative. Probabilmente questo ha contribuito a relegare l’analisi economica della privacy nello scaffale delle questioni fastidiose. Credo che a distanza di vent’anni questo diritto abbia invece dimostrato una ben diversa valenza positiva rispetto alle previsioni provocatorie di Posner. A distanza di oltre vent’anni da quel tentativo, credo sia possibile un diverso utilizzo degli strumenti economici in particolare perché essi possono aiutare a guardare alle conseguenze delle regole. In quest’ottica le scelte operate dai giuristi non vengono negate, ma sono valutate ed indirizzate in base a criteri di efficienza. Utilizzando gli strumenti economici, in particolare quelli dell’analisi costi/benefici e dell’allocazione delle risorse secondo criteri di efficienza, le regole acquistano una giustificazione legata all’efficacia con cui tutelano i valori in base ai quali sono state formulate. Proprio sul terreno delle scelte individuali, che sono il cuore del sistema di protezione dei dati personali, si colloca il punto di convergenza dell’analisi giuridica e di quella economica: le regole di protezione dei dati personali, ricostruite con i metodi dell’analisi economica del diritto, si traducono in un meccanismo attraverso il quale ogni singolo soggetto determina quale livello di riservatezza deve essere attribuito alle informazioni che lo riguardano, e quindi come esse debbano venire distribuite (gli (3) In particolare la seclusion è la volontà di ridurre le relazioni sociali, il che da un punto di vista economico è segno di egoismo: se le transazioni economiche creano utilità per i terzi (ciò che la scienza economica definisce surplus del consumatore), lo stesso può valere anche per le relazioni umane che stanno fuori dal mercato, in ogni caso chi si ritira dal mondo riduce il proprio contributo al benessere della società. Nel discorso di Posner la privacy acquista al contrario una valenza positiva quando diventa strumentale per lo svolgimento di un lavoro intellettuale, ad esempio come segreto professionale; oppure se contribuisce a proteggere le innovazioni tecnologiche: infatti, in questo caso specifico, se l’informazione diviene di pubblico dominio, essa perde in tutto o in parte il suo valore economico; pertanto, per incoraggiare la ricerca e l’innovazione è essenziale garantire all’inventore il segreto, oppure i cosiddetti diritti di privativa. Inoltre, un certo grado di confidentiality può essere economicamente giustificato al fine di garantire la segretezza delle comunicazioni e della corrispondenza. Posner esamina infine il controllo da parte dell’individuo sulle informazioni che lo riguardano definendo questa ipotesi concealment of personal facts. L’interesse ad evitare la circolazione di notizie personali come ad esempio precedenti penali, o una condotta morale difforme dagli standard comuni, è strettamente connesso al desiderio di diffondere di sé un’immagine positiva, che permetta di instaurare relazioni sociali (rapporti di amicizia, legami affettivi, rapporti di lavoro) a condizioni favorevoli: l’individuo si “vende” sul mercato delle relazioni sociali allo stesso modo in cui un produttore vende i suoi prodotti, ed è portato quindi ad evidenziare le proprie qualità e ad occultare i difetti; d’altro canto, ed esattamente per gli stessi motivi, anche i terzi possono avere un interesse apprezzabile a conoscere informazioni personali sulle persone con cui vengono a contatto a vario titolo. Marco Maglio - Analisi economica del diritto alla riservatezza 249 economisti parlerebbero, in questo senso, di allocazione di una risorsa scarsa). Per condurre questa analisi, centrata sulle scelte invidiali, credo sia utile partire da un esame dei costi che tutti i soggetti (tanto il singolo quanto la collettività) sono chiamati a sostenere per adeguarsi al meccanismo di tutela previsto dalla normativa di data protection. Infatti, i costi, che la scienza economica qualifica come la spesa necessaria per ottenere qualcosa, sono una delle variabili dalle quali dipendono tali scelte. 3. La classificazione dei costi della privacy Per poter muoversi in questo contesto credo sia importante formulare alcune valutazioni generali sulla natura dei costi legati alla tutela della riservatezza. In senso generale pongo in evidenza due considerazioni: A) La prima è di carattere pregiudiziale: i criteri di calcolo di tali sacrifici individuali sono tutt’altro che univoci e caratterizzati da una forte ambiguità soggettiva. A tale proposito credo sia sufficiente accennare al dibattito apertosi nel corso del 2001 negli Stati Uniti sulla valutazione dei costi legati all’approvazione di una legislazione in materia di privacy nei sistemi di commercio elettronico e in Internet. Le cifre indicate dai vari partecipanti alla discussione variavano da 1 a 36 miliardi di dollari, a seconda delle variabili esaminate da chi proponeva questi calcoli. Le polemiche legate a queste ricostruzioni hanno lasciato traccia in Internet ma non hanno contribuito a far chiarezza su una questione essenziale. Credo che, alla luce di questa esperienza, sia fondamentale individuare un metodo attraverso il quale calcolare univocamente i costi della privacy, per poterli correttamente valutare nel quadro delle scelte individuali. Ma per potersi cimentare in questa operazione non mi sembra si possa prescindere da una classificazione dei costi in base a criteri oggettivi. B) Da questo deriva la seconda considerazione che ha carattere sostanziale ed è legata appunto alla necessità di distinguere tra loro i costi della privacy. Mi cimento con questo tentativo di classificazione e provo ad individuare le categorie di costi in relazione a tre specifici criteri: 1) i soggetti che sopportano tali costi 2) il tempo in relazione al quale sono sostenuti tali costi 3) gli effetti derivanti dai costi 1) Dal punto di vista soggettivo possiamo parlare di: - costi individuali: sono i costi sostenuti tanto dall’interessato per esercitare i suoi diritti di riservatezza, quanto dal titolare per adeguarsi alla protezione dei dati personali; - costi sociali: sono i costi che la collettività sopporta per garantire il rispetto della riservatezza individuale. In questo contesto rientrano i costi di or- 250 Da costo a risorsa - Attività produttive e protezione dei dati personali ganizzazione che lo Stato sostiene per rispondere alla domanda di privacy dei cittadini. 2) Dal punto di vista cronologico va osservato che i costi possono essere - preventivi o di prevenzione: per evitare che si verifichino violazioni della privacy; - successivi o di correzione: per porre rimedio a violazioni che si siano già verificate; Può essere utile qualche approfondimento, soprattutto dal punto di vista dei titolari del trattamento che dispongano di organizzazioni complesse. Se consideriamo i costi preventivi necessari per garantire a questi soggetti il rispetto delle normative in materia di privacy vanno indicati essenzialmente: - L’inserimerimento di risorse umane da destinare alla gestione delle procedure in materia di privacy - Lo sviluppo e l’aggiornamento della procedura interna in materia di privacy - La formazione e l’aggiornamento del personale - Il controllo e l’audit delle attività di gestione della privacy - L’adozione di strumenti tecnologici ed informatici che garantiscano la protezione dei dati personali - La comunicazione interna per diffondere le privacy policies - La relazione diretta con i soggetti cui si riferiscono i dati personali trattati Se valutiamo i costi successivi al verificarsi di contestazioni derivanti dal mancato rispetto della privacy, dobbiamo distinguere a) Costi di ristrutturazione e riadeguamento dei dati alle esigenze di protezione della privacy. b) Costi derivanti dai rapporti con soggetti posti al di fuori dell’organizzazione interna con riferimento a: - Sanzioni amministrative - Risarcimenti dei danni - Riduzione del valore delle azioni della società - Danno rispetto alla reputazione pubblica dell’azienda - Riduzione della percezione del valore del marchio aziendale - Perdita potenziale di opportunità economiche Attraverso l’analisi dei costi di correzione e dei costi di prevenzione è possibile individuare l’indice di rischio che un’ organizzazione affronta rispetto al trattamento dei dati personali e l’indice di investimento che deve sostenere per ridurre adeguatamente questo rischio. 3) Dal punto di vista degli effetti derivanti dai costi distinguiamo: - costi di transazione cioè i sacrifici patrimoniali veri e propri derivanti dalla scelta effettuata Marco Maglio - Analisi economica del diritto alla riservatezza 251 - costi di opportunità ossia le rinunce che ogni soggetto è disposto a sostenere in conseguenza della propria scelta Finora il dibattito sui costi della privacy si è sviluppato tenendo come punto di riferimento esclusivo i costi di transazione, evidenziando solo l’impatto negativo nascente dall’esistenza di costi monetari. Credo che invece andrebbe valorizzata la riflessione sui costi opportunità perché sono quelli che incidono più direttamente sul meccanismo di tutela. Vale allora la pena di approfondire questo aspetto specifico. Che cos’è un costo-opportunità? È il costo della rinuncia a una possibile alternativa. Ad esempio, se stasera decidete di andare al cinema, il costo opportunità è dato dalla rinuncia a stare a casa con i propri cari (se l’alternativa a uscire è stare in casa). Il costo opportunità è pertanto rappresentato dal valore che viene dato all’alternativa migliore alla quale si rinuncia adottando un certo comportamento. Poiché individui diversi hanno alternative diverse a disposizione, sopportano anche costiopportunità diversi. Credo che sia soprattutto sul versante dei costi-opportunità che occorre condurre l’analisi per capire in che modo il meccanismo di tutela dei dati personali incida rispetto alle scelte individuali. Infatti va tenuto presente che l’interessato posto di fronte alla scelta di concedere o meno il consenso al trattamento dei dati personali, compie una valutazione dei costi-opportunità derivanti da quella decisione, comparando i benefici nascenti dalle possibili alternative. Se decide di limitare la circolazione dei suoi dati personali rinuncia all’opportunità di entrare in contatto con chi gli ha chiesto il consenso, ma in questo modo rafforza il proprio livello di riservatezza. Al contrario, se sceglie di consentire il trattamento, riduce il livello di riservatezza dei propri dati, ma aumenta le possibilità di entrare in contatto con altri soggetti. Allo stesso modo, il titolare di un trattamento che deve decidere se chiedere all’interessato il consenso per ulteriori iniziative rispetto ai suoi dati, fa una valutazione in termini di costi-opportunità. La mancata richiesta ridurrà i costi derivanti dalla gestione dei consensi ma ridurrà anche l’opportunità di entrare nuovamente in contatto con l’interessato. 4. Il nodo della clausola del bilanciamento di interessi Peraltro l’urgenza di affrontare, con certezza di metodi e di calcolo, il capitolo dei costi della privacy non è data solo da valutazioni che mirano all’efficienza del sistema. Preme la necessità di interpretare con coerenza una precisa previsione normativa, contenuta nella direttiva comunitaria del 1995, che va sotto il nome di “clausola di bilanciamento degli interessi”. 252 Da costo a risorsa - Attività produttive e protezione dei dati personali Il principio su quale si fonda questa clausola è semplice: per poter valutare la legittimità di un trattamento dei dati occorre comparare gli interessi di chi vuole utilizzare liberamente questi dati e quelli di colui al quale questi dati si riferiscono.(4) Certamente i criteri attraverso i quali valutare questo bilanciamento sono molteplici e non riguardano esclusivamente la sfera economica. Ma non credo che si possa prescindere dal riferimento ai costi (sia quelli di transazione, sia quelli di opportunità) per definire se la tutela del diritto individuale alla riservatezza comporti una sproporzione rispetto ad un diverso interesse potenzialmente in conflitto con tale diritto. Quindi, anche rispetto all’applicazione del principio di bilanciamento di interessi, la corretta valutazione dei costi e dei vantaggi comparati è essenziale per l’adeguato utilizzo di questa, che è una vera e propria clausola generale nella teoria del trattamento dei dati personali 5. L’efficienza delle regole di data protection Da queste riflessioni nasce una domanda ulteriore: quale regolamentazione giuridica della privacy va nella direzione di una migliore efficienza allocativa? Il nodo da sciogliere in relazione all’efficienza della tutela della riservatezza resta quello generato dalla necessità di armonizzare nel contesto del massimo benessere colletti(4) Da questo punto di vista, per meglio comprendere l’essenza del fenomeno, può essere utile proporre alcune riflessioni di diritto comparato che diano conto del modo in cui questa clausola è stata finora recepita ed applicata in alcuni ordinamenti giuridici omogenei. L’idea che gli interessi del titolare del trattamento dei dati e quelli della persona cui si riferiscono i dati debbano equilibrarsi nasce in Germania, nei Paesi Bassi, in Austria e in Finlandia, Paesi che per primi hanno conosciuto la clausola di Bilanciamento degli Interessi. In tutti gli Stati Membri che conoscono la clausola del Bilanciamento degli Interessi, il legislatore considera proibito il trattamento di taluni dati senza il consenso della persona interessata, e autorizza invece, senza necessità di altrui consenso, il trattamento di dati considerati generici e quindi non invasivi. Il trattamento dei dati personali, senza il consenso del diretto interessato, è vietato solo se riguarda i dati sensibili, che sono principalmente quelli specificati nell’Art. 8 della Direttiva Europea. Occorre pertanto definire quale sia l’interesse legittimo del titolare del trattamento e quello della persona cui si riferiscono i dati. Negli Stati Membri dell’Unione Europea che hanno recepito nei propri ordinamenti il Bilanciamento degli Interessi, tutti gli specifici interessi economici ragionevoli sono considerati legittimi. Ma è il titolare del trattamento a dover valutare la finalità dell’operazione. In questa analisi comparativa diventa pregiudiziale definire correttamente l’impatto economico legato alle due posizioni che si devono confrontare. Vale la pena in questo senso ricordare quanto ha affermato il Tribunale Civile Federale di Germania (Bundesgerischtshof, BGH) nel 1986: “L’espressione interesse giustificato richiede una valutazione dell’importanza e delle conseguenze che la rivelazione e l’uso dei dati personali significano per l’interessato in contrapposizione agli interessi del titolare del trattamento. Pertanto, tipo, contenuto e significato dei dati debbono essere valutati in base allo scopo per il quale essi vengono raccolti ed al costo sociale derivante dal loro mancato utilizzo. Soltanto se tale valutazione, ispirata al principio costituzionale della proporzione, non dà motivo di presumere che la conservazione dei dati per gli scopi prefissati potrebbe influire negativamente sugli interessi giustificati della persona interessata, tale conservazione dei dati è ammessa.” (BGH NJW 86, 2505) Marco Maglio - Analisi economica del diritto alla riservatezza 253 vo le scelte in materia di privacy, che sono scelte strettamente individuali. Sarebbe probabilmente utile se all’approccio giuridico, che suggerisce una valutazione puramente legata all’esercizio di un diritto soggettivo, si affiancasse anche una riflessione orientata in termini di ricerca del maggior benessere possibile, non solo nei confronti del titolare del diritto, ma anche di tutti gli altri soggetti. Da questo punto di vista il contributo dell’analisi economica del diritto, se saprà evitare osservazioni eminentemente provocatorie, potrà essere particolarmente utile per aprire nuove prospettive al dibattito che si andrà sviluppando nei prossimi anni. L’evoluzione della tecnologia e dei metodi di comunicazione commerciale tende inesorabilmente a trasformare i dati personali in merce, dotata di un valore intrinseco. L’esigenza di tutela tende quindi a crescere, ma per garantirne l’efficacia non si potrà prescindere da valutazioni che tengano conto anche della matrice economica della privacy, che si affianca a quella etica originaria. In questo senso nasce una riflessione ulteriore, in base alla quale la privacy non è più soltanto un diritto negativo, consistente nel dovere collettivo di astenersi passivamente da comportamenti lesivi della riservatezza. Essa invece assume le connotazioni tipiche del diritto civico(5) ed è una pretesa giuridicamente tutelata di prestazioni (di facere e di non facere, secondo il linguaggio dei giuristi) poste a carico della collettività. In questa nuova prospettiva i costi della data protection, sia pubblici che privati, sono destinati inevitabilmente a salire. Questo peraltro è un elemento che fa parte della fisiologia di un sistema efficiente e induce a guardare verso il futuro con questa consapevolezza: i diritti, intesi come posizioni giuridicamente protette, esistono non solo nella misura in cui un determinato ordinamento decide di riconoscerli e tutelarli, ma dipendono anche dalle risorse che la società è disposta a destinare a tale scopo. 6. La ricerca del consenso dell’interessato In termini economici mi sembra non si possa ignorare che il meccanismo di funzionamento della privacy è condizionato dalla comparazione tra i costi-opportunità dell’interessato e quelli del titolare del trattamento. Se il vantaggio del titolare del trattamento derivante dal rispetto delle norme di data protection si somma a quello dell’interessato si verifica un riequilibrio del sistema in cui l’aumento del livello di privacy non dipende più solo dalla scelta dell’interessato e dall’investimento di risorse da parte dell’Autorità, ma viene sollecitato dallo stesso titolare. Il risultato è che si attenuerà la pressione che viene esercitata sull’interessato per ottenere il suo consenso al trattamento dei suoi dati. Infatti, da questo punto di vista va tenuto presente che i meccanismi sempre (5) Secondo le categorie classiche di Jellinek 254 Da costo a risorsa - Attività produttive e protezione dei dati personali più raffinati che permettono di trasformare gli estranei in amici e gli amici in clienti (come vuole lo slogan di successo, usato da Seth Godin, il creatore del permission marketing), non sono un elemento rassicurante. Il singolo fa una valutazione essenzialmente egoistica rispetto alle conseguenze sociali che produrrà la sua scelta in materia di privacy. Oltre a questo, credo sia ingenuo proporre una naturale convergenza tra i sostenitori della privacy ed i sostenitori del permission marketing. Le cose non stanno in questi termini: emerge al contrario una pericolosa tendenza alla mercificazione del consenso che rischia di compromettere l’effettiva tutela della privacy ed il futuro sviluppo del mercato della comunicazione interattiva. Chi raccoglie dati personali per finalità commerciali è portato a spingere alle estreme conseguenze, in modo spesso sotterraneo e con sottili strategie psicologiche, il principio della centralità del consenso individuale, come strumento per la definizione del livello di privacy e per l’esercizio del conseguente diritto di autodeterminazione informativa. Il consenso, così svilito, può diventare merce di scambio (secondo un meccanismo che, banalizzando, si esprime in questi termini: “se mi dai il consenso all’uso dei tuoi dati personali, ti faccio partecipare ad un concorso a premi o ti regalo un gadget”), ed in questa sua mercificazione rischia di perdere il ruolo di garanzia, che pure i meccanismi di protezione della data protection gli attribuiscono. Questo è un indubbio pericolo, che avevano già colto, circa trent’anni fa i primi commentatori delle allora neonate teorie sulla data protection in Europa: il consenso da solo non basta per garantire effettivamente la tutela piena della riservatezza. La legge italiana contiene significative tracce di questa impostazione. Pensiamo ad esempio al regime che caratterizza la gestione dei dati sensibili, per i quali, al consenso scritto dell’interessato, si deve affiancare l’autorizzazione del Garante per la protezione dei dati personali. E la stessa funzione del Garante, che ha meritoriamente sollecitato ed organizzato questo Convegno, non è semplicemente quella che, secondo una formula statunitense che trovo particolarmente felice, definirei di sporting theory della giustizia. Il Garante non è solo un arbitro che verifica che i contendenti in gioco rispettino le regole fissate dal legislatore. Egli ha, per espressa previsione normativa, un ruolo attivo di promozione della legge, di indagine e di prevenzione di possibili violazioni. Riportando queste considerazioni sul piano normativo credo che occorra affrontare la vera questione di fondo: l’individuazione di meccanismi che aumentino l’interesse ad assumere comportamenti privacy oriented da parte di tutti. Il presupposto di questo ragionamento è che la privacy è un valore trasversale la cui affermazione porta benefici condivisi che riguardano tanto i singoli quanto la collettività, tanto i cittadini quanto le imprese ed i soggetti pubblici, e in senso lato la persona intesa sia come individuo sia come soggetto sociale. Il problema centrale quindi è quello di verificare se sia possibile riequilibrare il Marco Maglio - Analisi economica del diritto alla riservatezza 255 meccanismo di tutela alleggerendo la pressione che oggi inevitabilmente grava sull’interessato. 7. Possibili interventi per favorire l’efficacia della tutela Attraverso quali leve può essere raggiunto questo risultato? Ne indico alcune, senza pretese di completezza ma solo per sollecitare un dibattito aperto su questo argomento: 1) Prevenzione: gli abusi nel trattamento dei dati personali spesso avvengono all’insaputa dell’interessato. I cosiddetti trattamenti occulti vanificano il ruolo di controllo del consenso. Va quindi rafforzata l’attività di prevenzione di queste violazioni 2) Controllo: il ruolo di controllo dell’Autorità Indipendente può permettere di attenuare e regolamentare la pressione che viene esercitata dai titolari del trattamento sul singolo interessato per ottenere il suo consenso all’uso dei dati. 3) Sanzioni: l’applicazione di sanzioni pecuniarie e di rimedi risarcitori e punitivi potrà indurre i titolari del trattamento a formulare più prudentemente le loro valutazioni circa i vantaggi comparati derivanti dalla violazione delle norme poste a tutela della riservatezza. 4) Bilanciamento degli interessi: una corretta applicazione della clausola del bilanciamento degli interessi potrà attenuare la pressione esercitata sull’interessato per convincerlo a concedere il consenso (o per carpirlo a sua insaputa, come pure talvolta avviene). 5) Incentivi: l’individuazione di profili premiali che incrementino i vantaggi dei titolari del trattamento, collegati al rispetto delle regole, può indurre una maggiore propensione al rispetto della riservatezza anche da parte dei titolari stessi. Non so se sia vero l’assunto di fondo di un bel libro di Stephen Holmes e Cass Sunstein – “Il costo dei diritti” – in base al quale la libertà dipende dalle tasse, ma probabilmente la leva fiscale, mediante sgravi, deduzioni e detrazioni di imposta, può essere di aiuto per incentivare il rispetto della privacy altrui e disincentivare le violazioni. Lo stesso discorso vale per la semplificazione degli adempimenti amministrativi legati alla protezione dei dati che si potrebbe concedere, in senso premiale, solo ai titolari di trattamento che si adeguano a standard elevati di riservatezza. Anche strumenti di certificazione che dichiarino pubblicamente il rispetto delle procedure di privacy sono uno strumento dal forte contenuto incentivante, che le imprese in particolare potrebbero usare per elevare il loro rapporto di fiducia con il consumatore. Ma prima di affrontare il tema degli strumenti di tutela del diritto, al quale 256 Da costo a risorsa - Attività produttive e protezione dei dati personali siamo giunti con questa riflessione, sarà importante comprendere in che modo si realizza la dinamica dei dati personali all’interno di un sistema economico. Si tratterà di fare valutazioni essenzialmente legate alla microeconomia, utilizzandone schemi e criteri. Seguendo la tradizionale impostazione dell’analisi microeconomica (che è appunto lo studio dell’allocazione di risorse scarse rispetto a scelte alternative) è possibile analizzare le dinamiche generate dalla tutela dei dati personali attraverso cinque aspetti: 1. come vengono effettuate le scelte del consumatore rispetto alla domanda di privacy (e quindi come un consumatore tipo, vincolato da un reddito determinato, scelga tra i diversi livelli di privacy messi a sua disposizione); 2. come vengono operate le scelte in materia di privacy dalle società e imprese commerciali (in quest’ottica si potrà descrivere come l’impresa decida a quale livello di privacy sia accettabile adeguarsi, che investimenti sostenere per garantire la riservatezza dei clienti e quanto spendere per ottenere il loro consenso al trattamento dei dati); 3. come interagiscono tra loro imprese e consumatori (combinando la teoria del consumatore e dell’impresa si possono analizzare le decisioni degli uni e delle altre verificando se siano coordinate attraverso il movimento dei prezzi di mercato, nell’individuazione del punto di equilibrio e quale sia quindi il livello di privacy accettabile in un mercato efficiente); 4. come si strutturano l’offerta e la domanda di privacy nel processo produttivo (analizzando come incidono domanda ed offerta nell’ambito dei fattori di produzione: lavoro, capitale e capacità imprenditoriale); 5. come si organizzano i mercati e come possono raggiungere l’efficienza nell’allocazione delle scelte dei soggetti economici in materia di privacy. Certamente questo apre nuove prospettive di analisi, che dovrà essere condotta con grande rigore scientifico e con la capacità di valorizzare i risultati conseguiti finora dalla ricerca giuridica. 8. Il rischio intrinseco nell’analisi economica Peraltro va messo chiaramente in evidenza un rischio: la sovrapposizione di valutazioni di carattere economico rispetto ad un diritto fondamentale come la privacy si presta a fraintendimenti e confusioni che è necessario scongiurare. Ma credo che non sarebbe corretto ignorare questa prospettiva di analisi alla quale siamo chiamati dallo sviluppo del sistema sociale e tecnologico entro il quale avviene il flusso dei dati personali. Mi sembra anzi che questa sia una sfida alla quale non possiamo sottrarci. An- Marco Maglio - Analisi economica del diritto alla riservatezza 257 che a costo di affrontare passaggi rischiosi o complessi. Certamente non va ignorato che su questo tema si affolleranno nei prossimi anni gli interventi di quelli che Yves Dezalay ha definito, con straordinaria efficacia, i mercanti del diritto. Esistono autentiche multinazionali del diritto che intervengono per la ristrutturazione dell’ordine giuridico internazionale, perseguendo interessi particolari che nulla hanno a che spartire con la tutela dei principi generali, determinati attraverso le regole democratiche. La privacy è un piatto troppo ricco perché su questo argomento non si esercitino le pressioni della cosiddetta business community. Con l’orgoglio del giurista, non credo che un argomento così trasversale possa essere definito esclusivamente attraverso considerazioni legate alla relazione tra costi e benefici. Penso tuttavia che la scienza giuridica non è mai solo forma e non si esaurisce nella definizione di diritti e di doveri. E sono convinto che i veri problemi che il giurista è chiamato ad affrontare e risolvere sono, intimamente, questioni che attengono alla coscienza sociale. Per raggiungere questo scopo occorre valutare anche l’impatto economico che le regole determinano, ed esaminare con rigore il grado di efficienza delle norme nel perseguimento dell’interesse generale. 9. Le opportunità dell’analisi economica del diritto: la trasformazione della privacy da costo statico ad investimento dinamico L’accostamento tra categorie giuridiche ed economiche non presuppone però l’adesione alle posizioni di quanti, soprattutto oltreoceano, affermano che le regole giuridiche si evolvono necessariamente verso soluzioni efficienti. Il ricorso agli strumenti analitici della microeconomia serve invece ad individuare gli incentivi e i vincoli che condizionano i comportamenti dei privati. E una maggiore consapevolezza della logica economica sottesa a quelle condotte, quindi, è in grado di offrire un notevole contributo all’interpretazione e all’eventuale adeguamento delle regole. C’è poi un’ulteriore considerazione da fare rispetto all’evoluzione del nuovo mercato globale. La pluralità di regole e le differenze di approccio rispetto ai temi della circolazione dei dati personali rischia di generare la stessa confusione ed incomprensione di linguaggi che, secondo la leggenda, caratterizzava il mondo di Babele. Recuperare i dati economici della discussione può favorire l’affermazione di un linguaggio condiviso, principalmente ma non solo, tra le due sponde dell’Atlantico e porre le basi per un approccio più consapevole di entrambi i punti di vista. L’auspicio è quello di far emergere una crescente “attenzione incrociata” – come sono abituati a dire i comparatisti – basata sul reciproco rispetto, tra le posizioni che emergono nelle varie aree continentali. Credo che senza questa riflessione la strada per raggiungere la globalizzazione delle garanzie in materia di privacy, vero obiettivo di questo processo, sarebbe più difficile. 258 Da costo a risorsa - Attività produttive e protezione dei dati personali Non vedo all’orizzonte una prospettiva di deregulation per la privacy ma sono certo che non mancheranno coloro che, anche utilizzando strumentalmente l’analisi economica, invocheranno l’esigenza di liberare il mondo imprenditoriale da quelli che un luogo comune del lessico contemporaneo qualifica “lacci e lacciuoli”, con immagine volutamente polverosa. E non mancheranno neanche coloro che, per dar spazio alle esigenze dell’economia, invocheranno di fare a meno delle regole e delle ragioni del diritto. Invito a diffidare di questi richiami alla liberalizzazione. Questo è un pericolo che va denunciato a chiare lettere e proprio per scongiurarlo credo sia essenziale che l’analisi economica del diritto faccia chiarezza nel futuro dibattito sulla riservatezza e offra il suo contributo a questo settore della ricerca giuridica. Occorre quindi che anche in quest’analisi economica del diritto alla riservatezza, i fondamenti giuridici sui quali poggia la privacy vengano mantenuti e difesi. L’obiettivo è quello di configurare una visione armoniosa della privacy che possa trasformarsi da costo statico a investimento dinamico, per incentivare la crescita di valore delle risorse e favorire lo sviluppo economico generale: una privacy ben temperata, se così posso dire. 10. La nobile e mobile frontiera della privacy Si delinea così anche per la privacy un fenomeno evolutivo che ha caratterizzato lo sviluppo della teoria generale della responsabilità civile e che ormai appartiene al lessico dei giuristi italiani: la nobile frontiera della privacy, nobile perché riguarda un diritto fondamentale, avanza a causa dell’evoluzione della tecnologia e della società, diventando quindi una mobile frontiera in costante spostamento. Siamo chiamati a inseguire la privacy in questo ampliamento dei suoi confini. Per raggiungerli credo sia indispensabile evitare, da parte di tutti, arroccamenti su posizioni consolidate ed aprirsi a nuove prospettive. Per affrontare questo viaggio credo sia importante tenere conto che non è il possesso della conoscenza, della verità irrefutabile, a caratterizzare l’uomo di scienza, ma la ricerca critica persistente e inquieta della verità. Con entusiasmo e passione, ricordo sempre a me stesso quello che Karl Popper osservava, descrivendo come procede il progresso scientifico. Sulla base di quella lezione credo che anche per la privacy sia corretto dire: la ricerca non ha fine. Marco Maglio - Analisi economica del diritto alla riservatezza 259 An Economic Analysis of the Right to Privacy Marco Maglio (1) Contents: 1. How much is privacy worth? - 2. Relations between the economic analysis of law and privacy – 3. Privacy cost classification – 4. The issue of the interest balance provision – 5. The efficiency of data protection rules – 6. The pursuit of the data subject’s consensus – 7. Possible actions for more effective protection – 8. The intrinsic risk of economic analysis - 9. The opportunities offered by the economic analysis of the right to privacy: changing privacy from a static cost to a dynamic investment - 10. The noble and mobile frontier of privacy 1. How much is privacy worth? How much is privacy worth? I realize that this is a provocative question, which implies strong ambiguity. However we use to measure everything and to prefer what we attach a greater value to. “Everything has a price” is an often quoted, somewhat cynical slogan and daily life frequently confirms a trend towards a dangerous overlap of ethical and economic values. Luckily, the right to privacy is not too prone to this kind of confusion: it is a prerequisite for our freedom– I think this is clear enough to everybody by now – and, as such, invaluable. This is probably why, when talking about privacy, arguments often start on the limits privacy should have, as well as on the systems to protect it and to punish breaches, while any estimated value (I was about to say “price”) attributable to this right seems irrelevant - and disquieting to some extent. It may not be ignored, however, that privacy falls within a social context that is pervaded with economic flows, and the opening question is aimed at stimulating this thinking, with a bit of healthy realism. Indeed, as one of Shakespeare’s characters said, the origin of things conditions their destiny: if this is true, it should not be surprising that the ethical foundation of privacy has resulted into seeing this concept as a rigid set of behavioural rules, using the forms and methods of juridical science. Consistent with this approach, in the centuries’ long history of privacy, the main concern has been so far to set general principles, to translate these into formal legal rules, and to establish mechanisms and practices to protect this right, which is also a deep and widespread social value. As an early result of this process, the main (1) Parma University - Italy 260 Da costo a risorsa - Attività produttive e protezione dei dati personali discussion on privacy focuses on an abstract pursuit of the balance between rights and duties, between obligations and penalties. However, I would like to exercise some practical wisdom, which is probably something a lawyer’s activity should aim at, and try, very simply, to get down to the basic root of the juridical mechanism personal data protection is based on. This simple approach shows how such protection translates into a precise fact, namely the individual opportunity to choose the extent to which one’s personal data may circulate. By exercising this power of choice, each of us, as observed by outstanding authors, is asked to be “his/her own guarantor”. The definition of the privacy level results from a basically individual choice, even considering all the exceptions and authoritative guarantees provided for by the law. It is certainly an exaggeration to talk about “private autonomy” in this respect, a term used in contract law, but privacy-related decisions clearly depend on individual considerations. What happens in practice? I would have expected common sense to stimulate a wish to analyze how these individual choices are made in practice. But Descartes was probably right when he ironically stated that “common sense is the best-distributed item in the world: in fact, even those who are hardly satisfied with other things, never wish for more of it than they have.” Thus, I think that pure theory has so far prevented any contaminations with the needs dictated by reason, even if common sense would suggest greater care for the actual behaviour of the subjects of rules. This confirms the classical opposition that the juridical Anglo-Saxon tradition effectively describes as: “law in books vs. law in action.” Still the main point remains: privacy is inseparably linked to an individual choice, of which consensus is the expression. But what are the criteria on which this individual choice is based? And how does this individual choice affect the general well-being of society? In other words: what benefits and what sacrifices does it imply - for an individual and for the community - to acknowledge and protect individual privacy? An answer to these questions may not be provided using a traditional juridical approach alone, which seems unprepared to take stock of such a complicated problem. To integrate this approach, it should rather be decided whether the existing rules may direct individual choices towards a maximized general well-being, and thus promote efficient behaviours both by the data subjects and by the data controllers. I think this perspective may be usefully analyzed using the Law and Economics methods. For an appropriate review of individual-choice mechanisms, other factors should be considered that escape any mere economic assessment. It should be noted, for example, that the consensus expressed in view of personal data protection is adopted within the so called “horizontal society” – as defined by modern sociology Marco Maglio - An Economic Analysis of the Right to Privacy 261 – whose myths and structures are strongly influenced by consumerism. Consumption today is a social language, something that tends to increase, rather than satisfy individual wishes. Reality is dematerialized in today’s world, and man’s attention is diverted from nature and focused on television, on the media world, that is by now an absolute value, a goal in its own right. It would be naive to think that this has no impact on the use of the consensus instrument by each of us and on the choices that this forces us to make. Psychological assessments direct individual choices and should also be taken into account. I would like to refer to the experience of Daniel Kanheman and John Cole, Nobel Prize winners in 2002 for Economy. Their lesson is first and foremost on methods, and concerns the role of empiric observation in the development of human sciences, i.e. to help us understand that irrational factors influence our decisions, and should be taken into account when abstract models are defined to describe individual behaviours. Sociological and psychological principles definitely play a role in the review of the mechanisms by which individual choices are made. But the perspective introduced by the economic analysis of the right to privacy has certainly been neglected so far, in favour of a point that arouses, instead, growing interest in the claimed rights, as well as in the consequences produced by free economic initiatives. As stated above, however, it should be noted that these overlaps of economic assessments and such a great social and cultural value as privacy are strongly provocative as such, as observed by anyone discussing this issue as early as twenty years ago. 2. Relations between the economic analysis of law and privacy The economic analysis of law, in fact, has only contributed to theories on the rights to personality to a limited extent, usually combined with the feeling of being desecrating or useless. Since the late Seventies, privacy has occasionally been the object of the interest of economists. Some of the works by Richard Posner and a meeting on “The Law and Economics of Privacy”(2) date back to those very years. The echo of these overseas debates left its mark also in Italy, in a workshop on the right to personal identity promoted in 1981 by the Piero Calamandrei Centre for Juridical Initiative. Posner’s work is a mandatory reference to understand the origin of relations between Economics and Privacy. He considers privacy not so much as an asset or a value as such, but rather as an intermediate asset or value, instrumental to income and, more generally, to the production of well-being. After this introduction, Pos(2) The proceedings of the meeting, co-ordinated by the Center for the Study of the Economics and the State of Chicago University, were published in 1980, in a monography enclosed in the Journal of Legal Studies. 262 Da costo a risorsa - Attività produttive e protezione dei dati personali ner analyzes the notion of privacy in four respects: seclusion, innovation, confidentiality of communication, and concealment of personal facts(3). This analysis outlines privacy as something full of shadows and negative connotations. This is probably one of the reasons why the economic analysis of privacy has often been dismissed as a mere nuisance. I believe that, twenty years later, this right has demonstrated a clearly different positive value compared to Posner’s provocative predictions. Twenty years after that attempt, I feel that the economic instruments may be used differently, not least because they may help consider the consequences of the rules. This is no denying the lawyers’ choices, which are rather assessed and directed according to efficiency principles. Using the economic instruments, particularly for the cost/benefit analysis and for resource allocation according to efficiency principles, the rules are justified to the extent they effectively protect the values according to which they have been expressed. The juridical and the economic analyses converge in the domain of individual choices, which represent the core of the personal data protection system: personal data protection rules, defined according to the economic analysis of law, are translated into a mechanism by which each individual decides about the level of privacy that should be granted to his/her personal data, and therefore how the same should be disclosed (economists would define this action as the allocation of a scanty resource). This analysis, focussing on individual choices, should best start from a review of the costs that all parties (both individuals and the community) have to incur to adapt to the protection mechanism provided for by data protection rules. The costs defined by economic science as necessary to obtain something, in fact, represent one of the variables these choices are made upon. (3) Seclusion, in particular, is the wish to restrict social relations, which is a sign of selfishness from the economic viewpoint: if economic transactions result into a profit for third parties (referred to in economic science as “consumer surplus”), the same may also be true for the human relations that take place outside the market; however those that keep away from social life reduce their contribution to social well-being. In Posner’s lecture, on the other hand, privacy acquires a positive value when it becomes instrumental to the performance of an intellectual activity, for example as a professional secret; or if it helps protect technological innovation. In this case, in fact, any piece of information that becomes available to the public loses all or a part of its economic value. Therefore, in order to promote research and innovation, the inventor should be ensured the secrecy, or the so-called sole rights. In addition, confidentiality may, to some extent, be economically justified in view of ensuring the secrecy of communications and mail. Posner finally analyzes the individual’s control on his/her own data, and defines this assumption as concealment of personal facts. The interest in preventing the circulation of personal data, such as criminal records or a moral conduct that does not comply with general standards, is closely related to the wish to convey a positive image of one’s self, which allows to establish social relations (friendship, emotional links, business relations) under favourable conditions: the individual “sells” himself/herself on the market of social relations like a manufacturer sells his products, and is therefore inclined to enhance his/her qualities and to conceal defects. On the other hand, third parties too may, for the very same reasons, be significantly interested in receiving information on the people they meet for various purposes. Marco Maglio - An Economic Analysis of the Right to Privacy 263 3. The classification of privacy costs I think it is important, in this context, to express a few general considerations on the nature of the costs related to privacy protection. Two of these are particularly important: A) The first has a mandatory character: the criteria to calculate such individual sacrifices are all but unique, and characterized by strong subjective ambiguity. In this respect, just consider the debate carried out in 2001 in the United States on the assessment of the costs related to the approval of a privacy legislation for e-commerce and Internet trading systems. The amounts mentioned by the parties involved ranged from US$1 to 36 billion, according to the variables considered by those that submitted these calculations. The arguments related to these figures left their mark on the Internet, but never helped explain a basic matter. In the light of this experience, I deem it crucial to identify a way by which privacy costs may be uniquely calculated, in order to assess them correctly within the framework of individual choices. But this process requires a classification of costs based on objective criteria. B) Hence the second consideration, which is more substantial and related to the need to make a distinction between privacy costs. I will try to suggest a possible classification and to identify several cost categories according to three specific criteria: 1) the parties that incur such costs, 2) the time with respect to which such costs are incurred, and 3) the effects resulting from such costs. 1) From a subjective viewpoint, costs may be either: - individual, i.e. incurred both by the data subject to exercise his/her rights to privacy and by the data controller to abide by personal data protection rules, or - social, i.e. incurred by the community to ensure respect for individual privacy. These include the organizational costs incurred by the State to satisfy the citizens’ demand for privacy. 2) From the chronological viewpoint, costs may be either: - preventive or for prevention, to avoid any privacy breaches, or - subsequent or corrective, to remedy any breaches that have already occurred. Some in-depth analysis may be useful, especially from the viewpoint of the data controllers that operate within complicated organizations. The preventive costs required to ensure that these parties comply with privacy regulations basically provide for the following: - the provision of human resources to take care of the management of privacy-related practices; - the development and update of an internal privacy practice; 264 Da costo a risorsa - Attività produttive e protezione dei dati personali - staff training and updating; - the supervision and auditing of privacy management activities; - the adoption of technological and IT tools ensuring personal data protection; - internal communication to disseminate privacy policies; - direct relations with the subjects of the processed personal data. The costs subsequent to any claims resulting from non-compliance with privacy rules include: a) costs for the reorganization and readjustment of data to privacy protection requirements, b) costs resulting from relations with parties outside the corporate organization, with reference to: - administrative penalties, - damage reimbursement, - share value reduction, - damage to the company’s public reputation, - reduction of the corporate brand’s perceived value, - potential loss of economic opportunities. An analysis of correction costs and prevention costs allows to identify the risk a company has to take with respect to personal data processing and the investment the company has to make to reduce this risk accordingly. 3) Based on cost-related effects, costs may be either: - transaction-related costs, i.e. the actual economic effort resulting from the choice made, or - opportunity-related costs, i.e. what every individual is prepared to give up as a consequence of his/her choice. The confused discussion on privacy costs has developed so far with transaction-related costs as the only reference point, while only stressing the negative impact produced by the existence of monetary costs. On the other hand, I believe that opportunity costs deserve more consideration, since they affect the protection mechanism more directly. It is then worth analyzing this particular aspect. What is an opportunity-related cost? It is the cost of giving up a possible alternative option. Using the juridical categories of the buying and selling agreement, it may be defined as the price of renunciation. For example, if you decide to go to the cinema tonight, the opportunity-related cost results from your giving up to stay at home with your family (if the alternative to going out is staying in). The opportunity-related cost is therefore the value attached to the better alternative that is given up by adopting a certain behaviour. Since different individuals have different op- Marco Maglio - An Economic Analysis of the Right to Privacy 265 tions, they also bear different opportunity-related costs. I think the analysis of opportunity-related costs is most important to understand how the personal data protection mechanism affects individual choices. It should be noted, in fact, that whenever the data subject is asked to choose whether to grant his/her consensus to personal data processing, he/she estimates the opportunity-related costs resulting from such decision by comparing the benefits of the possible alternative options. If the data subject decides to restrict the disclosure of his/her personal data, he/she gives up the opportunity to get in touch with the party that asked for the consensus, while improving, at the same time, his/her privacy. On the other hand, if he/she decides to consent to processing, he/she reduces the privacy of his/her data, but increases the opportunities to get in touch with other parties. Similarly, whenever a data controller asks the data subject for consensus to further initiatives involving his/her data, it estimates the opportunity-related costs. No request will reduce the costs resulting from consensus management, but will also reduce the opportunities to have new contacts with the data subject. 4. The issue of the interest balance provision On the other hand, the need to tackle privacy-cost issues with sure methods and calculations does not only depend on an assessment of the system’s efficiency. A consistent interpretation of clear legal provisions, contained in the 1995 EC directive, called “interest-balance provision,” should also be provided. The principle on which this provision is founded is a very simple one: in order to assess whether a data processing activity is legitimate, the interests of those who want to use this data freely should be compared against the interests of the subject of such data.(4) Multiple criteria are used to assess this balance, and they are not limited to the (4) For better understanding of this phenomenon, it may be useful to make reference to comparative law, to explain how this provision was implemented and enforced so far in some homogeneous legal systems. The idea that the interests of the data controller and of the data subject should be balanced started in Germany, in the Netherlands, in Austria, and in Finland. These countries were the first to acknowledge the Interest Balance provision. In all the Member States that are familiar with the Interest Balance provision, the legislator prohibts that some data be processed without the consensus of the data subject and authorizes, instead, with no need for consensus, the processing of general, and therefore noninvasive, data. Personal data processing without the consensus of the data subject is only prohibited for sensitive data, as specified in Art. 8 of the European Directive. The legitimate interests of the data controller and of the data subject should then be defined. In the EC Member States that implemented the Interest Balance provision in their legal system, all reasonable specific economic interests are considered as legitimate. But the data controller should assess the purposes of the activity. In this comparative analysis, it is crucial to provide a correct definition of the economic impact of both positions that need to be compared. It is worth referring, in this respect, to the statement made by the Civil Federal Court of Germany (Bundesgerichtshof, BGH) in 1986: 266 Da costo a risorsa - Attività produttive e protezione dei dati personali economic domain. However, I think reference should be made to costs (both transaction-related and opportunity-related) to define whether the protection of the individual right to privacy is disproportional compared to a different interest that is potentially in conflict with such right. Thus, the correct evaluation of compared costs and benefits is crucial to the appropriate application of this provision, which has a true general character within the personal data processing theory, also with respect to the enforcement of the interest-balance principle. 5. The efficiency of data protection rules Another question arises from these considerations: what juridical regulation of privacy goes along the way of better allocation efficiency? The main issue with respect to effective privacy protection is generated by the need to harmonize strictly individual privacy-related choices in view of maximum social well-being. The juridical approach, suggesting an assessment only based on the exercise of a subjective right, may be usefully combined with some thinking aimed at pursuing maximum well-being, both for the owner of the right and for all the other concerned parties. If capable of avoiding provocative remarks, the economic analysis of law may be very helpful in opening up new perspectives for the discussion that is going to take place in the next few years. The development of technology and business communications inevitably tends to turn personal data into goods with an intrinsic value. The need for protection therefore tends to grow, but its effectiveness may only be ensured by taking into account the economic side of privacy, along with its original ethical side. In this respect, a further idea emerges, by which privacy is no longer just a negative right represented by the general duty to passively refrain from acting in such a way as to harm it. On the other hand, it takes the typical characters of civic law(5) and becomes a juridically protected claim for services (facere or non facere, in the legal jargon) the community is in charge of delivering. In this new perspective, data protection costs, both public and private, are inevitably bound to rise. This is physiological for an effective system, and leads to look at the future “The phrase justified interest requires an assessment of the importance and of the consequences that the disclosure and the use of personal datta imply for the data subject, as opposed to the interests of the data controller. Therefore, the type, the contents, and the meaning of the data should be assessed according to the purpose of its collection, and to the social cost resulting from its non-use. Only if this assessment, inspired by the constitutional principle of proportion, does not cause a reason to assume that data storage for the stated purposes may negatively affect the justified interests of the concerned party, is such data storage allowed.” (BGH NJW 86, 2505) (5) According to the classical categories of Jellinek Marco Maglio - An Economic Analysis of the Right to Privacy 267 with the certainty that a right, meant as a juridically protected status, does not only exist as long as a given legal system decides to acknowledge and protect it, but also depends on the resources a society is prepared to devote to this purpose. 6. The pursuit of the data subject consensus In economic terms, it may not be ignored that privacy works according to a comparison between the opportunity-related costs for the data subject and for the data controller. If the data controller’s advantage resulting from compliance with data protection rules is added up to the data subject’s advantage, a balanced system is established, by which an increased privacy does no longer just depend on the data subject’s choice and on the resources invested by the Authority, but is rather solicited by the data controller itself. The result is a reduced pressure on the data subject to obtain his/her consensus to personal data processing. It should be noted, in this respect, that the increasingly accurate mechanisms by which strangers become friends and friends become customers (as from the successful slogan used by Seth Godin, the creator of permission marketing) are not reassuring. An individual makes selfish assessments of the social impact of his/her choice on privacy. In addition, it is too naive to suggest that a natural convergence exists between privacy advocates and permission marketing advocates. But this is not the point: instead, this consensus dangerously turns into a commodity, and this may jeopardize actual privacy protection and the future development of an interactive communication market. Those who capture personal data for business purposes tend to take the principle of the central importance of individual consensus to extremes - often in a subtle way and using psychological strategies - as a tool for definition of the privacy level and for the exercise of the resulting right to information self-determination. Consensus, thus debased, may become a traded product in relations between the data controller and the data subject (according to a mechanism that may be simply described as follows: “if you consent to the use of your personal data, I’ll let you take part to a sweepstake or give you a gadget”) and lose, in the process, the guarantee value data protection mechanisms attach to it. This undisputed risk had already been perceived about three decades ago by commentators on the then new data protection theories in Europe: consensus, alone, is not enough to effectively ensure full privacy protection. This principle left significant marks in the Italian law, such as the regime characterizing sensitive data processing, by which the written consensus of the data subject should be supported by an authorization issued by the personal data pro- 268 Da costo a risorsa - Attività produttive e protezione dei dati personali tection Authority. The function of the independent authority for privacy protection is not only the one that could be defined, according to a very effective US formula, as the sporting theory of justice. The Authority, in fact, is not only a referee ensuring that the players comply with the rules set by the legislator. Instead, by law, it plays an active role in enforcing the rules and investigating and preventing any breaches. Once these comments are reported to the legal framework, the true basic matter should be solved, namely the identification of mechanisms by which everyone may have an interest in adopting privacy-oriented behaviours. The basic assumption of this reasoning is that privacy is a transversal value that, if established, may bring shared benefits to the individuals and the community, to private parties and public companies and entities and, more generally, to the person meant both as an individual and as a social subject. The main issue is then to decide whether the protection mechanism may be balanced by reducing the inevitable pressure on the data subject to obtain his/her consensus. 7. Possible actions for more effective protection A number of levers are available to accomplish this. With no claim of being exhaustive, I will mention a few, to stimulate an open debate on the matter: 1) Prevention: personal data processing abuses often occur without the data subject being aware. A so-called secret processing thwarts the role of control over consensus. An action should then be promoted to prevent such breaches. 2) Control: the supervisory role of the Independent Authority may help reduce and regulate the pressure exerted by the data controllers on individual data subjects to obtain their consensus to data use. 3) Sanctions: the enforcement of money penalties and indemnification or punishing systems may lead data controllers to use greater caution in expressing their assessment on the comparative benefits resulting from a breach of privacy protection rules. 4) Interest balance: the correct enforcement of the interest balance provision may reduce the pressure on the data subject to convince him/her to grant his/her consensus (or to take such consensus without the data subject being aware, as it happens sometimes). 5) Incentives: the identification of awarding profiles increasing the benefits for the data controllers related to compliance with the rules, may develop the latter’s willingness to respect privacy. I am not sure whether the basic as- Marco Maglio - An Economic Analysis of the Right to Privacy 269 sumption of a great book by Stephen Holmes and Cass Sunstein – “The cost of rights” – is true, by which freedom depends on taxes, but the tax leverage, through allowances, deductions, and tax exemptions, may probably help promote respect for other people’s privacy and discourage breaches. The same is true for a simplified exercise of the administrative duties related to data protection, that could be granted, as a reward, to the data controllers that comply with high privacy standards. Certification tools publicly stating compliance with privacy principles are also strongly motivating, and companies in particular may use them to improve consumer loyalty. But before discussing the instruments for right protection, to which our discussion has brought us, it is important to understand how personal data dynamically fall within an economic system. Micro-economic schemes and criteria will be used for this purpose. Following the traditional principles of micro-economic analysis (i.e. the study of the allocation of scanty resources to alternative options), the dynamics generated by personal data protection may be analyzed in five respects: - how consumer choices are made in the light of the demand for privacy (and therefore, how a typical consumer, bound by a given income, chooses between the different levels of privacy available); - how choices are made with respect to privacy by companies and business enterprises (in this respect, a description may be provided of how the company decides what privacy level is acceptable for it, which investments it should make to ensure customer privacy, and how much it should spend to obtain customer consensus for data processing); - how companies and consumers interact with each other (combining the consumer and company theory, the decisions of both these groups may be analyzed to check their co-ordination through the fluctuation of market prices, while identifying a balance point and therefore the privacy level that is acceptable in an efficient market); - how the supply and demand for privacy are defined in the manufacturing process (analyzing how demand and supply affect production factors: labour, capital, and entrepreneurial skills); - how the markets are organized and how they may effectively allocate economic entity choices with respect to privacy. This certainly opens up new perspectives for an analysis, which should be carried out with great scientific accuracy and with the ability to valorize the results achieved so far by juridical research. 270 Da costo a risorsa - Attività produttive e protezione dei dati personali 8. The intrinsic risk of economic analysis One risk should be taken into account, however: the overlap of economic assessments on a fundamental right like privacy is bound to cause misunderstanding and confusion that need to be avoided. But I think it would be unfair to ignore this analytical perspective, which is called for by the development of the social and technological system within which personal data flows. I feel, instead, that this is a challenge we need to take, even at the cost of having to cope with dangerous or complicated issues. It should be noted that the actions of the people that Yves Dezalay effectively described as the merchants of the law will develop in great numbers in the next few years. There are true multinationals of the law that act in view of restoring the international juridical system, while pursuing special interests that have nothing to do with the protection of general principles, determined on the ground of democratic rules. Privacy is too much of a highlight to keep away the pressures of the so-called business communities. With the pride of a lawyer, I do not think that such a cross-disciplinary issue may be tackled through cost-benefit considerations only. On the other hand, I also think that juridical science is never just formal, and does not end with a definition of rights and duties. And I am sure that the true problems a lawyer needs to tackle and solve are intimate matters that involve social consciousness. To achieve this, the economic impact of the rules should be assessed, and their efficiency should be examined in pursuing the general interest. 9. The opportunities of the economic analysis of law: changing privacy from a static cost to a dynamic investment The combination between juridical and economic categories, however, does not imply an approval of the viewpoints of those that - especially overseas - state that juridical rules necessarily develop towards effective solutions. The analytical micro-economic instruments are rather used to identify the incentives and constraints that influence individual behaviours. A greater awareness of the economic logic behind those behaviours may therefore significantly help interpret and possibly adapt to the rules. Still with respect to the development of the new global market, the multiple rules and the different approaches to personal data circulation issues may generate the same confused and misunderstood languages that, according to legends, characterized the Babel world. Specifying the economic data involved in the discussion may promote the introduction of a shared language, mainly, but not only, between both shores of the Atlantic ocean, and lay the foundations for a more conscious ap- Marco Maglio - An Economic Analysis of the Right to Privacy 271 proach to both viewpoints. A growing “cross-attention” should emerge – as experts in comparative studies use to say – based on mutual respect, between the opinions expressed in the different continents. I think that, without this, the road to globalized privacy guarantees – the true goal of this process – would be harder to reach. For the near future, I see no perspective for privacy deregulation, but I am sure that some people will use the economic analysis for their instrumental purposes and will state the need to release the entrepreneurial world from its constraints. Others will state they can do without the rules and the reasons of the law, to give more room to economic needs. I strongly recommend that you beware of these claims for liberalization. This risk should be clearly reported and, in order to avoid it, I think it is crucial for the economic analysis of law to clarify the future debate on privacy and offer its support to this branch of juridical research. In this economic analysis of the right to privacy, the existing legal framework needs to be preserved and protected in view of outlining a harmonious view of privacy, which may turn from a static cost to a dynamic investment, in order to increase the value of resources and promote economic development: a well-tempered privacy, if I may say so. 10. The noble and mobile frontier of privacy A development is then under way, also for privacy, that has characterized the development of the general theory of civil liability, and that belongs by now to the jargon of Italian lawyers: the noble frontier of privacy - noble because it concerns a fundamental right - comes forward thanks to technological and social developments, thus turning into an ever-shifting mobile frontier. Privacy needs to be pursued as its borders are expanded. To achieve this, I think we all need to refrain from taking up consolidated defensive positions and open up to new perspectives. It is important to consider, in this process, that a scientist is characterized not so much by knowledge, by the undisputed truth, as by a critical, continuing, and restless search for the truth. With enthusiasm and passion, I always remind to myself the words by which Karl Popper described the progress of scientific development. Based on that lesson, I think it is fair to say, with respect to privacy, that “research never ends”. 272 Da costo a risorsa - Attività produttive e protezione dei dati personali Privacy in a Business: An Operational Model Douwe Korff (1) Contents: 1. Introduction - 2. The problems with data protection - 3. Know thyself (in six steps) - 4. Reflect - 5. Conclusion: cost and benefits 1. Introduction Before making some remarks on how businesses can apply data protection rules in practice (somewhat grandly referred to as the presentation of an “operational model” in the programme), I would like to make a few brief general comments, partly related to earlier presentations. First of all, I would like to note that “data protection” is a concept that extends beyond “privacy” and “private life”. It is not solely concerned with limiting intrusions into our private matters, with ensuring that no-one holds more data on us than is necessary for their legitimate activities. That is only part of it. But data protection extends beyond this. It deals with the use of data in relationships between the individual and other social actors, private and public. It seeks to ensure that the data are indeed used only for a “legitimate”, defined purpose; that they are limited to what is “necessary” and “relevant” in relation to that purpose; that they are obtained and processed properly, fairly and lawfully; and that the individual has a measure of control over the process. In broad terms, data protection therefore serves to enhance lawfulness, social propriety and fairness in relationships, insofar as these relationships involve the use of data. This means that sometimes more, or better data may be needed. Privacy may concern the “right to be left alone”. Data protection concerns the right to be properly treated. This wider scope of data protection has clear implications. It means that the rules are not just aimed at reducing data. It also means that there must be a heavy emphasis on process, as well as substance. It also means that data protection (or at least elements of data protection) should be extended to legal persons. Companies don’t need privacy. On the contrary, in many ways they should be forced to open themselves to outside, State and non-governmental, inspection. But they do deserve to be properly treated. A false credit report can seriously damage a business, as much as an individual. To that extent, data protection should be available to the former as much as to the latter. Secondly, data protection relates to fundamental rights, and in particular to both the right to private and family life and the right to freedom of information and expression (Arts. 8 and 10 of the European Convention on Human Rights). It has been said at the conference that the rules on when a person’s privacy may be inter(1) Professor of international law, London Metropolitan University Douwe Korff - Privacy in a Business: An Operational Model 273 fered with are unclear. However, because of this human rights basis of data protection, we can discern the principles that apply. They have been extensively elaborated in the case-law of the European Court of Human Rights. Put simply, they first of all recognise that the systematic collecting and collating of information on a person intrudes into that person’s freedom: they constitute “interferences” with a person’s private life. Secondly, they therefore require that any such activities be: (a) lawful (i.e. must be in accordance with positive law); (b) legitimate (i.e. serve a legitimate purpose); and (c) “necessary” to serve that purpose. The requirement that restrictions on fundamental rights (such as, in casu, processing of personal data) must be “lawful” also means that the legal rules in question must be (aa) published; (ab) detailed; and (ac) not such as to allow “arbitrariness” - which basically means that they must not allow excessive discretion in their application. The principle that processing must be “legitimate” implies that there is a test of what I may call “societal necessity” and propriety: not everything that is “lawful” (i.e. not forbidden by law) is “legitimate”. Processing which improperly interferes with a person’s privacy and freedom is not “legitimate”, even if it is “lawful”. The test of “necessity”, moreover, involves in particular an assessment of the “proportionality” of any interference. In terms of data protection, it means we must ask whether the purpose that is supposed to be served by data collecting and –use even if it is lawful and legitimate - is such as to outweigh the intrusion in a person’s private sphere inherent in such activities. In addition, it is crucially important to note the procedural aspect of human rights protection. By this I mean that under international human rights law, it is not sufficient to stipulate the requirements listed above, at (a) – (c). Rather, these must be backed up by: (d) supervision; and (e) remedies that are available to individual data subjects. This is not the place to discuss these matters at length. Rather, I would just like to make two points. First of all, I hope the above may counter remarks that the framework for the application of data protection is too vague. I agree that the specific legal rules are complex and often ambiguous. But in my opinion, the gist, the thrust of the rules is clear, and the above principles provide a clear set of standards by which data protection legislation, and its application and enforcement, can be judged. Secondly, in respect of the latter two points (points (d) and (e)), it must be noted that State supervision can never “police” the billions of processing actions that take place every day. At most, the data protection authorities can hope to expose the worst abuses. And individuals, too, cannot hope to properly exercise control over 274 Da costo a risorsa - Attività produttive e protezione dei dati personali their data, or the processing of their data: “informationelle Selbstbestimmung” is a mirage. Rather, data protection - fair processing of personal data - must be embedded in the ethos of State and corporate actors if it is to be effective. This presentation is concerned with data protection and businesses, i.e. with the private sector. However, in this introduction I may note two more general matters. First of all, we are moving to the era of “ubiquitous computing”: virtually all we do, say, or write (or [e-]mail, or “text”) is captured. There is a strong temptation, on the part of both private and public actors, to try and seek access to these evermore-revealing data. The US Government has even formally adopted a “Total Information Awareness” programme in its so-called “war on terrorism”. Businesses may try to obtain “total information” on people to sell products or services. Both attempts are (a) doomed to fail and indeed (b) likely to be counter-productive. They are doomed to fail for two reasons. First of all, attempts by government authorities to use “profiles” to catch highly untypical exceptions just do not work - even if the data are reliable. As one expert told me: “you just catch oddballs”. Secondly, data, and the quality of data, are and is directly linked to the context in which the data are provided, collected and used. If I dont like airline meals with (certain kinds of ) meat in them, I may tell them that I am a vegetarian, or indeed a Jew or a Muslim. I (or my childen) may fill in consumer questionnaires by saying I earn massive amounts of money, and take five holidays a year, in the hope of being sent catalogues of expensive sports cars and luxurious hotels in exotic places. Companies may not mind such mis-statements too much, as long as their marketing remains largely unaffected. However, State agencies relying on such data may arrest innocent people (and not just innocent oddballs, either). Worse, they may think such raw data will enable them to spot the guilty. Real criminals or terrorists will not find it too difficult to escape such crude Rasterfahndung. Secondly, abuse of data will be exposed - and is the most certain way to ensure that people will be more reluctant to part with their data, or more tempted to provide incorrect data. “Total Information Awareness” just means that ubiquitous computing is being turned into unbiquitous surveillance. Data subjects - individuals will not accept it, and will try to evade it. The upright citizen will do so because he feels he should not have to bare all before the State or mighty corporations. The criminal will do it to escape detection. The terrorist will do it to avoid capture until it is too late. If ubiquitous surveillance will lead to avoidance action by individuals - as I believe it will - it will have defeated itself. Both the State and business can only do what they are supposed to do on the basis of trust. In a police context this is called, in England (where I live) “policing by consent”. The British police has long since recognised that policing without consent is not only oppressive, it is also ineffective and indeed counter-productive, even in the fight against terrorism (al- Douwe Korff - Privacy in a Business: An Operational Model 275 though this lesson may have to be re-learned by the security services who now appear to be in the ascendency). The same applies to business. In the era of ubiquitous computing, the private sector should avoid the temptation of trying to grab as much data as possible, from wherever they can get it. They will merely obtain a load of rubbish - useless, inaccurate data. And they will alienate the customer. I will conclude below, in the main part of my presentation, that compliance with data protection is not really difficult or demanding. Here, I may already add that it also makes good business sense. 2. The problems with data protection The above is not to say that there are no problems with data protection. On the contrary, data protection legislation is awkward, and often fails to deal with “the real world”. Thus, data protection rules were written for simple operations: - they assume there is always one controller;(2) - they assume controllers obtain data from one source; and - they focus on operations in one country. In practice, commercial operations can be very complex; they do not correspond to this simple approach: - they often involve several entities, with different legal status (such as wholly-owned subsidiaries; legally independent but effectively linked companies; agents; etc.); - they use data from many different sources and wish to exchange those data, in particular within a group of companies; and - they are increasingly transnational - inherently so with regard to the Internet. Furthermore, in spite of transitional rules in the national and European rules, there are problems with old, inherited (“legacy”) systems and with acquisitions and mergers. The first and main point I want to make in this presentation is that companies must address these issues squarely: they must try to find solutions - that is: ways of operating in compliance with the rules - first and foremost by and for themselves. They should not either actively evade the law: that would merely lead to exposure and opprobrium - and loss of consumer confidence and business - later on. Nor should they wait until the national supervisory authority catches up with them. First of all, because that would involve such exposure and loss of confidence. But also because the best (initial) judge of what is needed to comply with data protec(2) The EC framework directive on data protection contains one, difficult exception to this, in the highly problematic provision on “applicable law” - but even in that context fails to resolve the issues. 276 Da costo a risorsa - Attività produttive e protezione dei dati personali tion principles and rules is - must be - the data user, the company (or group of companies) concerned. This presentation intends to give an insight into how this can be done. In it, I draw on extensive experience in advising corporate and not-for-profit clients, ranging from Readers’ Digest, Cendant Corporation and Euromoneys plc to Amnesty International and the UN High Commissioner for Refugees. What I will try and do is show how a purposeful, but common-sense, approach to the issues can result in pragmatic solutions which both allow companies to process (and share) personal data for their legitimate business purposes, and to respect the privacy and other rights of their customers and potential customers. 3. Know thyself (in six steps) In order to comply with data protection rules, companies must first of all assess (“self-audit”) their operations in the light of data protection. They must describe (for themselves) their own operations in data protection terms. In my experience, this first self-assessment is the single most important action that must be taken towards data protection compliance. In carrying out this description, in making this assessment, companies must not assume that a purely legal description of the relationship between the different entities, or between the companies and the data subjects, is sufficient for data protection purposes. Thus, for instance: - whether one company (e.g. a mother company) or another company (e.g. a daughter company) is to be regarded as the controller of a specific operation does not depend on their formal status within the company (mother or daughter, subsidiary, wholly-owned, etc.) but on the actual, practical arrangements; - “consent” obtained in a contractual context may not be valid for data protection purposes; and - an agreement between companies (even within one group) to exchange data, even if valid in terms of contract law, may not be sufficient to allow such exchanges. The self-assessment or internal description should take place in six steps, in the following sequence: The first step in the assessment should be a close examination (and writing up) of the Purposes for which the company (or group of companies) uses personal data. In this, companies should: - assess Each separate, distinct personal data processing operation: whether operations are separate depends on whether they serve different purposes; - think about the specificity of the description of the purposes in question: Douwe Korff - Privacy in a Business: An Operational Model 277 you may be tempted to use broad descriptions, but informing data subjects in vague terms (e.g. “commercial purposes”) may not be sufficient in several ways to meet the informing-requirements of the law, or to obtain consent; it is best to be precise whenever practicable, especially about secondary uses and disclosures of data; and - check what is meant by “personal data”: this sometimes includes data on legal persons (this is the case in Italy, for instance); it may also depend on whether the data are used with reference to the data subjects: this can be quite a difficult matter with regard to sound and image data (as obtained, for instance, through cctv cameras, or biometric identifiers), or statistical data, for example. The second step in the process requires a company to specify who “determines” the purposes of any processing operation: this entity must be regarded as the controller. In order to do so, for complex operations, you will need to look closely at the real activities of all the entities involved (e.g., in a group of companies) You should try to specify the role of the other companies involved: they could be controllers with respect to some operations, and processors with regard to other operations. Having determined who is the controller and who is (or are) processor(s) with regard to each distinct processing operation, you can (for transnational operations) determine which national law applies to the separate processing operations. However: beware! In spite of an attempt by the EC data protection directive, in practice, the national laws may show positive or negative conflicts; the different laws in the EU Member States still (regrettably) often define their territorial applicability differently. The purpose(s) specified for each operation determine(s) the application of many relevant data protection rules: - whether the data are collected for (a) legitimate purpose(s); - if they are processed for a secondary purpose, whether that purpose is compatible with the primary purpose; - whether the data are adequate or inadequate, relevant or irrelevant and excessive or not excessive in relation to the purposes concerned; - whether the data are accurate or inaccurate in view of the purposes concerned; - whether, and if so, how often, the data should be up-dated; - how long the data may be retained; - what information should be provided to the data subjects (depending on the specificity of the purposes and also whether the purpose is - or the purposes are - obvious or not); - etc. 278 Da costo a risorsa - Attività produttive e protezione dei dati personali For the third step, it must be attempted to specify the criterion or lawful basis for each separate processing operation. For companies, this will generally be one of the following: - consent; - contract; - a legal obligation imposed on the controller (the company); or - the “balance” criterion Quite different, and very specific, requirements arise in respect of each of these criteria: you must therefore carefully check whether you meet them: - consent must be free, specific, informed and unambiguous (and for sensitive data, explicit and often in writing); - contractual or pre-contractual stipulations about uses of personal data may not be valid if they are unrelated to the main purpose of the contract; - controllers must check whether they are really obliged to process (e.g. to disclose data to a public authority) under some legal rule; and - the “balance” criterion requires a careful assessment of the interests of both the company and the data subjects - if possible, it is much better to obtain the consent of the data subjects. Fourthly, you must check whether you meet the other substantive requirements of the applicable national law (or laws!), in particular as regards: - the stricter rules or criteria for the processing of “sensitive data”; - the informing of data subjects (and the specificity of the information) generally; - the informing of data subjects of their rights in particular; and - the granting of data subject rights: the right of access and correction; the general right to object; the specific right to object to direct marketing (whereby you must take into account the different requirements relating to different technologies used for direct marketing - mail, fax, telephone, email - and the differences between different countries in this respect); and the right not to be subjected to fully automated decisions based on “personality profiles”. Once again, you must check these matters separately, for each distinct processing operation (defined by reference to its purpose, as explained above in the first step). For the fifth step, you must check how you ensure security and confidentiality of personal data, both within your company (or group of companies) and as concerns processors or agents. To this end, you must: - check the physical security of your data; - check whether you are limiting access to personal data on a “need-toknow” basis; and Douwe Korff - Privacy in a Business: An Operational Model 279 - review what formalities you have put in place to ensure compliance (e.g., confidentiality clauses in employees’ contracts; in contracts with agents; in contracts with other companies; and in intra-group agreements). It is important to stress that the formalities just mentioned are not limited to measures relating to outside contractors: you must also look at any rules or agreements that have been adopted within your company, or within your group of companies. You must also of course take special care with regard to on-line transmissions of data. Finally, as the sixth step, you must check the notifications you have made to the national data protection authority (or to different national authorities!) with regard to your personal data processing operations: were they (and are they still) accurate? 4. Reflect Now take a rest - and think about whether you should make new, and possibly different arrangements within your company or group of companies, as concerns your processors or agents, and as concerns your relationship with your data subjects (in particular, your customers) - for instance: - you may wish to assign responsibility for certain processing operations to different entities within your company, or within your group - but remember that this may mean that different entities become the controller, and perhaps even that a different law applies; - you may wish to re-think how (and in how much detail) you inform your data subjects; - you may want to base certain operations on a different basis (e.g., on consent in stead of on the “balance” criterion, or vice versa); - you may (usually should) revise - or where none exist, draw up - detailed contracts or intra- or inter-company agreements reflecting the (possibly new) arrangements, to reflect the (new?) arrangements In this, there are some “dos” and “donts” (and perhaps a “perhaps”): - do ensure that someone within your company or group of companies is given overall responsibility for data protection - and give that person appropriate authority, and lend him your ear! - do consult with your national data protection authority (or in appropriate cases, with the relevant data protection authorities) - they are usually most helpful! - do consult with your national (and where appropriate, European) trade association - they are usually most knowledgeable! 280 Da costo a risorsa - Attività produttive e protezione dei dati personali - perhaps hire a consultant to get you started and/or to train and assist your in-house data protection official (but often this will not be necessary if you adhere to the above and your operations are not too complex). - don’t dissimulate: you can make new arrangements, but they must be real ones, not facades! 5. Conclusion: cost and benefits If you carry out the above exercise, you will know what you need to know to arrange your data processing operations in such a way as to comply with any relevant (applicable) data protection rules. There may be practical issues you may want to address - for instance, how to move from certain practices and certain databases, which are not yet fully data protection compliant to practices and systems which do fulfil the legal requirements. There may also be questions as to whether a particular operation is in accordance with the relevant rules. But at least you will have been able to remedy matters which could be remedied without great cost or effort. And at least you now know where the problems are, and will have an idea of how you would like to address them. As noted above, at 4, you can now discuss these matters rationally and in a practical way with the data protection authority (or authorities), if needs be after having first consulted your trade association. You will find that the authorities will be positive to you, once they realise you have tried, and are trying, to comply with the law. They are generally quite willing to discuss ways of bringing your practices and databases in line over time (provided the time-line isn’t too long). They are willing to discuss the wording of information-paragraphs in contracts, forms and on websites in a practical and open way. It is extremely rare - I would almost say, unheard-of - for a bona fide company to be unable to make practical, acceptable arrangements in consultation with the authorities. In other words: you can comply with data protection laws and –rules, without this undermining proper business practices or the possibility to make a profit. Not trying to make this effort, by contrast, can be costly. It will expose you to enforcement action on the part of the authorities and the courts - who, if you haven’t at least tried to bring your own house in order, will not be as helpful as they would otherwise be. And remember that deliberately violating data protection law is costly: the data protection authorities and the courts can impose severe sanctions. They can fine you, or they (or the courts) can order you to cease certain operations, or to re-collect (or worse, destroy) data, or to retrospectively obtain the consent of your data subjects, or to re-design your databases (all of which is even more costly than fines). Most costly of all: data subjects will abandon companies who violate their rights - they are becoming increasingly aware of their rights and interests in this field. Douwe Korff - Privacy in a Business: An Operational Model 281 Conversely, complying with data protection law is not as difficult as it may seem - it just has to become part of your corporate thinking and ethos; it also does not necessarily cost very much if carried out with common sense and in consultation with the authorities, trade associations and where appropriate consumers or clients. And above all: making data protection and respect for the rights of your data subjects (in particular, your customers) part of your ethos and image is a major benefit - increasingly, consumers are basing their choices on how they think the companies they deal with treat them. Overall, data protection compliance is therefore a benefit, not a cost to industry. 282 Da costo a risorsa - Attività produttive e protezione dei dati personali Infomediazione come strumento dei consumatori Carlo Formenti (1) Nei modelli teorici che descrivono l’evoluzione dei rapporti sociali nell’epoca di Internet gli scenari cambiano a seconda che l’accento venga posto prevalentemente sui fattori economici, politici, o culturali. Ma la letteratura sociologica concorda su un punto: la comunicazione a rete favorisce l’individualizzazione dei rapporti sociali a ogni livello, dalla famiglia al lavoro, alla politica. Manuel Castells(2) parla di “privatizzazione della socialità”, o di “individualismo in rete”, riferendosi alla crisi – che le nuove tecnologie non hanno provocato ma sicuramente accelerato – che investe la famiglia patriarcale, le forme tradizionali di rappresentanza politica e sindacale, l’associazionismo fondato sull’appartenenza a comunità locali, categorie professionali, ecc. Sembra dunque riemergere una tendenza di lungo periodo già evidente nelle prime fasi del processo di modernizzazione - basti pensare alla dissoluzione delle forme tradizionali della famiglia e della comunità locale concomitante con il processo di formazione del mercato capitalistico nell’Inghilterra del XVII e XVIII secolo. A una prima ondata nella direzione della frantumazione-atomizzazione delle relazioni sociali, accompagnata dalle politiche legislative del neonato statonazione, aveva tuttavia fatto seguito una lunga fase in controtendenza: per contrastare gli effetti devastanti dell’accumulazione primitiva sulle condizioni di vita della popolazione, lo stato inizia quella lunga marcia di istituzionalizzazione del mercato capitalistico destinata a durare un secolo e mezzo e a culminare con la nascita del Welfare(3). Fu in quel periodo che maturarono le forme istituzionali della moderna democrazia e nacquero quei corpi intermedi – partiti politici, sindacati, associazioni professionali, organismi di rappresentanza, ecc. – che hanno ridisegnato modalità e regole dell’appartenenza dopo il crollo delle comunità tradizionali. Ma con i processi di deregulation economica degli anni ’80 e con il successivo decollo della New Economy(4) si è rimesso in moto il processo di atomizzazione: come era capitato alle comunità tradizionali, le moderne forme di aggregazione sociale entrano a loro volta in crisi, lasciando l’individuo a tu per tu con le impersonali potenze di una tecnologia e di un mercato sempre più “globalizzati”. La teoria neoliberista interpreta tale evoluzione come realizzazione dell’utopia (1) Giornalista - Italia (2) Cfr. Manuel Castells, La Nascita della società in rete, Università Bocconi Editore, Milano 2002. Vedi anche Galassia Internet, Feltrinelli, Milano 2002. (3) Cfr. K. Polanyi, La grande trasformazione Le origini economiche e politiche della nostra epoca, Einaudi, Torino 1974. (4) Per il rapporto fra deregulation e decollo della New Economy vedi K. Ohmae, Il continente invisibile, Fazi, Roma 2001. Carlo Formenti - Infomediazione come strumento dei consumatori 283 del “mercato perfetto”, formulata più di due secoli fa da Adam Smith: l’avvento di Internet consente di mettere sullo stesso piano venditori e compratori, in uno scambio “trasparente” in cui entrambi i contraenti accedono alle stesse informazioni. Al tempo stesso stati-nazione e corpi intermedi perdono presa nei confronti di un “individuo sovrano”(5) che si trova ora nelle condizioni di offrire le proprie prestazioni lavorative, di vendere e comprare beni o servizi, di scegliere soci e alleati al di fuori di qualsiasi controllo politico, fiscale, ideologico. Ma questo modello, che ha contribuito ad alimentare il mito di una progressiva e irreversibile “disintermediazione” delle relazioni economiche (tutti scambiano tutto con tutti, senza bisogno di ricorrere a intermediari) non descrive adeguatamente la complessa realtà della Network Society. In particolare, l’approccio “economicista” sottovaluta la portata e la consistenza dei legami comunitari di nuovo tipo che le reti di computer hanno consentito di sviluppare. L’individualismo in rete, sostiene Castells(6) – sulla scia di Rheingold(7) e altri autori - non si riduce a una raccolta di individui isolati, ma configura un modello sociale di nuovo tipo, un sistema di relazioni sociali “centrato” sull’individuo. Gli individui selezionano cioè i loro rapporti sulla base delle proprie affinità e costruiscono reti di legami personali in grado di garantire socialità, supporto, informazione, senso di appartenenza e identità sociale. Ancorché diversi sia da quelli delle comunità tradizionali che da quelli delle moderne relazioni sociali, questi nuovi legami non sono affatto “deboli”: la loro indipendenza da vincoli territoriali e il fatto di affondare radici in un humus culturale fatto di affinità elettive li rende, se mai, più solidi e duraturi. I rapporti fra Network Society e New Economy, insomma, cambiano in relazione al punto di vista adottato: nella teoria neoliberista lo scenario si articola su due figure fondamentali, l’individuo da una parte e il mercato globale fondato sulle tecnologie di rete dall’altra, mentre tutti i “filtri” politici, sociali e culturali che si interpongono fra tali figure tendono a sparire (si potrebbe dire che il mercato incorpora la rete, configurandola come strumento capace di realizzare l’utopia del mercato perfetto). Dal punto di vista “culturalista” Internet – o meglio le relazioni sociali fondate sulla rete – influenzano al contrario il mercato più di quanto il mercato influenzi Internet, e questo perché i filtri fra individuo e mercato, invece di sparire, si moltiplicano, assumendo la forma di quelle comunità virtuali che costituiscono il terreno su cui si decide il successo o il fallimento di qualsiasi modello di business. La seconda tesi appare più credibile ove si consideri che il capitalismo, nel momento in cui parte alla conquista di Internet, ha da tempo abbandonato il modello fordista, fondato sulla produzione di massa di beni e servizi per un pubblico indif(5) Cfr. J. D. Davidson, W. Rees-Mogg, The Sovereign Individual, Simon & Shuster, New York 1997. (6) Cfr. op. cit (7) Cfr. H. Rheingold, Comunità virtuali. Parlare, incontrarsi, vivere nel cyberspazio, Sperling & Kupfer, Milano 1994. 284 Da costo a risorsa - Attività produttive e protezione dei dati personali ferenziato. Il processo di terziarizzazione, lo spostamento dell’enfasi dalla produzione al consumo, l’attenzione per i mercati di nicchia, ecc. trasformano cultura e organizzazione delle imprese, inducendole a concentrare le energie sul controllo del consumatore più che su quello del lavoratore. Ma controllare il consumatore non significa solo vendergli qualcosa, significa anche e soprattutto istaurare un rapporto duraturo, fidelizzarlo, coinvolgerlo nella progettazione di beni e servizi. E nel momento in cui nascono le comunità virtuali questa “filosofia” è costretta a compiere un ulteriore salto di qualità, affrontando una sfida ricca al tempo stesso di opportunità e di rischi. I secondi derivano dal fatto che le logiche di aggregazione delle comunità virtuali - ad eccezione dei casi in cui queste nascano su iniziativa delle stesse imprese, come comunità di esperti o appassionati di un determinato prodotto – si rivelano del tutto autonome dalle logiche di mercato (con cui entrano spesso in conflitto). L’elenco degli esempi in merito è nutrito: dal passaparola negativo sulla qualità di un servizio, alla nascita di circuiti di scambio gratuito di prodotti capaci di mettere in crisi interi settori industriali (vedi il caso Napster); senza dimenticare la circolazione accelerata di informazioni che consente di esplorare un’ampia gamma di alternative, intensificando la competizione, abbassando i prezzi e indebolendo le relazioni fra cliente e impresa fondate sul marchio. Al tempo stesso, le comunità virtuali rappresentano una preziosa fonte di informazioni su gusti e preferenze dei consumatori, e nella misura in cui se ne ottiene la fiducia, possono trasformare la natura stessa del rapporto fra cliente e impresa, che da semplice transazione economica si trasforma in una relazione umana che entra in quanto tale nella catena del valore. Al punto che autori come Jeremy Rifkin(8) mettono in guardia sui rischi di mercificazione delle relazioni umane, mentre è sempre su questo terreno che sorgono le maggiori sfide intorno al problema della privacy. Questo paradossale intreccio di alleanza e conflitto fra imprese e consumatori ha attraversato due fasi evolutive. Nella fase aurorale della Net Economy, è prevalsa la convergenza di interessi: da un lato, le comunità virtuali rappresentavano per le imprese una fonte straordinaria di idee, progetti e suggerimenti, contribuivano a testare e migliorare prodotti e servizi, funzionavano da amplificatore e canale di diffusione di informazioni e notizie relative a merci e marchi aziendali; dall’altro, le imprese offrivano a loro volta alle comunità notizie e informazioni utili, mettevano a disposizione – spesso gratuitamente – conoscenze e competenze relative all’oggetto di interesse attorno a cui si era aggregata una comunità, ecc. È la fase che ha alimentato le tesi sullo sviluppo di un’economia della conoscenza in cui “tutti vincono”, perché tutte le parti in causa hanno qualcosa da guadagnare nello scambio reciproco di informazioni(9). È la fase in cui le comunità virtuali funzionano spesso da (8) Cfr. J. Rifkin, L’era dell’accesso. La rivoluzione della New Economy, Mondatori, Milano 2000. (9) Cfr. K. Kelly, Nuove regole per un mondo nuovo, Ponte alle Grazie, Milano 1999. Carlo Formenti - Infomediazione come strumento dei consumatori 285 veri e propri incubatori per le startup. La seconda fase si sviluppa invece quando le imprese della Net Economy iniziano a diminuire di numero e crescere di dimensioni - un processo di selezione e concentrazione accelerato dalla crisi economica tuttora in corso. A mano a mano che alcuni marchi si consolidano e riescono a costruire veri e propri “monopoli di nicchia”, mentre fanno il loro ingresso sul mercato dell’ebusiness i colossi dell’economia tradizionale, le imprese vincenti riescono a concentrare nelle proprie mani enormi data base di informazioni sui propri clienti, ed è a questo punto che il pendolo comincia a oscillare nella direzione del conflitto. Per le imprese della Net Economy, la relazione con le comunità virtuali è infatti in primo luogo un mezzo per arrivare a un fine, che consiste nel raccogliere il maggior numero possibile di informazioni sui singoli membri delle comunità e nel rielaborarle a fini commerciali. La maggioranza, se non la totalità, dei modelli di business sono fondati sulla capacità di raccogliere dati personali che consentano di costruire profili personalizzati dei singoli consumatori, nella speranza di realizzare quel modello ideale del marketing one to one che consentirebbe di ritagliare i prodotti sulle esigenze specifiche dei singoli individui. Ma è a questo punto che fini e mezzi entrano in conflitto: per “servire” il consumatore, dicono le imprese, dobbiamo sapere tutto su di lui, la rinuncia alla privacy è dunque il prezzo da pagare per chi voglia ottenere beni e servizi che rispondano effettivamente alle sue esigenze. E tuttavia il consumatore non è affatto interessato ad accettare questa relazione one to one con le imprese, ben sapendo che la sua identità, le sue competenze e le sue conoscenze non le ha costruite da solo, ma acquisite all’interno d’un network di relazioni con gli altri membri della comunità virtuale alla quale appartiene. E la comunità gli ha anche insegnato che, in quanto singolo, la sua relazione con le imprese è asimmetrica: per quanto Internet consenta al consumatore di acquisire più informazioni sulle imprese di quanto fosse possibile in passato, le imprese continuano a sapere molte più cose su di lui di quante lui ne sappia sulle imprese. Nella comunità, invece, circolano informazioni e conoscenze che consentono di cercare e trovare ciò che si desidera al miglior rapporto qualità/prezzo, e di emanciparsi così dalla tirannia del marchio. Infine la comunità offre ai propri membri l’opportunità di confrontare le proprie esperienze negative in merito di spamming, coockie, software di tracciamento, compravendita di dati personali, ecc., e di scambiare tecnologie per proteggersi da questi flagelli. In una parola, la comunità è il luogo in cui matura la sfiducia nei confronti dei “tradimenti” delle imprese. A usare questo termine è Manuel Castells(10), che definisce così la rottura della solidarietà culturale che aveva caratterizzato la fase aurorale della Net Economy, quando comunità virtuali e imprese formavano un fronte libertario che si opponeva ai tentativi di controllo governativo nei confronti della Rete. A preoccupare, al(10) Op. cit. 286 Da costo a risorsa - Attività produttive e protezione dei dati personali lora, non erano i dati che ci si scambiava reciprocamente per favorire lo sviluppo di tecnologie, reti di relazione e progetti, bensì il desiderio dei governi di riconquistare quelle fette di potere su cittadini e imprese che erano state loro tolte dall’avvento di Internet. Le imprese hanno rotto quel fronte libertario accettando di fornire ai governi gli strumenti per realizzare i loro programmi di sorveglianza. Ciò è avvenuto sostanzialmente per due motivi: 1) la necessità di strappare leggi più severe a tutela della proprietà intellettuale, minacciata dai fenomeni di napsterizzazione dei contenuti - e successivamente la necessità di violare la privacy di utenti e consumatori per identificare eventuali infrazioni alle leggi, 2) la volontà di ottenere mano libera su acquisizione, elaborazione e vendita di dati personali. Oggi stiamo tuttavia entrando in una terza fase, che si delinea a mano a mano che le imprese si rendono conto delle conseguenze del deficit di fiducia che esse stesse hanno prodotto, e che sempre più si ritorce contro di loro. Così la Direct Marketing Association, dopo avere osteggiato per anni ogni ipotesi di legge antispam, ha iniziato a premere sul Congresso americano perché vari un provvedimento contro le pratiche del marketing selvaggio; così Microsoft lancia la sua strategia Trustworthy Computing, per neutralizzare le diffidenze che le associazioni dei consumatori avevano espresso nei confronti del servizio Passaport; così Yahoo inserisce tool antispam nei suoi servizi di posta elettronica; così molte grandi imprese si dicono disposte ad adottare i principi del permission marketing,(11) e a inviare messaggi promozionali esclusivamente ai consumatori interessati a riceverli. A provocare simili “pentimenti” sono i dati relativi ai devastanti effetti collaterali delle politiche di marketing più aggressive e spregiudicate: un rapporto della Federal Trade Commission stima in 18 miliardi le perdite di fatturato nel 2001, provocate dalle transazioni interrotte dai consumatori, irritati dalla richiesta di fornire i propri dati personali; la rivista Wired rivela che il 31% dei navigatori americani cambia indirizzo e-mail almeno una volta all’anno per evitare l’invio di posta indesiderata, sottolineando come tale comportamento provochi gravi danni all’e-commerce, rendendo inutilizzabili data base faticosamente raccolti nel corso di anni; infine si diffonde rapidamente l’uso di tecnologie anticookie, software per mantenere l’anonimato durante la navigazione, filtri antispam, strumenti per effettuare pagamenti anonimi, ecc. Ma le nuove politiche che le imprese adottano per far fronte a questi problemi hanno un limite fondamentale: cercano cioè di riconquistare la fiducia dei consumatori a partire dai rapporti con i singoli individui, ignorandone le appartenenze comunitarie. Questo approccio rivela come non si sia ancora capito che campagne di immagine e promesse solenni non bastano a convincere i consumatori, i quali, dopo tante scottature, non sono disposti a verificare sulla propria pelle l’attendibilità di queste rassicurazioni. Detto altrimenti: la fiducia non è un bene che possa es(11) Cfr. S. Godin, Permission marketing. Trasformare gli estranei in amici e gli amici in clienti, Parole di Cotone, Milano 2000. Carlo Formenti - Infomediazione come strumento dei consumatori 287 sere “prodotto” o “venduto” dalle imprese. È un bene che si genera spontaneamente all’interno delle comunità, e di cui le imprese possono usufruire solo se accettano a loro volta di esporsi al giudizio delle comunità, e non solo a quello dei singoli consumatori. Arriviamo così al punto: esiste un incentivo economico in grado di favorire questo ulteriore passo? Il concetto di privacy come risorsa può diventare qualcosa di più di un semplice slogan propagandistico? Esiste un modello di business in grado di inserire la produzione di fiducia nella catena del valore? Alcuni teorici del marketing, come John Hagel III(12), rispondono positivamente lanciando l’idea degli infomediari. Il concetto di infomediario è iscritto nel tramonto dell’utopia dell’accesso universale e generalizzato allo scibile umano che l’ipertesto elettronico sarebbe in grado di garantire a tutti. Nel momento in cui trasforma in realtà il sogno di Ted Nelson(13), il World Wide Web ne dimostra il limite intrinseco: la mostruosa inflazione di dati che circolano nelle reti di computer rende difficile accedere a informazioni realmente significative. Motori di ricerca, portali tematici e gli altri filtri elaborati dal giornalismo on line (professione che diverge sempre più dal giornalismo tradizionale, come dimostra il fenomeno dei web log), rappresentano altrettanti modelli di infomediazione. John Hagel III sviluppa un ulteriore modello in relazione ai problemi dell’e-commerce; un modello che parte dalla critica ai teorici del mercato perfetto: non è vero che Internet ridimensiona il ruolo degli intermediari, dando ai venditori l’opportunità di raggiungere direttamente i compratori e viceversa. Anche la ricerca di informazioni commerciali, il confronto del rapporto qualità/prezzo fra prodotti diversi, la ricerca di dati sui gusti e sulle tendenze dei consumatori, la comunicazione pubblicitaria ecc. richiedono funzioni di intermediazione capaci di governare la spaventosa complessità del Web. Ecco perché, grazie alle comunità di consumatori che si sono aggregate attorno ai loro network, giganti della Net Economy come Amazon, Yahoo! ed eBay hanno potuto assumere il ruolo di “certificatori” dell’affidabilità di prodotti e servizi di altre imprese. Ed ecco perché, a mano a mano che gli interessi del marketing e dei consumatori divergono, si fa pressante la domanda di assistenza da parte di un consumatore consapevole di non essere in grado di negoziare con le imprese in quanto singolo A soddisfare tale domanda, sostiene John Hagel III, dovrebbero essere degli operatori di fiducia che tratterebbero al posto del consumatore. Il compito di questi “agenti dei consumatori” consisterebbe nel conoscere a fondo desideri, bisogni e preferenze dei propri clienti, oltre a tutta una serie di dati personali (dal reddito al profilo anagrafico), per poi mettere a confronto tali informazioni con quelle delle imprese che operano sul mercato. L’obiettivo di tutto ciò consiste nel creare una sorta di “mercato inverso”: non si parte dalle merci e dai prezzi fissati dalle imprese, (12) Cfr. J. Hagel III, Net Worth, Apogeo, Milano 2001. (13) Cfr. T. Nelson, Literary Machine, Muzzio, Padova 1992. 288 Da costo a risorsa - Attività produttive e protezione dei dati personali bensì dalle esigenze dei consumatori e dalle cifre che costoro sono disposti a spendere per soddisfarle. Per svolgere il proprio ruolo, l’infomediario dovrebbe potere “spiare” il cliente - ovviamente con il suo consenso e offrendogli l’assoluta garanzia che nessun altro verrà in possesso dei dati che lo riguardano – in modo da disegnarne un profilo il più accurato possibile. Inoltre dovrebbe fornirgli strumenti (software, formazione, consulenza, ecc.) utili per proteggerne la privacy. Riassumendo: se il consumatore desidera acquistare un determinato prodotto o servizio, l’infomediario esplora la rete al suo posto, 1) aiutandolo a spuntare il miglior prezzo possibile, 2) evitandogli di esporsi a qualsiasi richiesta di dati da parte del venditore. In poche parole l’infomediario non vende nulla, si limita a prestare un servizio ricompensato con una percentuale sul prezzo dei beni acquistati. Oppure potremmo dire che l’infomediario vende fiducia: ai consumatori, proteggendoli dalle violazioni di privacy cui li espone il contatto diretto coi venditori, e alle imprese, alle quali offre opportunità di vendita alle quali non avrebbero potuto accedere a causa della diffidenza dei consumatori. Una prima osservazione è che questo tipo di servizio viene già svolto, in forme diverse, da una serie di imprese: basti pensare ai servizi di infomediazione finanziaria offerti dalle banche, oppure alle agenzie di viaggio e ai club del libro. Ancora più significativo il caso eBay, un marchio che, di fatto, non “vende” altro che fiducia, nel senso che mette a disposizione dei suoi utenti un ambiente virtuale “protetto” in cui le transazioni (in questo caso le aste) si svolgono in sicurezza, dove compratori e venditori si sentono al riparo da truffe, raggiri, violazioni di privacy, ecc. Ma anche i grandi portali come aol, msn e yahoo! svolgono questa funzione di infomediari e garanti delle condizioni di sicurezza e privacy che accompagnano le transazioni online. Ma qui scatta la seconda osservazione: questi “luoghi” del mercato virtuale coincidono con quei crocevia della rete - gateway (porte) presidiate da gatekeeper (guardiani) - che Jeremy Rifkin(14) denuncia in quanto agenti della mercificazione delle relazioni umane: sia che restino “ibridi”, quali sono attualmente, sia che evolvano verso le forme di infomediazione “pura” vagheggiate da John Hagel III, queste imprese controllano modalità e condizioni di accesso degli utenti alla rete. Ma chi controlla i controllori? È vero che il consumatore isolato non è in grado di negoziare a causa della dissimmetria informativa che caratterizza il suo rapporto con le imprese, ma delegando la tutela della propria privacy a una terza parte, con cui si troverebbe a intrattenere una relazione non meno asimmetrica, non migliorerebbe la propria situazione. Torniamo dunque al punto di partenza: concepita esclusivamente come modello di business, la produzione di fiducia sembrerebbe restare un obiettivo impossibile. Arriviamo così al punto: gli interessi economici possono contribuire alla produzione di fiducia, ma non possono sostituire quei fattori politico(14) Op. cit. Carlo Formenti - Infomediazione come strumento dei consumatori 289 culturali che restano fondamentali per risolvere il problema. La tesi qui avanzata è che il concetto di infomediario risulta credibile solo nella misura in cui viene concepito come articolazione funzionale delle comunità virtuali. Di ciò è consapevole lo stesso John Hagel III: non solo perché indica le comunità virtuali fra i più probabili candidati ad assumere il ruolo di infomediario, ma anche perché prospetta la possibilità che gli infomediari finiscano per svolgere nei confronti dei consumatori il ruolo che i sindacati svolgono nei confronti dei lavoratori(15). Se milioni di consumatori fossero in grado di parlare con un’unica voce grazie agli infomediari, la loro capacità di influire sulle politiche aziendali e governative, diventerebbe formidabile, assai superiore a quella di cui dispongono le attuali associazioni dei consumatori. Queste potenti organizzazioni esprimerebbero la volontà collettiva dei consumatori mettendoli nelle condizioni di incalzare le aziende non solo sui temi della privacy, ma anche in materie come la sicurezza dei prodotti, il rispetto dell’ambiente, la protezione dei dati, i prezzi, gli standard di assistenza, il rispetto dei diritti civili nei paesi in via di sviluppo, ecc. Ovviamente, all’interno di organizzazioni del genere, la produzione di fiducia non rappresenterebbe più un problema. Una prima formula potrebbe essere quella di un sindacato impegnato anche in attività commerciali a scopo di autofinanziamento e di pressione negoziale nei confronti delle altre imprese. Un esempio del genere ci viene offerto da un fondo di pensione come il Calpers (California Public Employees’ Retirement System), sostenuto dai sindacati e dal Partito Democratico, che opera come una potente lobby in grado di premere su provvedimenti legislativi e politiche aziendali, mentre qualcosa di analogo potrebbe diventare, qualora decidesse di estendere le proprie attività al settore della Net Economy e di tutelare i propri associati anche sul terreno della privacy, l’italiana Lega delle Cooperative. Un altro esempio concreto è quello incarnato dalla comunità di utenti e sviluppatori del software open source, al cui interno si sono sviluppate le competenze che hanno favorito la nascita di imprese (come Red Hat, SuSe, Caldera, ecc.) che operano nel campo del software, dove gli utenti possono confrontare la qualità dei vari prodotti attraverso un ampio network di siti, newsgroup, mailing list e web log, dove chi ne è in grado può contribuire a modificare i prodotti e a migliorarne la qualità e dove, infine, viene dedicata un’attenzione ossessiva alle tecnologie e alle conoscenze necessarie a tutelare la privacy, a difendere la libertà di parola in rete, ecc. Una terza formula possibile è quella di un’impresa commerciale capace di “cooptare” al proprio interno una comunità di utenti cui delegare la soluzione del problema della fiducia. È il caso di eBay, il celebre sito di aste che non ha bisogno di “garantire” la sicurezza del proprio spazio di vendita perché è la comunità dei suoi utenti a certificare l’attendibilità dei singoli operatori attra(15) Cfr. J. Hagel III, op. cit. 290 Da costo a risorsa - Attività produttive e protezione dei dati personali verso un sistema di rating autogestito. Per concludere riassumiamo le tesi fin qui avanzate. 1) L’individualizzazione dei rapporti sociali che si accompagna allo sviluppo della comunicazione a rete non provoca la sparizione delle forme di aggregazione intermedie, né la disintermediazione dei rapporti economici, ma opera piuttosto come motore di un nuovo modello di socialità, nel quale l’individuo è al centro di reti di relazioni fondate sulle affinità di interessi, bisogni, passioni, ecc. che danno vita a comunità virtuali, le quali sono a loro volta destinate ad avere un peso decisivo nel determinare il successo o il fallimento di qualsiasi modello di business (per dirla altrimenti: Internet cambia l’economia più di quanto l’economia cambi Internet). 2) Nel rapporto fra Network Society e Net Economy (cioè fra comunità e imprese) ci sono state due fasi: nella prima è prevalsa la collaborazione, fondata sullo scambio reciproco di conoscenze e informazioni, nella seconda le imprese hanno “tradito” l’alleanza con le comunità, concentrando le proprie energie sulla raccolta, elaborazione e compravendita dei dati personali dei singoli utenti-consumatori. Questo tradimento ha generato nei consumatori una sfiducia che, assieme ad altri fattori, ha contribuito a mettere in crisi la Net Economy. 3) A mano a mano che le imprese hanno compreso che il deficit di fiducia si ritorce contro i loro interessi, si sono create le condizioni per una terza fase: così oggi le imprese cambiano politica, cercando di inserire la produzione di fiducia nella catena del valore; ma quando viene fatto privilegiano le relazioni con il singolo consumatore, mentre si sottovaluta il ruolo delle comunità come luogo in cui possono maturare relazioni più positive fra imprese e consumatori. 4) Per affrontare il problema c’è chi propone un nuovo modello di business, quello dell’infomediario, che avrebbe il compito di gestire la relazione fra consumatori e imprese, tutelando le esigenze di privacy dei primi e permettendo alle seconde di ridurre i costi della sfiducia. 5) Pur rappresentando un buon passo in avanti sul piano concettuale, questa ipotesi ha il limite di restare ancorata alla relazione fra impresa e singolo consumatore, e per superare tale limite occorrerebbe concepire l’infomediario non solo come modello di business, ma anche come una nuova forma di aggregazione sociale, come una comunità che avrebbe, fra i suoi tanti compiti, anche quello di tutelare la privacy dei propri membri. In questo modo, la fiducia entrerebbe nella catena del valore della Net Economy “di riflesso”, nel senso che verrebbe prodotta in altri contesti socioculturali per poi venire “esportata” nel contesto economico. Resta da aggiungere che gli scenari appena descritti possono assumere credibilità solo se sostenuti da adeguate politiche governative. Il che può avvenire in forme diverse: nel contesto europeo, è più facile immaginare un quadro in cui i protocolli negoziali fra imprese e infomediari assumano valore di leggi o regolamenti pubblici (riproponendo il metodo della triangolazione fra imprese, sindacati dei lavora- Carlo Formenti - Infomediazione come strumento dei consumatori 291 tori e governi); nel contesto americano è più realistico pensare a una situazione in cui le imprese finiscano per adottare regole di condotta mutuate dall’esperienza degli infomediari, magari elaborando dei codici deontologici. Entrambe le vie, tuttavia, possono funzionare solo in un contesto politico-culturale che inquadri il diritto alla privacy nei diritti fondamentali del cittadino, contesto che, purtroppo, non può essere dato per acquisito, né tanto meno per scontato. 292 Da costo a risorsa - Attività produttive e protezione dei dati personali Infomediation as a Consumer Tool Carlo Formenti (1) In the theoretical models describing the evolution of social relations in the age of Internet, the scenario changes depending on whether the stress is placed prevailingly on economic, political or cultural factors. But sociological literature agrees on one point: communication on the net fosters the detection of social relations at every level, from the family to labour, to politics. Manuel Castells(2) talks of “denationalisation of sociality”, or “individualism on the net”, referring to the crisis – that the new technologies have not caused but surely expedited – affecting the patriarchal family, the traditional forms of political and trade union representation, associationism based on membership in local communities, professional classes, etc. Thus, a trend that has long been evident in the first phases of the modernisation process seems to be re-emerging. Just think of the dissolution of the traditional forms of the family and the local community concurrently with the formation process of the capitalist market in an 17th and 18th century England. A first wave in the direction of the disruption-atomisation of social relations, accompanied by the legislative policies of the newly born state-nation, was however followed by a long stage marked by a countertendency: to counter the devastating effects of primitive accumulation on the life conditions of the population, the state started the long march of institutionalising the capitalist market that was to last half a century and end with the birth of the Welfare(3). It was at that time that the institutional forms of modern democracy ripened and that those intermediate bodies – political parties, trade unions, professional associations, representative bodies, etc. – were born, and redesigned the membership modalities and rules after the collapse of the traditional communities. But the economic deregulation processes in the ‘80’s and the subsequent take off of the New Economy(4) gave new momentum to the process of atomisation: as had occurred in traditional communities, the modern forms of social aggregation in turn reached a crisis, leaving the individual to face the impersonal powers of a growingly “globalised” technology and market. The neo-liberalist theory interprets such evolution as the achievement of the “perfect market” utopia, developed more than two centuries ago by Adam Smith: (1) Journalist - Italy (2) See Manuel Castells, (The rise of the Network Society) La Nascita della società in rete, Università Bocconi Editore, Milan 2002. See also Galassia Internet, Feltrinelli, Milano 2002 (3) See K. Polnyi, “La grande trasformazione. Le origini economiche e politiche della nostra epoca, Einaudi, Torino 1974. (4) In respect of the relation between deregulation and take off of the New Economy, see K. Ohmae, Il continente invisibile, Fazi, Roma 2001. C a r l o F o r m e n t i - I n f o m e d i a t i o n a s a C o n s u m e r To o l 293 the advent of Internet has placed sellers and purchasers on the same level, in a “transparent” exchange in which both contracting parties have access to the same information. At the same time state-nations and intermediate bodies have lost ground vis à vis a “sovereign individual”(5) who can now offer his expertise, sell and buy goods and services, choose partners and allies outside any political, tax and ideological control. But this pattern, which has contributed to nurture the myth of a progressive and irreversible “disintermediation” of economic relations (everyone exchanges everything with everyone, without having to resort to intermediaries), cannot adequately describe the complex reality of Network Society. In particular, the “economicist” approach underestimates the scope and consistency of this new type of community links that computer nets have enabled to develop. Individualism on the net, so says Castells(6) – on the wake of Rheingold(7) and other authors – cannot be cut down to a collection of isolated individuals, but is a new type of social model, a system of social relations “focused” on the individual. The individuals select their relations on the basis of their affinities and build nets of personal links that can ensure sociality, support, information, sense of belonging and social identity. Although different both from those of traditional communities and those of modern social relations, these new relations are not by far “weak”: their independence from territorial restraints and the fact of placing one’s roots in a cultural humus made of elective affinities, makes them, rather, more solid and lasting. Relations between Network Society and New Economy, in fact, change in relation to the adopted point of view: in the neo-liberalist theory, the scenario is based on two basic entities, the individual on the one hand and the global market based on net technologies on the other, while all the political, social and cultural “filters” interposing between such entities tend to disappear (we could say that the market embodies the net, considering it as a tool that can accomplish the perfect market utopia). From a “cultural” point of view, Internet, or rather social relations based on the net, on the contrary affects the market much more than the market affects Internet, and this is because the filters between an individual and the market, instead of disappearing, have multiplied, taking the form of those virtual communities which constitute the ground where the success or failure of any kind of business is decided. The second theory appears to be more credible if we consider that when capitalism launches off to conquer Internet, it will have long abandoned the Ford pattern, based on the mass production of goods and services for an undifferentiated public. The fordist process, the shifting of emphasis from production to consumption, the attention for niche markets, etc. change the culture and organisation of (5) See J.D.Davidson, W. Rees-Mogg. The Sovereign Individual, Simon & Simon, New York 1997. (6) See op.cit. (7) See H. Rheingold, Comunità virtuali. Parlare, incontrarsi, vivere nel cyberspazio, Sperling & Kupfer, Milano 1994. 294 Da costo a risorsa - Attività produttive e protezione dei dati personali corporations, inducing them to focus their energies on controlling the consumer rather than the worker. But to control a consumer does not only mean selling him something, it also and especially means establishing a lasting relation, making him loyal and involving him in the development of goods and services. And when virtual communities are born this “philosophy” is obliged to make a further quality step, standing up to a challenge at the same time rich in opportunities and risks. The latter stem from the fact that the aggregation logics of virtual communities – with the exception of cases in which they are born on initiative of the corporations themselves, as communities of experts or fans of a given product – turn out to be completely independent from the market logics (with which they are often in conflict). There is a long list of examples of this: from the adverse word-of-mouth on the quality of a service to the birth of free exchange circuits of products capable of jeopardising whole industrial sectors (see the case of Napster); without forgetting the expedited flow of information which enables to explore a wide range of alternatives, intensifying competition, lowering prices and weakening relations between customers and a company based on trade mark. At the same time, virtual communities represent a precious source of information on the tastes and preferences of consumers, and to the extent to which one obtains their trust, the nature itself of relations between client and corporation can be transformed from a simple economic transaction to a human relation which enters, as such, in the chain of value. This is true to such an extent that authors like Jeremy Rifkin(8) have warned us on the risk of commodifying human relations, while it is always on this ground that the major challenges concerning the privacy problem arise. This paradoxical entwine of alliances and conflicts between corporations and consumers has crossed two stages in its development. At the dawn of Net Economy, the convergence of interests prevailed: on the one hand, for the corporations the virtual communities represented an extraordinary source of ideas, projects and suggestions, contributed to testing and improving products and services, acted as amplifiers and diffusion channels of information and news concerning goods and corporation trade marks; on the other, corporations in turn offered the communities news and useful information, made available – often free of charge – their know how and expertise on the object of interest around which a community had formed, etc. This is the stage which nurtured the theory on the development of an economy of know how in which “everyone wins”, because all the parties in cause have something to gain in the mutual exchange of information(9). It is the stage in which virtual communities often work as real incubators for the start-ups. The second stage, instead, developed when the number of Net Economy corporations start(8) See j. Rifkin.L’era dell’accesso. La rivoluzione della New Economy, Mondatori, Milano 2000. (9) See K. Kelly, Nuove regole per un mondo nuovo, Ponte alle Grazie, Milano 1999. C a r l o F o r m e n t i - I n f o m e d i a t i o n a s a C o n s u m e r To o l 295 ed dropping and their size started increasing – an expedited selection and concentration process of the still on going economic crisis. And while some trade marks were consolidated and succeeded in building real “niche monopolies”, and while the colossals of the traditional economy made their entry in the e-business market, the successful corporations managed to concentrate in their hands huge data base of information on their customers, and it is at this point that the pendulum started to swing in the direction of conflict. For Net Economy corporations, their relations with the virtual communities is in fact in the first place a means for reaching a goal, which consists in collecting as much information as possible on the individual members of the communities, and in reprocessing it for marketing purposes. The majority, if not the totality, of business patterns are based on the capacity of collecting personal data and developing personalised profiles on single consumers, hoping to accomplish the ideal marketing, one-to-one pattern, that would enable to mould products on the specific needs of single individuals. But it is at this point that the means and ends enter in conflict: in order to “serve” consumers, so the corporations say, we have to know everything on them, the waiver of their privacy is thus the price consumers have to pay to get goods and services that actually meet their needs. However, consumers are not interested at all in accepting this one to one relation with corporations, well aware that their identity, skills and know how were not built all alone, but acquired inside a network of relations with other members of the virtual community where they belongs. And the community has also taught them that, in as much as individuals, their relations with corporations are asymmetrical: even if Internet enables consumers to acquire more information on corporations than it was possible in the past, corporations continue to know many more things on consumers than consumers know on corporations. In a community, instead, information and know how circulates to enable members to look for and find what they want at the best quality/price ratio, and to free themselves form the tyranny of the trade mark. Lastly, the community offers its members the chance of comparing their adverse experience on spamming, cookie, tracing software, personal data sale, etc, and to exchange technologies to protect themselves from these plagues. In one word, the community is the place where the mistrust in corporation “betrayals” flourishes. It is Manuel Castells(10) who uses this word. This is how he defines the breach in cultural solidarity featuring the dawn of Net Economy, when virtual communities and corporations formed a libertarian front to counter governmental efforts to control the Net. What worried at the time was not the data mutually exchanged to favour the development of technologies, nets of relations and projects, but the governments’ intent to win back the share of power over citizens and corporations (10) Op.cit. 296 Da costo a risorsa - Attività produttive e protezione dei dati personali which they had lost with the advent of Internet. Corporations breached the libertarian front accepting to provide governments the means to accomplish their supervision plans. This basically occurred for two reasons: 1) the need to reap stricter laws protecting intellectual property, jeopardised by content napsterisation phenomena – and subsequently the need to breach the privacy of users and consumers to identify possible breaches of law, 2) the intent of obtaining free hand on personal data acquisition, processing and sale. However, today we are entering a third phase, which is taking shape in so much as the corporations are realising the consequences of the lack of trust that they themselves brought about, and that is growingly turning against them. So the Direct Marketing Association, after having opposed any kind of antispam law for years, started to urge the US Congress to launch a law against wild marketing practises; so Microsoft has launched its Trustworthy Computing policy to neutralise the diffidence that consumer associations had expressed vis à vis the Passport Service; so Yahoo has included an antispam tool in its services of electronic post; so many major corporations say they are willing to adopt the permission marketing principles(11), and send promotional messages exclusively to consumers interested in receiving them. It is the data concerning the devastating side effects of the more aggressive and unscrupulous marketing policies that have caused such “feelings of repentance”: a report of the Federal Trade Commission estimates business losses in 2001 at 18 billions, caused by transactions interrupted by consumers, irritated by the request of providing their personal data; the magazine Wired reveals that 31% of American surfers change e-mail address at least once a year to avoid receiving undesired post, and notes how such conduct causes serious damage to e-commerce, making data base collected with great effort during the years unusable; lastly, anticookie technology is rapidly spreading: software to remain unnamed during surfing, antispam filters, tools to make anonymous payments, etc. The new policies adopted by corporations to tackle these problems have a fundamental limit: they try to win back consumers’ trust by establishing relations with single individuals, and ignoring the communities where they belong. This approach shows how they have not yet grasped that image campaigns and solemn promises are not enough to convince consumers, whom, after having been burned so many times, are not willing try on their skin the reliability of these reassurances. In other terms, trust is not an asset that can be “produced” or “sold” by corporations. It is an asset generated spontaneously within the communities, and which can be used by corporations only if they in turn accept to expose themselves to the opinion of the communities, and not only to that of individual consumers. Let’s get to the point then: is there an economic incentive which can favour this further step? Can (11) See S. Godin, Permission marketing, Trasformare gli estranei in amici e gli amici in clienti, Parole di Cotone, Milano 2000. C a r l o F o r m e n t i - I n f o m e d i a t i o n a s a C o n s u m e r To o l 297 the concept of privacy as a resource become something more than a simple propaganda slogan? Is there a business model that can include the production of trust in the chain of value? Some marketing scholars, like John Hagel III(12), answer affirmatively and launch the idea of infomediary. The concept of infomediary has been written in the wane of the utopia of a universal and generalised access to human knowledge ensured to all by an electronic hyper text. When Ted Nelson’s(13) dream is turned into reality by the World Wide Web, its intrinsic limit becomes evident: the terrific inflation of data flowing in computer nets makes it difficult to access really significant information. Search engines, theme portals and the other filters developed by online journalism (a profession which growingly diverges from traditional journalism, as the web log phenomenon shows), represent just as many other models of infomediary. John Hagel III has developed a further model in relation to e-commerce problems; a model which starts from the criticism of the scholars supporting the theory of a perfect market; it is not true that Internet cuts down the role of intermediary, giving the sellers the chance of directly reaching the purchasers and vice versa. Even the search for commercial information, the comparison of quality/price between different products, the search for data on consumer tastes and trends, advertising communication, etc. call for intermediation functions capable of ruling the tremendous complexity of the Web. That is why, thanks to consumer communities which have arisen around their networks, giants of the Net Economy like Amazon, Yahoo! and eBay have succeeded in taking on the role of “certifiers” of the trustworthiness of products and services of other corporations. And that is why, an increase in the gap between marketing and consumer interests goes hand in hand with an increase in the request for assistance on behalf of a consumer aware of not being able to negotiate with corporations in as much as an individual. John Hagel III, says that trusted agents should be the ones to meet such demand, and do the business instead of the consumer. These “consumer agents” should have the task of thoroughly knowing the wishes, needs and preferences of their customers, as well as a whole number of personal data (from income to personal details), and then compare this information with the information provided by corporations operating on the market. The objective of all this consists in creating a kind of “inverse market”: you do not start from the goods and prices fixed by the corporations, bur rather from the needs of consumers and the amount they are willing to spend to satisfy them. In order to play his role, an infomediary should be able to spy his client – obviously with his consent, and assuring him that no one else will get hold of his data – so as to sketch out a profile as accurate as possible. Furthermore, he should provide his (12) See J. Hagel III, Net Worth, Apogeo, Milano 2001. (13) See. T. Nelson, Literary Machine, Muzzio, Padova 1992. 298 Da costo a risorsa - Attività produttive e protezione dei dati personali client useful tools (software, training, advice, etc.) to protect his privacy. To sum up, if a consumer wishes to buy a given product or service, an infomediary explores the net in his stead, 1) helping him get the best possible price, and 2) avoiding him being exposed to the seller’s request for data. In short, an infomediary does not sell anything, he just provides a service remunerated with a percentage on the price of the purchased goods. Or we could say that an infomediary sells trust: to consumers, protecting them from a breach of privacy they would get if they got in contact with the sellers, and to corporations, the chance of selling goods, which they would not have otherwise sold because of the consumers’ diffidence. My first comment is that this type of service has already been provided, in different forms, by a number of corporations: just think of the financial infomediation services provided by the banks, or the travel agencies and the book clubs. Even more significant is the case of eBay, a trade mark that, de facto, sells nothing else but “trust”, in the sense that it puts a “protected” virtual milieu at the disposal of its users, where transactions (in this case, the auctions) are carried out without risks, where the purchasers and the sellers feel protected from frauds, swindles, privacy breaches, etc. . The major portals too, such as AOL, MSM and Yahoo! perform the task of infomediary and assure the security and privacy conditions accompanying online transactions. But here comes my second comment: these “places” of the virtual market coincide with those gateways presided by gatekeepers that Jeremy Rifkin(14) claims to be the agents commodifying human relations: both if they stay the “hybrids” that they are now, and if they develop into the forms of “pure” infomediary suggested by John Hagel III, these corporations control the access modalities and conditions of the Net users. But who controls the controllers? Surely an isolated consumer cannot negotiate due to the information asymmetry featuring his relation with corporations, but by delegating the protection of his privacy to a third party, with which he would have a just as asymmetrical relation, he would not improve his position. Then, let’s go back to square one: exclusively conceived as a business model, the production of trust would seem to be an impossible objective. Let’s get to the point then: economic interests may contribute to producing trust, but cannot replace those political-cultural factors which are still essential to solving the problem. The theory set forth here is that the concept of infomediary is credible only to the extent in which it is conceived as a functional articulation of virtual communities. This is what John Hagel III is aware of himself: not only because he indicates the virtual communities as the more probable candidates for taking on the role of infomediary, but also because he suggests the possibility for infomediaries to end up performing the role vis à vis consumers that trade unions carry out vis à vis work(14) Op.cit. C a r l o F o r m e n t i - I n f o m e d i a t i o n a s a C o n s u m e r To o l 299 ers(15). If millions of consumers could talk with one voice thanks to infomediaries, their capacity to affect corporate and government policies would become terrific, far greater than that of existing consumer associations. These powerful organisations would express the collective will of consumers, putting them in the condition of harassing corporations not only in matters of privacy, but also in respect of the safety of products, environmental and data protection, prices, assistance standards, compliance with civil rights in developing countries, etc. Obviously, the production of trust would no longer be a problem within organisations of this kind. The first solution could be that of a trade union engaged also in trade activities with a view to self-financing and putting pressure on negotiations with other corporations. An example of the kind comes from a pension fund like Calpers (California Public Employees’ Retirement System), supported by trade unions and the Democratic Party, which operates as a powerful lobby that can put pressure on legislative provisions and corporate policies. The Italian Lega delle Cooperative could become something similar, if it decided to extend its activities to the Net Economy field. Another concrete example is that embodied by the community of the opensource software users and developers, which has developed the expertise that has fostered the birth of corporations (such as Red Hat, SuSe, Caldera, etc.) operating in the software field, where users can compare the quality of various products through a wide network of sites, newsgroups, mailing list and web log, where whoever is capable of doing so, can contribute to changing the products and improving their quality, and where, lastly, obsessive attention is dedicated to technologies and know how required to protect privacy, defend the freedom of speech on the net, etc.. A third possible solution is that of a trade company capable of “co-opting” within itself a community of users responsible for solving the problem of trust. It is the case of eBay, the popular auction site which does not have to “guarantee” the safety of its selling space because it is the community of its users that certifies the reliability of individual agents through a self-managed rating system. To conclude, let’s summarise the theories set forth so far. 1) The depletion of the social relations accompanying the development of net communication does not bring about the disappearance of the forms of intermediate aggregation, nor the disintermediation of economic relations, but rather operates as the engine of a new sociality pattern, where the individual is at the centre of a network of relations based on affinities of interests, needs, passions, etc. that give life to virtual communities, which are in turn going to have a decisive weight in determining the success or failure of any business pattern (or in other words: Internet changes the economy far more than the economy changes Internet). 2) In the relation between Network Society and Net Economy (i.e. between communities and corporations) there have (15) See J. Hagel III, mentioned work. 300 Da costo a risorsa - Attività produttive e protezione dei dati personali been two phases: in the first phase, a co-operation based on the mutual exchange of know how and information prevailed; in the second, corporations have “betrayed” the alliance with the communities, focusing their energies on the collection, processing and sale of personal data of individual users-consumers. This betrayal generated in consumers a lack of trust that, together with other factors, contributed to disconcerting the Net Economy. 3) The corporations’ growing awareness that the lack of trust was turning against their interests has paved the way for a third phase: today the corporations have changed their policies, and are trying to comprise the production of trust in the chain of value; but this is done by giving priority to their relations with individual consumers, and they underestimate the role of communities as a place where more constructive relations between corporations and consumers can develop. 4) A new business pattern has been suggested to solve the problem: the infomediary, responsible for handling relations between consumers and corporations, protecting the privacy needs of consumers and allowing corporations to reduce the costs of the lack of trust. 5) Although this, in theory, is a good step forward, in practise, it has the limit of remaining anchored to relations between corporations and individual consumers. To overcome such a limit, an infomediary should be conceived not only as a business pattern but also as a new form of social aggregation, as a community having the task, among others, of protecting the privacy of its members. By so doing, trust would enter the chain of value of Net Economy “as a consequence”, that is, it would be produced in other socio-cultural milieus and then “exported” to the economic milieu. I would only like to add that the aforesaid scenario can only be credible if supported by adequate government policies. And this can take place in different forms: in the European context, it is easier to picture a framework where protocols between corporations and infomediaries take on the value of laws or public regulations (reproposing the method of the triangle between corporations, trade unions of workers and governments); within the American context, it is more realistic to think of a situation in which the corporations end up adopting rules of conduct reaped from the experience of the infomediaries, perhaps by developing deontological codes. Both ways, however, may work only in a political-cultural context embodying the right to privacy in the fundamental right of citizens. A context that, unfortunately, cannot be taken for acquired, or even for granted. C a r l o F o r m e n t i - I n f o m e d i a t i o n a s a C o n s u m e r To o l 301 Building Consumer Trust: Personal Data Protection as a Resource Mel Peterson (1) Abstract Procter & Gamble has recognized the business opportunity presented by providing personalized services and information to its consumers. The majority of consumers want personalization. Effective personalization depends on consumers to provide accurate information about themselves and their interests. But study after study has shown consumers to be concerned about their privacy, and that their concerns either prevent them from providing information or cause them to provide inaccurate information. To address this issue, Procter & Gamble has implemented a strong, global data protection program targeted to build an environment of trust, so that consumers willingly provide accurate information in return for the personalization and services they desire. Procter & Gamble’s privacy program covers personal information provided by any individual to P&G, whether it is from online, offline, or wireless sources. P&G policy is to treat information provided by an individual as that individual’s, which has been entrusted to P&G’s care. This simple policy leads us to do things that consumers care about with regard to data protection. P&G research confirms that consumers appreciate their data being managed according to Fair Information Practices of notice, choice, access, and security. Viewing information as a borrowed item naturally leads an organization to, for example, implement transparent notices, and provide choices about how information may and may not be used. Procter & Gamble has organized internally to deploy its privacy program throughout the organization. The P&G Privacy Executive reports to the ViceChairman of the Board, and leads the P&G Privacy Council, a team of 30 individuals appointed to lead privacy deployment in their organization. The company has created a “Privacy Central” web site containing all the company’s privacy guidelines and resources. Online privacy training has been deployed to all employees with a computer account, and privacy self-assessments are deployed periodically to all people who manage databases containing personally identifiable information. As a result of these activities, P&G has experienced very high participation in its online and offline direct marketing programs. The majority of people signing up for our programs give us permission to contact them with additional offers from other P&G brands – an indication they trust P&G. (1) Procter & Gamble Company – Usa 302 Da costo a risorsa - Attività produttive e protezione dei dati personali In summary, viewing privacy as a consumer issue, not just a regulatory or compliance issue, is paying dividends to Procter & Gamble and to our consumers. M e l P e t e r s o n - B u i l d i n g C o n s u m e r Tr u s t : P e r s o n a l D a t a P r o t e c t i o n a s a R e s o u r c e 303 304 Da costo a risorsa - Attività produttive e protezione dei dati personali M e l P e t e r s o n - B u i l d i n g C o n s u m e r Tr u s t : P e r s o n a l D a t a P r o t e c t i o n a s a R e s o u r c e 305 306 Da costo a risorsa - Attività produttive e protezione dei dati personali M e l P e t e r s o n - B u i l d i n g C o n s u m e r Tr u s t : P e r s o n a l D a t a P r o t e c t i o n a s a R e s o u r c e 307 308 Da costo a risorsa - Attività produttive e protezione dei dati personali M e l P e t e r s o n - B u i l d i n g C o n s u m e r Tr u s t : P e r s o n a l D a t a P r o t e c t i o n a s a R e s o u r c e 309 310 Da costo a risorsa - Attività produttive e protezione dei dati personali La Rete: fiducia degli utenti e sicurezza dei dati Claudio Manganelli(1) La diffusione dell’utilizzo della rete presenta ormai coefficienti di crescita esponenziali e, malgrado le molte delusioni imprenditoriali al di là e al di qua degli oceani, l’uso della rete é divenuto un must non più esclusivo del mondo imprenditoriale e della socialità tra individui, ma anche una necessità gestionale e di colloquio delle Pubbliche Amministrazioni tra loro, con le imprese, con i cittadini. L’ istituzione del Ministero per l’innovazione tecnologica ed il piano di finanziamento di oltre 130 progetti di e-governement approvati dal Ministero lo scorso mese di Ottobre e destinati a far crescere il livello di efficienza degli enti locali, dalle Regioni, alle Province, ai Comuni grandi, medi e piccoli, sino alle Comunità montane, confermano l’ormai inarrestabile impegno delle Pubbliche Amministrazioni nella improcrastinabile razionalizzazione dei processi amministrativi e nella volontà di avviare un dialogo più snello ed efficace con i cittadini. Al di là del corpo di norme predisposte in questi ultimi anni e facilitanti questo processo di ammodernamento, hanno da qualche tempo visto la luce alcune tessere fondamentali per la realizzazione di questa nuova architettura: il documento ed il protocollo elettronico, la firma digitale, la carta nazionale dei servizi; ora questi elementi vanno diffusi, resi usuali nella vita degli uffici pubblici, delle imprese, dei cittadini. Le potenzialità del sistema Ict sono ormai pronte ad assorbire l’esplosione dell’innovazione tecnologica. Un miliardo e forse molti di più p.c. nel mondo, 27 milioni di siti registrati, più di 2 miliardi di pagine registrate nel più usato motore di ricerca, 30 miliardi di e-mail giornaliere nel mondo e delle quali si stima un raddoppio nei prossimi quattro anni, questi i numeri sul piano planetario; la situazione italiana sta recuperando il divario di qualche anno fa: 14 milioni di utenti connessi ad internet, 60 miliardi di minuti di traffico telefonico dedicato alla rete, 64 miliardi di minuti per la fonia. Anche in Italia, il sorpasso é vicino. Questi dati sono stati forniti alcune sere fa dal Ministro Gasparri nel corso di un convegno e sono relativi al 2001. Essi sono la testimonianza che anche in Italia è in corso una marcia decisa verso la nuova economia, ove l’innovazione tecnologica é il necessario mezzo di trasporto. Ma nuova economia ed innovazione tecnologica, per poter procedere in modo armonico senza correre il rischio di provocare sacche di isolamento produttivo o eccessi di spesa, non possono prescindere da un processo di forte innovazione sociale. Ciò significa non solo introdurre intensi e convinti piani di formazione alle tecno(1) Autorità per l’informatica nella pubblica amministrazione - Italia Claudio Manganelli - La Rete: fiducia degli utenti e sicurezza dei dati 311 logie dell’informazione nel sistema scolastico, ma anche ricercare le migliori soluzioni organizzative e tecnologiche per avvicinare dette tecnologie alle classi meno giovani e meno colte; come si usa dire colmare quindi il digital divide. Operare in questo campo in modo disinvolto può aprire il varco ad un succedersi di fenomeni indesiderati e azioni criminose che finirebbero per provocare un rifiuto sociale del cambiamento tecnologico creando una barriera psicologica che potrebbe arrestare indefinitivamente la curva di sviluppo della nuova economia. Nel prefigurare uno scenario in cui multimedialità e tecnologia digitale diverranno sempre più pervasive, - basti pensare che la nuova generazione di Protocollo Internet Ipv6 consentirà di passare da un indirizzamento a 32 bit ad uno a 128 bit corrispondenti più o meno a 1500 indirizzi per metro quadro della superficie terrestre – si può comprendere come assumerà particolare rilevanza la protezione delle informazioni detenute dai singoli, siano esse le informazioni dei propri conti bancari, piuttosto che i valori del proprio stato di salute, piuttosto che il posizionamento della propria auto o del palinsesto home theatre che ciascuno si autoprogramma quotidianamente. Un utilizzo approssimativo della tecnologia Ict, fortemente orientato al consumo, come sta avvenendo con quelle di telefonia mobile, esporrà sempre più l’individuo in una sorta di Panopticon elettronico ove torre di sorveglianza e mezzo di intrusione nella sua vita sarà il fascio di comunicazioni interattive che lo raggiungeranno attraverso i diversi media. Ma rimaniamo nello scenario attuale in cui la Rete sta divenendo sempre più il sistema di scambio di informazioni, di accesso alle grandi banche dati, di esecuzione di transazioni e disposizioni finanziarie, di sviluppo di attività professionali e focalizziamone la sua attuale fragilità. Oltre 170.000 incidenti Web ufficialmente registrati dal Cert, dal 1988 ad oggi; più di 8.000 vulnerabilità da software negli ultimi otto anni (Cert), 5.580 attacchi di Hackers subiti nello scorso Agosto, di cui oltre 1.100 sferrati la domenica 18; va sottolineato che un incidente può interessare una semplice stazione p.c. ma può anche coinvolgere una Intranet e quindi provocare lunghe interruzioni di operatività. Ma a fianco di eventi distruttivi motivati da vandalismo, azioni di ciberterrorismo, puro esibizionismo cibernetico, si verificano moltissimi attacchi rivolti a carpire informazioni, per scopi di concorrenza commerciale piuttosto che per attuare frodi informatiche. Poi non vanno dimenticate le troppo abusate forme di attacco alle stazioni digitali; con questo termine voglio comprendere non solo i p.c. ma anche i palm e i cellulari di ultima generazione che consentono di interfacciarsi ad Internet; forme di attacco che sono entrate nella consuetudine dei service e degli application providers, abituali in tutto il mondo dei Web, finalizzate principalmente a carpire informazioni commerciali relative alle abitudini di vita del cibernauta, tramite strumentazioni quali cookies, 312 Da costo a risorsa - Attività produttive e protezione dei dati personali sniffing, tracking, hijacking, sino a raggiungere intollerabili azioni invasive delle caselle di posta elettronica con lo spamming; questi spyware appesantiscono il traffico in entrata e in uscita dai terminali nel corso di una connessione, catturando fiumi di bytes dagli hard disk e profilano l’utente per poi sottoporlo ad un bombardamento di banners ed e-mails promozionali. In particolare, negli Usa, lo spamming é diventato una piaga sociale: consultando il sito www.cluelessmailers.org/spamnews.html si può avere un’idea della fitta trama di interconnessioni che é stata tesa per commercializzare e dare valore alle informazioni che vengono pescate all’interno della rete; gli analisti statunitensi della rete stimano, in base alla crescita del traffico junkmail degli ultimi due anni, che nel 2004 il 25% del traffico sulla rete sarà di tipo non sollecitato. Cosa si aspetta allora il futuro cibercittadino? Innanzi tutto di poter dialogare con siti Web dove vi sia un elevato grado di affidabilità assicurato da una chiara identificazione del Titolare; dove il trattamento dei dati personali e la gestione delle transazioni siano fatte con correttezza e sicurezza secondo i dettami delle direttive europee e della normativa sulla protezione dei dati personali; dove tutto il ciclo del trattamento sia effettuato con etica e responsabilità; dove sia chiaramente espresso un indirizzo di accesso per richiedere controlli ed azioni correttive; dove sia possibile rivolgere reclami. È quindi tempo di operare in modo costruttivo e rapido per consentire alla new economy e allo e-governement di avere successo: se si scorrono le pagine dei giornali sono frequenti gli articoli che denunziano casi di abuso della rete ed in particolare a questo medium sono troppo spesso attribuite le colpe del crimine pedofilo. Certamente Internet é stato uno stravolgimento del modo di vivere delle società civili e attraverso di esso, con una errata sensazione di anonimato e di inviolabilità, si sono riversate attenzioni e passioni degli strati sociali più istruiti o più giovani: quando queste attenzioni provengono dai sentimenti più inconfessabili dell’animo umano ne può scaturire una miscela esplosiva che provoca ingenti danni alla società civile. Io stesso, quando mi assuefeci a questo strumento cogliendovi tutto il sapore della libertà spazio temporale, mi sentii far parte dell’allegra brigata della foresta di Sherwood, lontano dal Grande Fratello e dagli uomini dello sceriffo di Nottingham, poi il mio quadriennio nel Collegio del Garante mi fece capire i rischi che una totale libertà poteva provocare a questo fantastico medium. Quindi bisogna accettare che, ad una criminalità altamente tecnologica si contrapponga una sorveglianza altrettanto qualificata; ma questa ciberpolizia dovrà operare con tecniche e norme rispettose della dignità dei cittadini e della società democratica e non certo spingersi verso soluzioni del tipo Echelon o Carnivore degni di un cult movie quale “Nemico pubblico” di Tony Scott. L’utilizzo più comune di Internet dovrà invece essere protetto da una alleanza Claudio Manganelli - La Rete: fiducia degli utenti e sicurezza dei dati 313 tra istituzioni, imprese, i maggiori protagonisti della high tech e dei servizi Ict; diretta a mettere a punto le garanzie di sicurezza e protezione dei dati personali ed il rispetto della privacy; due concetti strettamente interconnessi che debbono essere perseguiti schierando in campo un articolato armamento di risorse: standard tecnici semplici e sicuri, sviluppo e diffusione di tecnologie rafforzanti la riservatezza e la sicurezza, un leggero pacchetto di norme di base, chiare ed omogenee tra loro, corredate dalle necessarie ed applicate sanzioni amministrative e penali, una più diffusa azione di autoregolamentazione fondata su convinti e rispettati codici deontologici. Infine sarebbe auspicabile che venisse intrapresa, almeno a livello della Commissione dei Garanti Europei - anche grazie all’azione dell’attuale presidenza italiana - una azione di coordinamento delle ormai numerose trade di certificazione dei Web. Si parlava di questo già nel 2000 con la Cnil francese: ora la Francia ha anche una agenzia, l’Atica - Agence pour le tecnologies de l’information e de la communication dans l’administration -, equivalente all’Aipa e quindi sarebbe possibile una azione coordinata, che nel nostro caso potrebbe coinvolgere anche il Mincom ed il Mit con la loro neoistituita commissione per la sicurezza al fine di mutuare la struttura di certificazione applicata alla firma digitale ed applicarla alla certificazione dei Web. 314 Da costo a risorsa - Attività produttive e protezione dei dati personali The Network: Users’ Trust and Data Security Claudio Manganelli(1) The use of the net today has drastically increased and, in spite of the disappointment of some businesses on all sides of the Oceans, the use of the net is no longer an exclusive must of the business world and the sociality between individuals, but has also become an operational requirement and a means for the Public Administration to communicate, with itself, the businesses and the citizens. The setting up of the Ministry for Technological Innovations and the funding of more than 130 e-government projects - approved by the Ministry last October and aimed at increasing the level of efficiency of local bodies, Regional and Provincial authorities, large, medium and small Municipalities, even mountain communities — confirm the relentless commitment of the Public Administration to rationalise administrative procedures and start a more expedite and effective dialogue with our citizens. Over and beyond the rules developed over the last years to facilitate this updating process, some basic tools have also been developed to implement this objective: the electronic document and protocol, digital signatures and the national charter of services; now these tools have to be disseminated, and currently used by our public offices, businesses and citizens. The potentialities of the ICT system are now ready for the explosion of technological innovations. A billion and maybe far more PCs in the world, 27 million recorded sites, more than two billion recorded pages in the more widely used research engines, 30 billion e-mails a day in the world, and this figure is expected to double in the next four years. These are the figures at a planetary level; the Italian situation is improving and recovering the gap recorded some years back: 14 million users have surfed Internet, 60 billion minutes of telephone traffic have been dedicated to the net, 64 billion minutes to telephony. These figures were provided some days ago by Minister Gasparri at a conference, and concern the year 2001. They show that Italy is definitely driving towards the new economy, and that technological innovation is the required means of transportation. But for the new economy and technological innovation to advance harmoniously without running the risk of causing sacs of productive isolation or expenditure excesses, they cannot be separated from strong social innovation. That means not only introducing intense and determined training programs on information technologies in the schooling system, but also looking for the best organisational and (1) Authority for Information Technology - Italy C l a u d i o M a n g a n e l l i - T h e N e t w o r k : U s e r s ’ Tr u s t a n d D a t a S e c u r i t y 315 technological solutions to approach the less young and educated classes to said technologies; as is usually said, to fill the digital divide. To operate in this field in a superficial way may open the way to a series of unwanted events and criminal acts that would end up making society reject technological change and creating a psychological barrier that could temporarily stop the development curve of the new economy. In a scenario in which multimedia and digital technology become all the more widespread – just think that the new generation of Protocol Internet Ipv6 will enable to pass from a 32-bit addressing to a 128-bit one, which more or less corresponds to 1500 addresses per square metre of the terrestrial surface – it is easily comprehensible how data protection, whether it concerns bank accounts or one’s health, will becomes particularly important, compared with the location of one’s car or the daily planning of one’s home theatre. An approximate use of ICT technology, strongly oriented towards consumption, as is the case of mobile telephony, will increasingly expose the individual to a sort of electronic Panopticon, where the control tower and the means of intrusion in his life will be represented by the range of interactive communications reaching him through the different media. But let’s go back to our current situation: the Net is increasingly becoming the system used to exchange information, access large data banks, carry out financial operations and measures and develop professional activities; however, the net also has its shortcomings: more than 170,000 Web accidents have officially been recorded by CERT since 1988; more than 8,000 software vulnerabilities have been recorded over the last 8 years (CERT), 5,580 hacker attacks were suffered last August, of which more than 1,100 on Sunday 18th; these accidents may affect a simple pc but also an Intranet, and thus cause long interruptions in the service. But besides these vandalistic episodes, cyberterrorist actions and pure cybernetic exhibitionism, many attacks are perpetrated to obtain information, for business competition purposes, rather than to commit computer frauds. We must not forget the numerous forms of attack to digital stations; these do not only include PCs but also palms and last generation mobile phones by which you can interface with Internet; these attacks have entered the everyday life of the services and application providers, the Web world, and are mainly aimed at obtaining business information concerning the ways of life of cybernauts, through instruments like cookies, sniffing, tracking, hijacking, and even unbearable invasive actions against e-mail boxes, by spamming; these spy-wares slow down traffic to and from the terminals during links, capture loads of bytes from the hard disk and capture a profile of the user so as to then bombard him with banners and promotional e-mails. In particular, in the Usa, spamming has become a social plague: by consulting the site www.cluelessmailers.org/spamnews.html you can get an idea of the close network of interconnec- 316 Da costo a risorsa - Attività produttive e protezione dei dati personali tions developed to market and give value to information fished inside the net; the U.S. Net analysts estimate that, given the increase in junkmail traffic over the last two years, in 2004 25% of the traffic on the net will be unsolicited. What can the future cyber citizen expect? First of all, to be able to link up with highly trustworthy Web sites featuring: clear identification procedures; personal data processing and transaction procedures made pursuant to European directives and laws on personal data protection; ethical and responsible data processing; clearly indicated addresses; possible inspections and corrective actions; and where it is possible to file complaints. So it is time to act constructively and quickly to enable the new economy and e-government to be successful: when reading through newspapers we often see articles reporting cases of network abuse and in particular of paedophilia crimes. Internet has certainly disrupted the way of life of civil societies and through it, has attracted the attention and enthusiasm of the more educated social classes or the young, wrongly thinking of being anonymous and inviolable: when this attention comes from the more unavowable sentiments of the human soul it may create an explosive mix that causes considerable damage to civil society. When I became addicted to this instrument, tasting all the flavour of its temporal space freedom, I felt I was part of the Sherwood forest happy brigade, far away from the Big Brother and the men of Nottingham’s sheriff, then the four years spent as a member of the Collegio del Garante (Board of the Data Protection Authority) made me understand the risks caused by that utter freedom to this fantastic medium. We have to accept that highly technological crime be countered by a just as qualified law enforcement; but cyber police will have to operate using techniques and rules that respect the dignity of citizens and democratic society, as they adopt should Echelon or Carnivore type solutions fit for a cult movie such as Tony Scott’s “Public Enemy”. Internet’s more common use shall have to be protected by getting institutions, companies, the major high-tech protagonists and ICT services to form an alliance aimed at guaranteeing security, personal data protection and privacy respect; two closely interconnected concepts that have to be pursued by producing a complicated armament of resources: simple and safe technical standards, development and dissemination of technologies that strengthen the confidentiality and security aspect, a streamlined packet of clear ground rules, in harmony with one another, accompanied by the required administrative and criminal sanctions, a more widespread action of self regulation based on assertive and respected deontological codes. Lastly, at least at the level of the Commission of Personal Data Protection Authorities, an action should be undertaken – also thanks to the current Italian Presidency – to co-ordinate the widespread Web certification trade. There were already C l a u d i o M a n g a n e l l i - T h e N e t w o r k : U s e r s ’ Tr u s t a n d D a t a S e c u r i t y 317 discussions on this back in 2000 with the French CNIL: now France also has an agency, ATICA – Agence pour les Tecnologies de l’Information et de la Communication dans l’Administration – which corresponds to AIPA. Consequently, a coordinated action could be possible, which in our case could also involve MINCOM and MIT with their newly formed Security Commission with a view to changing the certification structure of digital signatures and applying it to Web certification. 318 Da costo a risorsa - Attività produttive e protezione dei dati personali Quali regole tra libertà e sicurezza? Maurizio Gasparri(1) Il tema che affrontiamo è molto delicato. In un’era di continuo sviluppo della comunicazione, ricordiamo che in Italia si affermano la larga banda e la televisione digitale terrestre, aumenterà il lavoro di chi deve garantire un traffico corretto delle infomazioni. Da Ministro delle Comunicazioni, però, non mi sento una controparte. Anzi con il Garante della privacy e i suoi organismi ho dei rapporti eccellenti. Del resto chi deve mettere in campo nuove regole per moltiplicare la comunicazione, deve essere consapevole delle garanzie e dei controlli necessari. In questa sessione si è affrontato il rapporto tra l’impresa e la privacy degli utenti e dei consumatori. Il nostro Governo ha posto in primo piano la questione del contemperamento dei diritti di libertà della persona e del funzionamento del libero mercato, ritenendo queste necessità prioritarie. Se ne è discusso di recente anche a Bruxelles, nel Consiglio dei Ministri delle Comunicazioni, dove si è parlato di come regolare l’uso pubblico dei tanti dati, che sono a disposizione dei diversi Paesi, i quali spesso sono in commercio non sempre nel rispetto delle regole. A livello europeo, dunque, ci siamo posti il problema di stabilire quali regole darci per utilizzare questi dati che spesso finiscono poi per essere strumenti di politiche commerciali. In Italia come in Europa, dunque, sono queste le due chiavi, le due polarità. Da una parte la libertà di impresa; dall’altra la libertà della sfera privata del cittadino. Due situazioni che non si pongono in contraddizione ma specificano un rapporto di mutua implicazione. Sono, in definitiva, obiettivi che attengono alla politica economica, con risvolti anche di natura sociale. Come hanno chiarito le relazioni che ho ascoltato nel corso di questi giorni, lungi dal costituire un intralcio alla libera esplicazione del diritto d’impresa, il rispetto dei diritti fondamentali del cittadino può costituire una valorizzazione dell’attività economica, in armonia peraltro con i principi sanciti dalla nostra Costituzione. Vi è sicuramente, tra questi oneri, la libertà dell’iniziativa economica. Però è chiaro che questa azione non può svolgersi in modo da nuocere alla dignità delle persone. Del resto, il settore dell’ imprenditoria costituisce una delle principali attività attraverso le quali è assicurato il completo svolgimento della personalità umana e anche la partecipazione e l’organizzazione economica e sociale del Paese. Ma, ancora, è proprio la tutela dei diritti del cittadino, considerato come naturale consumatore, utente di beni e servizi, di prodotti offerti in regime di concorrenza e di (1) Ministro delle Comunicazioni - Italia Maurizio Gasparri - Quali regole tra libertà e sicurezza? 319 libera iniziativa, a costituire un criterio essenziale e garanzia dello svolgimento di un funzionamento efficiente del mercato. Questo sistema di protezione può assicurare non soltanto una corretta competizione e una pari condizione tra i vari soggetti sul mercato, ma costituisce anche un valore aggiunto per la fiducia che il consumatore può esprimere nei confronti delle offerte che gli vengono sottoposte. Per assicurare questi obiettivi non è necessario attivare alcun meccanismo di generalizzata identificazione dell’utente. In un regime di transazioni orientate al rispetto della privacy, infatti, è lo stesso consumatore a manifestare un suo interesse alla comunicazione d’impresa e a richiedere un bene e un servizio che sia orientato verso la salvaguardia dei suoi diritti, avendo avuto accesso ad una dettagliata e preventiva informazione messa a disposizione dall’azienda offerente. In questa prospettiva, la protezione della privacy è quindi una risorsa aggiuntiva del sistema di qualità. Lungi dall’evocare una dipendenza o una condizione di minorità, la posizione di consumatore implica l’esercizio di quella che potremmo definire una sovranità sociale, tale da esigere, nei confronti delle organizzazioni economiche che con essa vengono a contatto, una tutela particolarmente penetrante che compete a queste realtà. La logica fordista, in questo campo, è stata soppiantata. Tant’è che oggi si potrebbe parlare di una coincidenza della pienezza di cittadinanza con l’assunzione integrale della condizione di consumatore. La tutela del consumatore parte dalla tecnica della responsabilità civile come elemento principale della società mista. Per questo rappresenta un ammortizzatore legislativo che contribuisce ad una più flessibile risposta sistemica alle esigenze della produzione e dello scambio, non disciplinabili solo attraverso le tecniche e le regole del mercato. È noto, del resto, come il criterio del mercato faccia emergere con evidenza il problema dei costi transattivi e delle informazioni al consumatore. Sul terreno della privacy si susseguono i paradossi. Così il consumatore si caratterizza sempre più come destinatario e produttore di informazioni. Anche l’attività del Garante è fondamentale nella sua integrazione con questa dimensione del cittadino-consumatore, portatore di pieni diritti.E’ la stessa esistenza di questi organismi di tutela che ha sviluppato, proprio nel cittadino-consumatore, la coscienza di essere destinatario di ulteriori riconoscimenti. Riteniamo, quindi, che si debba considerare un diritto fondamentale il controllo delle modalità di circolazione delle informazioni. A chi si domanda, riprendendo un antico motto della cultura latina, “chi certifica coloro che certificano?”, ricordiamo che in Italia ci siamo dati una normativa, di origine comunitaria, che è composta dalla legge 675; dal Decreto 171 del ’98 sulla privacy nelle reti di telecomunicazione; dal Decreto 185 del ’99 sulle vendite a distanza, nonché dal diritto ad essere cancellati dalle mailing-list; dal diritto a non essere inondati dalle pubblicità anche via fax e via e-mail; dal diritto – così potremmo 320 Da costo a risorsa - Attività produttive e protezione dei dati personali definirlo - alla tranquillità e dal diritto a non ricevere campioni promozionali se non previa prestazione di un consenso. Nella stessa prospettiva di regolamentazione si è mosso il legislatore comunitario il quale, non intervenendo in maniera paternalistica, ma in materia dei diritti fondamentali, cerca però di rendere efficiente e trasparente il mercato dei beni e servizi attraverso l’attribuzione di posizioni giuridiche soggettive in capo ai consumatori e agli utenti. C’è, poi, una nuova direttiva europea, la 58 del 2002 sulle comunicazioni elettroniche. Questa ha previsto, all’articolo 13, che l’uso di sistemi automatizzati di chiamata senza intervento di un operatore, denominati dispositivi automatici di chiamata, è consentito soltanto nei confronti degli utenti che abbiano espresso preliminarmente il loro consenso. Si parla di telefax o della posta elettronica a fini di commercializzazione diretta, degli sms che in Italia hanno avuto tanto successo e degli mms o dei telefoni di terza generazione. Lavoriamo, dunque, per moltiplicare il lavoro di verifica e di controllo. Questa direttiva fa riferimento al preventivo consenso esplicito del destinatario, accordando preferenza all’opinione già espressa dai garanti europei, e recentemente, anche da molte associazioni di categoria del direct marketing in favore del sistema dell’opt-in. Negli ultimi Consigli dei Ministri Europei delle Comunicazioni si è discusso sull’utilizzo dell’opt-in o dell’opt-out, riguardo la necessità o meno, di autorizzare preventivamente la trasmissione di informazioni non sollecitate. La scelta dell’optin non ci esime comunque da valutare i limiti connessi con questa tecnologia. Lo spamming resta un fenomeno che esula dai confini dell’Unione Europea e che può avvalersi di servizi provenienti da qualsiasi parte del mondo. Il web è globale e quindi la difficoltà è quella di un controllo che non ci esime, però, dal compiere sforzi interni. Devo dire che, anche con scambi di idee con il Presidente Rodotà e con i membri dell’Autorità del garante per la protezione dei dati, come Ministro delle Comunicazioni ho contribuito a modificare in qualche misura alcuni orientamenti europei, anche sulla base della mia esperienza personale. Praticamente i miei predecessori non usavano la rete quindi non avvertivano il fastidio, della ricezione e della successiva cancellazione di tanti messaggi inutili. Quindi, anche sulla base della mia personale esperienza, essendo un fruitore della rete, ho maturato il forte convincimento che si dovessero, nonostante le difficoltà della globalizzazione, stabilire in Europa delle regole più precise. Per questo ho sposato questa causa. E devo dire che in sede europea si è poi aperto, anche grazie al contributo italiano, un orientamento più rispettoso del diritto del consumatore, pur sapendo poi che dell’altro capo del mondo ci possono arrivare 100 e-mail al minuto e sarà un pò difficile trovare strumenti di difesa. Però, intanto, facciamolo in un’area europea. L’utilizzo di banche dati, di indirizzi di posta elettronica di coloro che non desiderano ricevere informazioni non sol- Maurizio Gasparri - Quali regole tra libertà e sicurezza? 321 lecitate, le cosiddette black-list o l’utilizzo delle white-list per la raccolta di indirizzi e-mail di chi invece è disponibile a ricevere pubblicità, possono rappresentare un limite per lo sviluppo del direct marketing. L’una o l’altra scelta implicano delle chiusure o aperture troppo grandi. Sono certo, però, che il processo di maturazione delle tecnologie a supporto della privacy permetterà di scegliere in modo agevole quale tipo di pubblicità ricevere e quale no e, quindi, di superare gli attuali limiti delle black - o white lists. La pubblicità su misura potrà rappresentare un servizio ed un valore aggiunto, tanto per internet quanto per la televisione via satellite e per il digitale terrestre, se lo sviluppo delle tecnologie la renderà compatibile con la tutela dei dati personali e con le direttive comunitarie che noi, come Governo, abbiamo recepito in largo anticipo. Sarebbe però miope considerare tale evoluzione come segno di una sensibilità tutta europea e di un’attenzione solo burocratica al problema. Da molte contee degli stessi Stati Uniti l’inoltro di pubblicità via fax è stato considerato un illecito e fonte di risarcimento del danno. D’altra parte le stesse aziende specializzate nel marketing diretto hanno mostrato negli ultimi anni molta sensibilità per il valore della riservatezza del consumatore. Sono state, infatti, inaugurate anche forme di collaborazione con le associazioni dei consumatori per un monitoraggio permanente delle politiche di privacy che dovrebbe condurre, in un prossimo futuro, a strumenti di certificazione indipendente di qualità e ad una maggiore consapevolezza dell’uso della rete. Non si deve perdere di vista il fatto che, alla fine, la reazione del consumatore svantaggia anche la stessa offerta e quindi non dà un beneficio al mercato e a chi deve vendere. In conclusione il diritto ad essere consumatore come dato costitutivo dell’appartenenza ad un’organizzazione sociale diventa ineludibile. L’utente deve essere protetto e garantito, pena la violazione del principio di uguaglianza sostanziale sancito dalla nostra Costituzione. Non vi è dubbio alcuno che la garanzia della riservatezza è elemento essenziale per la possibilità di accesso al consumo di particolari servizi la cui fruizione connota profondamente l’essere cittadino e la possibilità di essere inclusi nella comunità. Mi pare che in questa luce il ruolo della legislazione sulla protezione dei dati risulti, in modo evidente, doppiamente rilevante, sia quale concretizzazione delle tradizioni politiche consumistiche, sia in quanto direttamente rinviante a quella Carta Europea dei diritti fondamentali che si avvia ad entrare a far parte delle scelte dell’Europa, in un quadro non tanto di difesa di posizioni deboli, ma di garanzia di libere scelte. Infine il tema della sicurezza. Noi abbiamo vissuto, nell’ultimo anno e mezzo, una particolare preoccupazione. Dopo l’11 settembre 2001 la comunità internazionale si è trovata ad affrontare un argomento delicato ed inevitabilmente prioritario. 322 Da costo a risorsa - Attività produttive e protezione dei dati personali Se è vero, come è vero, che il diritto alla riservatezza delle comunicazioni è un diritto primario per l’individuo, non possiamo non metterlo in correlazione alla necessità, anche essa prioritaria, di tutelare le popolazioni da azioni terroristiche che sempre più spesso fanno ricorso a tecnologie sofisticate, avvalendosi di frequente proprio delle reti di telecomunicazione e anche ovviamente della rete internet. Quindi, pur conoscendo e ribadendo in questa occasione la inviolabilità del diritto alla riservatezza del singolo, credo che tutte le istituzioni, i Governi, la Commissione Europea, le Autorità poste a garanzia della riservatezza, come quella in Italia, devono valutare le soluzioni normative che possano coniugare - in una fase che tutti ci auguriamo transitoria e destinata ad esaurirsi nonostante la cronaca mondiale non ci consenta facili ottimismi - la garanzia della privacy in un contesto in cui anche il valore della sicurezza torna prepotentemente in primo piano. In quest’ottica vanno ampliati controlli e verifiche, intesi come esigenze dello stesso cittadino che vuole vedere garantita la riservatezza e la sicurezza. In che modo combinare queste due esigenze è un compito che spetta a tutti noi assolvere. Su questo credo che bisognerà lavorare in futuro. Ringrazio molto per questa occasione e mi auguro che la collaborazione proficua tra il Governo e l’Autorità nel nostro Paese prosegua in maniera rispettosa delle diverse funzioni, così come è accaduto in questo periodo. Mi auguro che il contributo che proprio l’Autorità con questo convegno ha offerto a tutti noi che abbiamo responsabilità, nel mondo delle imprese, nell’organizzazione dei diritti dei consumatori, nei Governi e Parlamenti, possa proseguire anche in futuro, in modo da avere ulteriori spunti per le nostre azioni che devono tutelare valori, beni, diritti. Tutti fattori fondamentali per la nostra vita e la nostra attività. Maurizio Gasparri - Quali regole tra libertà e sicurezza? 323 Freedom and Security: What Rules? Maurizio Gasparri(1) We are dealing with a very sensitive issue. In an age of unrelenting expansion of communications – broadband services and digital TV are increasingly common in Italy as well – there will be additional work for those in charge of ensuring appropriate information flows. In my capacity of Minister for Communications, however, I do not feel I am a counterpart. In fact, I have excellent relationships with the Italian Garante and its agencies. Actually, he who is required to lay down new rules to further communications must be aware of the necessary safeguards and controls. This session addressed the relationship between businesses’ activities and users’ and consumers’ privacy. Our Government has brought the issue of reconciling individual freedoms and functioning of the free market to the forefront, by including it among its top priorities. This topic was recently addressed in Brussels as well, during the Council of Ministers of Communications, who discussed on how to regulate public use of the many data available in the individual countries – such data being often marketed in breach of the relevant regulations. Therefore, at European level we have dealt with the requirement of determining the applicable rules for using these data, which often end up being exploited as a tool for business policies. In Italy, just like in Europe, these are therefore the two key issues, the two sides of the coin: on the one hand, freedom of enterprise; on the other hand, freedom of citizens’ private life. These two concepts are not in conflict, but rather mutually related. We have to do with objectives that are ultimately related to economic policies, with implications of social character as well. As aptly clarified by the presentations made during this Conference, far from being an obstacle to freedom of enterprise, respect for citizens’ fundamental rights can actually enhance the value of economic activities – in line with the principles laid down in our Constitution. Freedom of enterprise is undoubtedly included among such principles. However, economic activity should obviously fail to harm human dignity. Indeed, economic enterprise is one of the main activities ensuring full development of human personality as well as participation in a country’s social and economic organisation. On the other hand, exactly the protection of citizens’ rights – citizens being consumers, users of goods and services as well as of products that are offered according to competition and free enterprise rules – is to be regarded as a fundamental criterion to guarantee effective market operation. (1) Minister of Communications - Italy 324 Da costo a risorsa - Attività produttive e protezione dei dati personali Such a system of guarantees can ensure not only fair competition and equality of status among market stakeholders, but is actually an added value on account of the trust consumers can have in the offers submitted to them. In order to achieve these objectives, there is no need for generalised user identification mechanisms. Indeed, within the framework of privacy-compliant transactions consumers themselves can indicate their interest in business communications and request goods or services that are oriented towards safeguarding their rights – following detailed, prior information as provided by the businesses offering those goods or services. In this regard, privacy protection is an additional resource for a quality system. Far from playing a dependent or minority role, consumers are entitled to exercise what might be referred to as their social sovereignty – which warrants especially thorough protection in respect of the economic actors having contacts with them. The fordist approach has been superseded in this context. Indeed, nowadays one might argue that full citizenship is superimposable to achievement of full consumer status. Consumer protection starts from a civil liability approach, being a basic component of the mixed society. This is why it can be regarded as a regulatory dampener contributing to increased flexibility of system responses to production and trade requirements – which cannot be regulated exclusively via market techniques and rules. On the other hand, market-based criteria are known to bring up the issue of transaction costs and consumer information. Paradoxical features are increasingly typical of privacy issues. Consumers are growingly to be regarded as both recipients and producers of information. The Garante’s activity is also fundamental as it integrates this pattern in which consumers-citizens are holders of full-fledged rights. The very existence of these supervisory bodies raised awareness in consumers-citizens of their being entitled to further rights. Therefore, we believe that controlling the way in which information is disclosed is to be considered a fundamental right. If one wonders – after an ancient saying of Latin culture – “who will certify certifiers”, he/she ought perhaps to remember that in Italy there are regulations based on Community legislation, including Act no. 675/1996, legislative decree no. 171/1998 on privacy and telecommunications networks, decree no. 185/1999 on distance selling as well as the right to have one’s name erased from mailing lists, the right not to be flooded by advertising material via facsimile and/or e-mail, the right – so to say – to be left alone and the right not to receive promotional samples except on the basis of one’s prior consent. This is the regulatory framework also applying to the approach of Community law-makers, who have attempted to increase market effectiveness and transparency without paternalistic measures, though by taking steps in connection with fundamental rights – by granting individual rights to both consumers and users. Maurizio Gasparri - Freedom and Security: What Rules? 325 There is also a new European directive to consider, i.e. Directive no. 58 of 2002 on electronic communications. Under Article 13 of this Directive, use of automated calling systems without operator assistance – the so-called automated calling devices – is only allowed with regard to users that have given their prior consent thereto. This applies to facsimile and e-mail messages used for direct marketing purposes as well as to SMS texts – which are so successful in Italy –, MMS and thirdgeneration mobile phones. Thus, we are working to multiply supervisory and control activities. The Directive I mentioned refers to the recipient’s prior explicit consent, which is in line with an opinion given by European data protection authorities as well as with the stance taken more recently by several direct marketing associations, which are in favour of an opt-in approach. During the latest Councils of the European Ministers of Communications, the opt-in/opt-out dilemma was much debated in connection with the need for prior authorisation to transmit unsolicited information. Adoption of an opt-in approach does not rule out the need to consider the limitations this technology is fraught with. Spamming is a phenomenon that goes beyond EU borders and can take advantage of services originating from anywhere in the world. The global features of the web make it difficult to control, which does not rule out the need for us to make the necessary efforts. I must say that, also thanks to the exchange of views with Professor Rodotà and the members of the Italian data protection authority, I have contributed to somewhat modifying Europe’s position in respect of certain issues in my capacity of Minister of Communications – also on the basis of my personal experience. My predecessors practically did not use the network, therefore they could not be bothered by the fact of receiving and having to erase a lot of useless messages. Therefore, also based on my personal experience as a network user, I have come to believe deeply in the need for Europe to lay down more detailed rules despite the difficulties related to globalisation. This is why I have joined in this cause. And I must say that, partly thanks to the contribution given by Italy, a stance has been developed at European level that is more mindful of consumer rights – although we should be aware that perhaps 100 e-mails per minute could reach us from the other side of the world, which makes it rather difficult to devise suitable defences. Still, let us start reacting as Europeans. The fact of using databanks including the e-mail addresses of individuals who do not wish to receive unsolicited messages – the so-called black lists – as well as the creation of white lists to collect e-mail addresses of individuals accepting unsolicited advertising material may restrain the development of direct marketing. In either case you end up adopting an excessively restrictive or, as the case may be, permissive approach. However, I am sure that maturation of privacy-supporting technologies will allow selecting quite easily what 326 Da costo a risorsa - Attività produttive e protezione dei dati personali advertising is to be accepted or not by overcoming the current limitations of white and black lists. Customised advertising will eventually represent an added-value service both for the Internet and for satellite television or digital terrestrial services – if technological development makes it compatible with both personal data protection and the Community directives our Government has transposed well in advance of the relevant deadlines. However, it would be a narrow-minded view one that considers this evolution to reflect an exclusively European sensitivity as well as a merely bureaucratic approach to this issue. Forwarding advertisement material via facsimile is considered unlawful in many US counties, so much so that it entitles to compensation for damages. On the other hand, businesses specialising in direct marketing have been showing considerable awareness of the value of privacy for consumers during the last few years. Indeed, cooperation initiatives with consumer associations have been implemented with a view to permanently monitoring privacy policies, which is expected to result shortly into developing independent quality certification tools as well as greater awareness of network uses. One should not overlook the circumstance that consumer reaction is also prejudicial to offer, and therefore that it produces no beneficial effects either for the market or for those wishing to sell their products. To conclude, the right to be a consumer as a fundamental component in belonging to a social organisation is becoming inescapable. Users should be protected and safeguarded, otherwise the equality principle enshrined in our Constitution would be violated. Safeguarding privacy is undoubtedly fundamental to ensure consumer access to certain services that are an integral part of the status of citizen as well as a prerequisite for being a member of the social community. I believe that data protection legislation can play a key role in this perspective, for two main reasons – i.e. both because it incorporates traditional consumer policies and because it is directly related to the European Charter of Fundamental Rights, which is becoming a component of the choices made by Europe not so much in order to defend weak positions, but actually to ensure freedom of choice. Finally, the security issue should be considered. We have been facing specific concerns for the past year and a half. After 9/11 events, the international community had to address a difficult issue that was inevitably a top priority: if it is unquestionable that the right to confidentiality of communications is a fundamental human right, one should not fail to consider this right against the background of the – equally fundamental – need to protect our peoples against terrorist activities, which make recourse increasingly to highly sophisticated technologies and often make use exactly of telecommunications networks – including the Internet. Therefore, though aware of and reaffirming the inviolability of the right to in- Maurizio Gasparri - Freedom and Security: What Rules? 327 dividual privacy, I believe that all institutions, Governments, the European Commission and the data protection authorities such as the Italian Garante should take into consideration regulatory solutions that allow reconciling privacy safeguards and security requirements, in a phase we all hope will be a transient one covering a short time span – although world events do not appear to leave much room for optimism. In this regard, controls and checks should be enhanced because this is the request coming from citizens, who wish to be assured of both their privacy and security. How to reconcile these two requirements is a task we all are called upon to discharge. I think this will be a matter for future work. Let me express my thanks for having provided me with this opportunity; I do hope the fruitful cooperation between Government and the Garante will continue by respecting our functions, as it has been the case so far. I hope the contribution given by the Italian Garante through this Conference to all of us, who are in charge of specific tasks in the business world, in organising consumer rights, in Governments and Parliaments, will also be available in future – so as to provide additional inputs for our initiatives, which should safeguard values, goods and rights as fundamental components of our life and activity. 328 Da costo a risorsa - Attività produttive e protezione dei dati personali Contributi S ESSIONE IV P RIVACY E SVILUPPO ECONOMICO : SOLUZIONI E PROSPETTIVE Sessione IV – Privacy e sviluppo economico: soluzioni e prospettive Globalizzare le garanzie Stefano Rodotà (1) La sessione finale di questa intensa conferenza, anche per la presenza di interlocutori importanti come Cliff Stearns e Mozelle Thompson, suggerisce una indicazione proiettata verso il futuro. Come esiste un transatlantic business dialogue, ritengo sia venuto il momento di pensare ad un transatlantic privacy dialogue. Poiché il titolo di quest’ultima sessione è “privacy e sviluppo economico: soluzioni e prospettive nella dimensione globale”, vorrei limitarmi a sottolineare quello che è avvenuto nel mondo per effetto della attenzione sui temi della protezione dei dati imposta da diversi fattori, non soltanto da quelli più comunemente richiamati, cioè le innovazioni scientifiche e tecnologiche. Sinteticamente, toccherò quattro punti. Siamo partiti da una constatazione comune: che la privacy da diritto periferico è diventato oggi un diritto centrale nei diversi settori giuridici; da diritto in penombra, come lo definiva la giurisprudenza della Corte Suprema degli Stati Uniti, è diventato un diritto che illumina molti settori dell’ordinamento; da un diritto che sembrava simboleggiare l’isolamento della persona nella comunità è divenuto un diritto necessario per stabilire legami sociali. Mi limito a ricordare che ormai il riferimento alla privacy è corrente quando si pone il problema della libertà di manifestazione del pensiero, da esercitare al riparo dal rischio che raccolte di dati sulle opinioni espongano a discriminazioni o a stigmatizzazioni sociali. La privacy si presenta, poi, come componente della libertà di associazione, evitando che le liste degli aderenti siano acquisite illegittimamente, divulgate illegalmente, con possibili effetti negativi per chi vuole agire liberamente in comune con altri. Costituisce una precondizione di diritto alla salute. Senza riservatezza dei dati sanitari, in particolare nei casi di malattie come l’Aids, molte persone preferiscono non farsi curare. Vi è l’esempio americano della diminuzione del numero delle donne che accettano la somministrazione di un test per il cancro al seno: il rifiuto è determinato dal timore che questa informazione possa poi essere conosciuta dai datori di lavoro o dalle compagnie di assicurazione, con effetti negativi per quanto riguarda l’accesso o il mantenimento del posto di lavoro e la conclusione dei contratti di assicurazione. Vi è una scelta “tragica” tra mantenimento del posto di lavoro e salute. Solo la pienezza (1) Presidente Garante per la protezione dei dati personali - Italia Stefano Rodotà - Globalizzare le garanzie 331 della privacy, dunque, consente che il diritto alla salute - uno dei grandi diritti fondamentali di questa nostra epoca - possa essere rispettato. Questa è la premessa dalla quale siamo partiti, e questo convegno ci ha messo di fronte, in modo molto serio e molto significativo, al problema degli usi delle tecnologie. Vi è un modo di presentare la tecnologia che ha molto di mitologico, che la vede come la spada che procura ferite, ma è anche in grado di rimarginarle. In parte questo è vero. In tutti i cambiamenti tecnologici, c’è una prima fase in cui l’uso delle tecnologie è fortemente inquinante: questa volta non dell’ambiente fisico, ma dell’ambiente informativo, dell’ambiente delle libertà civili. Andando avanti e perfezionandosi le tecnologie, alcuni di questi effetti inquinanti vengono eliminati o ridotti, e tuttavia non possiamo pensare a una sorta di benefico e spontaneo mutamento della situazione grazie al solo fatto della tecnologia. Abbiamo visto e ci è stato detto che le tecnologie a tutela della privacy possono avere diversi effetti: strumenti di auto difesa del consumatore, strumenti per la produzione sociale di consapevolezza dei rischi della tecnologia, sigilli, certificazioni audit, rispetto a tecnologie particolari. Ma in questa impostazione vi è pure un rischio di autoreferenzialità: la tecnologia ci dice che è in grado con mezzi tecnologici, di risolvere i problemi della privacy; l’impresa ci dice che con l’auto-disciplina è in grado di risolvere i problemi della privacy; i consumatori parlano di un’autodifesa che consente di risolvere molti problemi della privacy. Devo dire che sono molto diffidente rispetto a tutte le impostazioni autoreferenziali, che in questo caso rischiano di oscurare la necessità di strategie istituzionali, economiche e politiche che integrino le diverse impostazioni: quella tecnologica, quella partecipativo, la disciplina di impresa. E, ovviamente, una strategia integrata richiede un intervento istituzionale; anche persone non sospette perché provengono da ambienti culturali che non hanno la propensione per la legislazione che sembrerebbe tipica del continente europeo, sottolineano ormai con molta forza la necessità di un ricorso alla legge. Naturalmente dobbiamo chiederci a quale tipo di legge vogliamo riferirci perché, quando facciamo riferimento oggi alla legge, ci riferiamo a qualcosa che non ha un unico significato. Una legge molto analitica, particolareggiata, è profondamente diversa da una legge strutturata per principi e criteri direttivi di carattere generale. È il tema sul quale richiamava l’attenzione Umberto Romagnoli, ricordando che vi sono settori - come quello delle relazioni di impresa, ma non questo soltanto - dove un’effettiva protezione dei dati richiede regole e procedure complesse, comprendenti anche diversi soggetti, perché questo ne aumenta l’accettabilità sociale, l’efficienza e anche la flessibilità, nel senso che cos’ si consente l’adeguamento a situazioni continuamente in movimento proprio per il carattere straordinariamente innovativo delle tecnologie. Dobbiamo, quindi, affrontare quest’altro tema: quali siano le tecniche di disciplina più adeguate, anche quando si fa riferimento allo strumento legislativo. Forse, il legislatore italiano non è stato così distratto o inconsapevole, come pure qualcuno ha detto, poiché nella disciplina della protezione dei dati ha congiunto principi generali 332 Da costo a risorsa - Attività produttive e protezione dei dati personali e regolazione analitica. Ed ha dato evidenza anche al problema della trasparenza. I due rappresentanti di due grandi autorità indipendenti italiane, il presidente della Consob e il presidente dell’Antitrust, hanno messo in evidenza come nei loro settori ci sia bisogno di trasparenza e che, quindi, i dati personali richiedano minor tutela per raggiungere un effetto importante che è quello del migliore funzionamento del mercato, compresa quindi la tutela dei consumatori, vista, in questo caso, anche come tutela degli investitori attuali o potenziali. Ora, i cinque anni di lavoro della nostra Autorità mostrano una attenzione particolare per i profili della trasparenza, con molti provvedimenti che disponevano che talune categorie di dati dovevano essere comunicate, dovevano divenire pubbliche. Qualcuno ironicamente si chiese se questa era un’autorità garante della riservatezza o della trasparenza. La verità è che abbiamo sviluppato indicazioni precise della legge n. 675, come quelle contenute nell’articolo 12, comma 1, lettera f), dove si dice che non è necessario il consenso degli interessati per trattare i dati che riguardano le attività economiche, purché siano rispettati il segreto aziendale e industriale. Dunque, i dati economici hanno nel nostro sistema un più basso grado di tutela proprio per far sì che altre finalità e altri valori, come il corretto funzionamento del mercato o l’uso corretto delle risorse pubbliche, siano tutelati. C’è dunque già nella legge una risposta a questa esigenza e questo spiega, per esempio, i rapporti di collaborazione e non di conflittualità con la Consob, come ricordava Luigi Spaventa. Bisogna peraltro tener conto del fatto che oggi nel mondo si confrontano, e non solo nella materia della protezione dei dati, due modelli: uno messo a punto nell’Unione Europea, l’altro storicamente elaborato negli Stati Uniti. Il primo ha sempre più nettamente considerato la privacy come diritto fondamentale, mentre la tradizione americana non è altrettanto esplicita. Ricordato questo aspetto, vorrei segnalare un’altra questione. Abbiamo sentito fare molti riferimenti all’analisi economica del diritto che, tuttavia, non è solo Richard Posner, ma anche, per esempio, Guido Calabresi. Ci sono diversi modi di utilizzare l’analisi economica del diritto: uno che ritiene inquinanti del rigore dell’analisi tutti i riferimenti a valori diversi da quelli immediatamente riconducibili al calcolo economico; altri, invece, ritengono che valori di questo tipo, quali possono essere i diritti fondamentali, debbano essere presi in considerazione e l’analisi economica del diritto è solo uno degli strumenti per valutare la funzionalità del sistema, senza però escludere dal calcolo e dalla valutazione giuridica questi altri riferimenti. Non credo che possiamo liberarci dal riferimento alla privacy come diritto fondamentale. Da una parte c’è un problema di sincerità dell’Europa. L’Unione europea non può iscrivere nella sua Carta dei diritti fondamentali il diritto alla protezione dei dati personali, addirittura come diritto autonomo, distinto e strutturalmente presentato in modo più forte della tradizionale tutela della vita privata e familiare, e poi non trarne le conseguenze. Questo sarebbe un comportamento non solo insincero, ma contraddittorio e negativo sul piano istituzionale. Stefano Rodotà - Globalizzare le garanzie 333 Ma vi è un’altra ragione perché ai diritti fondamentali in generale, e non solo alla protezione dei dati personali, oggi si faccia così insistente riferimento. Proprio nella dimensione globale, ci rendiamo conto della povertà degli strumenti di tutela giuridica. La fine della sovranità nazionale nel regolare alcune relazioni (non tutte, stiamo attenti a non abusare del riferimento alla globalizzazione) diviene anche l’argomento per affermare che nessuno deve più regolare alcune materie, perché non c’è più la sovranità degli Stati. Il riferimento forte ai diritti fondamentali, come diritti della persona che accompagnano ciascuno di noi in ogni luogo del mondo e non possono essere negati, diventa lo strumento per consentire che, in una situazione nella quale il diritto tradizionale ha poca presa, la dimensione giuridica, vista come garanzia della persona nella sua totalità, possa mantenere una sua forza e una sua evidenza. Ci sono stati presentati due modelli di disciplina globale della privacy - che considero con grande interesse e con grande attenzione - da due grandi società multinazionali Daimler-Chrysler e Procter & Gamble, che ci hanno indicato quali sono le loro politiche, come si organizzano, come si diffondono sull’intero pianeta, quali sono le strutture di tutela e dunque producono un concetto di privacy che però è evidentemente e giustamente modellato sulle esigenze delle imprese e che però, pongono per questo solo fatto, il problema di discipline non affidate soltanto agli interessi economici. Concludo. C’è un problema dunque di bilanciamento di interessi. La privacy oggi è stretta tra mercato e sicurezza collettiva, soprattutto come si usa dire dopo l’11 settembre. In Italia noi abbiamo, per risolvere il primo problema, quello del rapporto con il mercato, delle indicazioni sulle quali noi lavoriamo sempre con grande attenzione. E’ stato ricordato l’articolo 41 della costituzione italiana che dice che l’iniziativa economica privata non può svolgersi in contrasto con la dignità umana. Il principio di dignità è iscritto nell’articolo 1 della nostra legge. Il problema della sicurezza: questo è un problema oggi drammatico che impegna le autorità in tutto il mondo. Io credo che dobbiamo tenere conto, ce lo ricordava ieri George Randwanski, dell’opportunità, della necessità, della finalità di eventuali misure restrittive della privacy per finalità di sicurezza. Ma anche quando noi facciamo una valutazione di finalità, dobbiamo avere due riferimenti che sono istituzionalmente obbligati. Il primo, lo sarà tra poco, ma già la Carta dei diritti fondamentali cammina nelle nostre organizzazioni sociali. Una delle disposizioni finali della Carta, dice che comunque dai diritti fondamentali proclamati, e dunque anche la protezione dei dati, non può essere mai eliminato il contenuto essenziale. Quindi, non è pensabile che per ragioni di sicurezza, possa essere azzerata la protezione dei dati personali. Il secondo, un testo questo vigente nell’ordinamento italiano come nell’ordinamento di molti paesi, la convenzione europea dei diritti dell’uomo del ’50, all’articolo 8 ci parla di tutela della privacy. Al secondo comma di questo articolo si dice che 334 Da costo a risorsa - Attività produttive e protezione dei dati personali sono possibili limitazioni per vari motivi, compreso quello della sicurezza della tutela della privacy, con misure compatibili con la natura di una società democratica, cioè con misure che perseguono questo obiettivo. Dunque c’è un secondo parametro di riferimento, da una parte il contenuto essenziale, che non può essere mai azzerato, dall’altra la compatibilità con un sistema democratico. Noi tutti sappiamo che per certi versi i sistemi autoritari possono anche essere più efficienti sul terreno del mercato, perché per esempio, negano le garanzie ai lavoratori e in questo senso abbassano i costi, negano, e ne abbiamo avuto l’esperienza, quando abbiamo scoperto i giganteschi archivi di stato dell’Unione Sovietica, e forse ancora di più, della Repubblica Democratica Tedesca controllando minuziosamente i cittadini. Dunque, i sistemi democratici si distinguono anche perché non fanno mai scendere le garanzie sotto una certa soglia. Concludo. Il professor Campisi ci lasciava ieri con un interrogativo: questi nuovi grandi sistemi che negli Stati Uniti si accompagnano alle nuove misure, quelle legate al cosiddetto “Total Information Awareness System”, saranno in primo luogo gestibili? Questa è una domanda tecnologica ma non solo, e poi non saranno utilizzati anche per finalità diverse dalla sicurezza? Il caso Echelon, sicuramente inefficiente per evitare gli atti di terrorismo, e però noi sappiamo efficientissimo per distorcere la concorrenza passando ad alcune imprese informazioni sui comportamenti dei concorrenti. E dunque c’è anche questo altro problema che tocca sempre questioni di democrazia. E un altro aspetto di risorsa democratica della privacy deriva dal fatto che non possiamo nello stesso tempo dire, come diciamo continuamente, come è stato detto anche oggi, che il terrorismo e la criminalità si servono di strumenti molto sofisticati e poi non renderci conto che la creazione di gigantesche banche dati, non difendibili con le misure che conosciamo, non siano anche uno strumento che, creato per ragioni di sicurezza, può far crescere la vulnerabilità sociale. Nel senso che mette a disposizione di violatori, tutt’altro che animati da buone intenzioni questo tipo di dato. Quindi noi ci troviamo tutti in una situazione di grande difficoltà. La discussione, io credo, è lo strumento necessario tant’è che io concludo dicendo che a Venezia, come è stato ricordato, noi ponemmo la questione di una convenzione internazionale, e allora le diffidenze erano molte, perché le intese erano viste come uno strumento autoritario. Nell’ultima visita negli Stati Uniti, come sa bene Cliff Stearns, abbiamo trovato delle modifiche importanti, tant’è che lì sono state proposte leggi federali per la tutela dei dati personali, discorso che all’inizio del 2000 sembrava improponibile. E dunque, io credo, che questa contrapposizione tra modelli, se noi ragioniamo su alcuni valori fondativi, possa anche sfumare. E che mentre l’Europa inventa una nuova generazione di codici di condotta, gli Stati Uniti considerano con maggiore attenzione l’uso dello strumento legislativo. L’ipotesi della dichiarazione di Venezia oggi potrebbe portare noi dopo questa conferenza a dire quello che diceva all’inizio, ma forse potrebbe servire un “transatlantic privacy dialog”. Stefano Rodotà - Globalizzare le garanzie 335 Globalising Safeguards Stefano Rodotà (1) The final session of this content-packed conference would appear to point to the future outlook – partly on account of the presence of important participants such as Cliff Stearns and Mozelle Thompson. Just like there exists a Trans-Atlantic Business Dialogue, I wonder whether it is not high time a “Trans-Atlantic Privacy Dialogue” were also set up. As the title of our final session is “Privacy and Economic Development: Solutions and Outlook in the Global Dimension”, I only would like to stress what has happened worldwide thanks to the attention paid to privacy issues – which is due to several factors, in addition to those most commonly referred to such as scientific and technological innovation. I will be very concise and deal with this by mentioning four main issues. We started from a consideration that is generally agreed upon, i.e. that privacy has turned from a peripheral right to a central right in the different legal sectors – from a twilight right, to quote the US Supreme Court, it has become a right shedding light on many areas of our legal system. From being a right that appeared to typify isolation of the individual in a community, it is becoming a right that is necessary to establish social ties. Let me just remind you that today privacy is commonly an issue whenever freedom of speech is considered, i.e. whenever the possibility to freely express one’s opinions without being the subject of, for instance, discrimination or social stigma is taken into consideration. Privacy is also seen as a component of freedom of association, in order to prevent unlawful acquisition and disclosure of member lists with possible negative effects on any individual wishing to freely act by joining forces with others. Privacy is a prerequisite for exercising the right to health. The protection of certain medical data, in particular those concerning diseases such as AIDS, is a prerequisite for a patient to let himself/herself be treated. There are data from the US showing, for instance, a reduction in the number of women accepting administration of breast cancer tests, which is due to their being afraid that this information may come to be known to their employers and produce negative effects leading to their being denied access to and/or dismissed from work as well as to increased difficulties in getting insurance coverage. A “tragic” choice has to be made between keeping one’s job and keeping one’s health. Only full-fledged privacy allows the right to health – another of the fundamental rights of this great period of ours – to be respected. (1) President, Italian Data Protection Authority 336 Da costo a risorsa - Attività produttive e protezione dei dati personali These are the premises we started from. This conference led us to face, quite seriously and significantly, the issue of how to use technology. There is a way of presenting technology that sounds very much mythological, whereby technology is both the sword that wounds and the sword that heals. This is true, in part. Just like with any technological change, there is a starting phase in which using technologies is a source of pollution – not so much as regards the physical environment, but in respect of the informational environment, the civil freedom environment. With the development and refinement of technologies, some of these polluting effects can be eliminated or reduced; however, one should not imagine a sort of spontaneous, beneficial change in status merely due to technology. We have seen and heard that privacy-protecting technology can produce diverse effects: consumer self-defence, tools to raise social awareness of technological dangers, seals, certificates, and auditing with regard to certain types of technology. However, there is a self-reference risk in following this approach – technology is telling us that it can solve privacy problems with technological solutions; businesses are telling us that they can solve privacy problems with self-regulatory solutions; consumers are telling us that there are self-defence strategies allowing many privacy-related problems to be coped with. I must confess that I rather mistrust all selfreferencing approaches, which here might fail to highlight the need for institutional, economic, and political strategies such as to integrate the different approaches – the technological approach, the bottom-up approach, and the self-regulatory approach. Obviously, any integrated strategy requires institutional measures to be taken. Indeed, persons above suspicion, i.e. persons belonging to cultural circles where there is no law-making flair such as that seemingly typical of the European continent, have forcibly stressed the need for legislation. Of course, one should clarify which kind of legislation one envisages; whenever law is referred to nowadays, something is meant that is far from commonly agreed upon. A very detailed, analytical law is quite different from a law organised according to general principles and guidelines. This was the issue to which Umberto Romagnoli drew our attention, when he said that in certain sectors – such as the employment context, although these considerations are also applicable to other sectors – effective data protection requires complex rules and procedures in which several entities should be involved, because this is a way to increase social acceptance, effectiveness, and flexibility – which means that it becomes easier to adjust it to the ever-changing circumstances resulting exactly from the highly innovative contents of technological development. We have therefore to address another issue – namely, what are the most appropriate regulatory techniques, also with regard to legislative instruments. Perhaps the Italian Parliament was not as absent-minded and unaware as was hinted, be- Stefano Rodotà - Globalising Safeguards 337 cause in setting out data protection regulations it strove to reconcile general principles and detailed rules by also stressing the transparency issue. The representatives from two major independent supervisory authorities in Italy – the Chairman of the CONSOB (the authority regulating the securities market) and the Chairman of the Antitrust authority – pointed out that transparency is a must in their sectors, therefore personal data would be entitled to less protection in this area in order to achieve an important result, i.e. improving market operation as also related to consumer protection (meaning, in this case, protection of actual and/or potential investors). I believe that the past five years of activity of the Italian data protection authority show that special attention has always been paid to transparency – there have been several decisions taken to order that some data categories should be disclosed and publicised. Indeed, it was asked ironically at a certain time whether our authority was in charge of protecting transparency rather than privacy. Truth is, we have been developing clear-cut indications set out in Act no. 675 such as those contained in its Section 12(1), letter f ) – whereby the data subjects’ consent is not required to process data concerning economic activities on condition that industrial and business secrecy rules are complied with. Therefore, economic data are protected to a lesser degree in our system exactly to allow achieving other purposes and upholding other values – such as correct operation of markets and appropriate use of public resources. The DPA therefore already provides a response to meet this requirement, which accounts for the cooperative (rather than antagonistic) stance in our relationships with CONSOB as mentioned by Luigi Spaventa. One should actually consider that two models are currently confronting each other in the world scenario – not only as regards data protection. To sum up, let us say that there is a model developed in Europe and another model that historically was created in the Usa. The former one has always regarded privacy more decidedly as a fundamental right, whilst the American tradition has been less explicit on this point. I am not going to dwell on this topic, however I would like to point to an additional issue. Reference has been made frequently to the law economics approach – but this approach should also take account, for instance, of the writings by Guido Calabresi in addition to those by Richard Posner. There are several ways to use the law economics approach. One of them considers this type of analysis to be negatively affected by the reference to values other that those immediately related to economic considerations; others believe, however, that values such as those related to fundamental rights should be taken into account – the law and economics approach being just one of the tools allowing system operation to be assessed, without excluding such additional components from economic analysis and juridical evaluation. 338 Da costo a risorsa - Attività produttive e protezione dei dati personali I believe we cannot do away with the consideration that privacy is a fundamental right. On the one hand, the sincerity of Europe is at stake. Europe cannot enshrine the right to personal data protection in its Charter of Fundamental Rights as an autonomous right which is actually separate from and more powerfully supported than the conventional right to protection of private and family life, and then refrain from drawing the relevant consequences therefrom – because in doing so, it would behave in an insincere as well as inconsistent and institutionally counterproductive manner. However, there is another reason why fundamental rights – not only data protection – are nowadays so often referred to. It is exactly in a global scenario where one can realise how poorly effective legal protection instruments are. The end of national sovereignty in regulating certain relationships – not all of them of course, one should be careful not to misuse the globalisation concept – may also give rise to the concept that certain issues are no longer liable to regulation by whatever entity since States’ sovereignty is a thing of the past. The reference to fundamental rights as personal rights we carry with us wherever we go and may not be thwarted is becoming a tool to allow the legal dimension – insofar as it is a means to safeguard the individual as a whole – to retain its strength and value within a framework in which the effectiveness of conventional law is limited. Two models of global privacy regulation were described to us as implemented by two major multinational companies – Daimler Chrysler and Procter & Gamble; I regard them as highly interesting and deserving of attention. The two companies provided us with an overview of their policies and organisation worldwide, of the way in which they ensure the protection of privacy and, therefore, produce a concept of privacy that is modelled, however, after their business requirements - quite sensibly and correctly. This very circumstance raises the issue of devising regulations that are not based exclusively on economic interests. Let me add some final remarks. We have to do, therefore, with balancing the interests at stake. Nowadays, privacy is squeezed between market requirements and public security, especially after 11/9. In Italy, guidelines are available to cope with the issue related to market; we have been working on those guidelines with the utmost care. Reference has been made to Article 41 of Italy’s Constitution, under which private enterprise may not be in conflict, for instance, with human dignity. The human dignity principle is also referred to in Section 1 of Italy’s data protection Act. The security issue is being faced by all the authorities all over the world, and I believe that, as stated yesterday by Mr. George Radwanski, we should take account of the advisability, necessity, and purposes of measures possibly restricting privacy for security purposes. Stefano Rodotà - Globalising Safeguards 339 However, two reference points should be regarded as institutionally mandatory also when taking account of the relevant purposes. One of them is related to the Charter of fundamental rights, which is already a feature of our social organisation. One of the final provisions in the Charter states that any limitations on the fundamental rights enshrined in the Charter – including, therefore, the right to personal data protection – must respect the essence of those rights. Thus, it is out of the question that the protection of personal data may ever be overridden in full for security reasons. Secondly, the 1950 European Human Rights Convention – which has been transposed into Italian law as well as into the domestic laws of many countries – refers to the protection of privacy in its Article 8. The second paragraph of this Article provides that limitations on privacy are possible on several grounds including security; however, the relevant measures must be compatible with those necessary for the above purposes “in a democratic society” – i.e. they should be measures serving the purposes of a democratic society. There are therefore two reference criteria to be considered – on the one hand there is the essence of the right, which may never be overridden, on the other hand there is compatibility with a democratic system. We all know that, to a certain extent, authoritarian systems may actually be more efficient in market terms – because, for instance, they grant no safeguards to employees and therefore reduce labour costs. We could experience this directly when the huge State archives in the former Soviet Union were discovered – perhaps this applies to an even greater degree to those kept by the German Democratic Republic, which allowed in-depth surveillance of citizens. Therefore, democratic systems are different also because they never let safeguards fall below a given threshold. Let me now come to my conclusions. As hinted yesterday by Professor Campisi, will the new systems to be implemented in connection with the “Total Information Awareness” scheme be actually manageable? This is a technological issue, but there is something more than that – will they be used for purposes unrelated to security as well? The Echelon case provides a significant example in this regard – we know that it proved undoubtedly ineffective to prevent terrorism, whilst it was quite capable to distort competition by disclosing information on competitors to certain companies. There is, therefore, another issue to be considered, which is related, once again, to democracy. Another facet of privacy as a resource for democracy is related to the circumstance that one should not say – as is often the case, indeed we heard these words spoken this very day – that terrorism and crime avail themselves of highly sophisticated tools, without also realising that setting up huge databases that cannot be secured via the tools available so far is bound to enhance social vulnerability rather 340 Da costo a risorsa - Attività produttive e protezione dei dati personali than security – as they can make available the data in question to offenders, who are far from well-meaning in their intentions. Therefore, we all are facing a highly difficult situation. I believe that a debate is necessary; indeed, let me conclude by recalling that during the International Conference in Venice we raised the issue of an international convention on privacy which proposal was received with some mistrust, agreements being regarded as authoritarian tools in this sector. During our latest visit to the US – as Rep. Cliff Stearns knows very well – we found major changes; indeed, federal bills have been proposed to protect personal data, which seemed impossible at the beginning of 2000. Therefore, this antagonism between different models is bound, in my opinion, to be very much softened if we consider some founding values. Whilst Europe is inventing a new generation of codes of practice, the US is paying greater attention to the use of legislative instruments. The suggestion put forward in the Venice Declaration might lead us nowadays, at the end of this Conference, to re-affirm what I said at the beginning; however, a “Trans-Atlantic Privacy Dialogue” might be helpful. Stefano Rodotà - Globalising Safeguards 341 Collective Rights and Interests: How to Harmonise Approaches and Safeguards Marc Rotenberg(1) I would first like to thank Prof. Rodotà and Mr. Buttarelli for having given me the chance of being here with you today; it’s a real honour and pleasure. I would like to address the economic aspect of the issue today. First of all, by giving you an overall view. I must say that I find this especially interesting not only because my wife is an economist and in fact we met at a discussion on the Coat theorem; but also because in the world of advocacy and expertise on privacy the trend has been to focus attention on the scope of human rights, and privacy based on human rights, so we have not taken advantage of certain available analytical tools. As an introduction, I will try to explain the traditional approach to the problem. When we talk of common standards in respect of privacy protection, we often refer to existing international instruments, like the OECD guidelines, the EU data directive, the Universal Declaration on Human Rights, which have rules and standards in common. When I was working as Counsellor of the US Senate Judicial Committee, it fascinated me to note that both our legal system, the various rules on privacy in all possible fields, as well as the various legal systems throughout the world, all embodied what would seem to be a common approach in respect of privacy protection. We could say that this results directly from the legal standards. But after having reconsidered the subject, I thought there must be something else to explain the common aspects in privacy protection. Many people have already addressed this issue. David Flaherty in the ‘80s and Colin Bennet in the early ‘90s identified some theories, one being a theory on commerce, which simply says that when business expands and local corporations have to comply with the local standards, then the trend will be to adopt standards in common. In fact, we have seen something similar with the impact of the EC data directive, which has led to the adoption of the Safe Harbour agreement, described by some as the rationalisation of privacy protection. Then there is a second theory based on technology, which says that when there is a common communications infrastructure, like a telecommunications network or Internet, then common technical standards will arise leading to different privacy protection in different regions. While the third theory concerns the role of the élite, which says that there may be conferences, like the one we are having now, where government representatives (1) EPIC – Usa 342 Da costo a risorsa - Attività produttive e protezione dei dati personali and experts from various parts of the world meet to exchange points of view, and that these meetings as well as any publication of common documents, will give rise to a common agreement on privacy protection. I think that, to a certain extent, all these theories are correct. But then there is another theory, that I would like to explore in detail with you - which has already been mentioned by a rapporteur this morning, and which pivots on the question of whether there is an economic basis to privacy? And when I say “economic basis”, I mean in the strict sense of economics. Does privacy protection promote effectiveness? Does it favour what can be called optimal outcomes, given the rational interests of the various actors? I think it is important to raise this point as from the start, because the trend has been, when addressing privacy through the lens of economics, to focus on gauges that could not be considered as economic, at least normally speaking. What I mean is that there are people who say: let’s look at the business cost-effectiveness aspect – are the rules on privacy good for core business? It is a valid commercial consideration but it does not give any satisfying answers to the economic question. Others, instead, look at the cost-benefits analysis, and say: if we were to gauge the costs of these various approaches and weigh them against the possible relevant benefits, what would the outcome be? Some even say: maybe privacy is a factor which changes according to the markets – in other words, if we have a good privacy, this will inevitably have a beneficial effect on business – which could be true. But the question I would like to ask you today is the following: is a good privacy valid from an economic point of view? To answer this question, I think we have to start off by referring to the work of our well-known US expert and jurist, Richard Posner, who has extensively written on the application of economic models to legal problems. Posner incidentally was very interested in the question of privacy – and this already 25 years ago when he wrote an article on the so-called mailing lists and whether an opt-in or an opt-out was to be preferred. At the time, he said that the problem concerned the ownership interests of the person concerned or the data possessor. This obliges us to address the matter of the costs of transactions. In a world where people tend to exchange letters, with stamps and so forth, it is rather expensive to choose the option of not being included in a list, in respect of the benefits that could arise for the individual. So, Posner was thinking from an economic point of view when he said that opt-out was to be preferred. He also considered privacy vis à vis a communication net and if people should pay a certain price for the desired privacy before starting the communication transaction considering that unexpected inefficiencies could arise at any time. Think of this problem for a second. Let’s say that before picking up the phone, when you’re about to make a phone call, before doing so, you should probably decide how much privacy you want for that M a r c R o t e n b e r g - Collective Rights and Interests: How to Harmonise Approaches and Safeguards 343 call: you might be calling for business, or to know the price of a pullover – there is no need for a lot of privacy for that; but if you are calling your doctor to be informed on a diagnosis, then maybe you need a lot of privacy. If you call a friend to ask him for information on a show you want to check the time of and in the middle of the call your friend raises an issue that you had not expected, and the matter becomes strictly personal, now you need privacy. Posner considered this problem and said that there are good reasons to apply privacy standards to this type of relations to prevent enormous inefficiencies from arising when people have to deal with a secondary asset – privacy in this case – before being able to reach their primary aim. Now, there is a wide range of activities where privacy makes sense in economic terms: it makes sense because it promotes trust and confidence, in new net milieus and in offers for new services. A very good example of this is the recent US experience in the regulatory and non regulatory framework. In the ‘80s in the United States, there was a whole series of advanced services available to US consumers: interactive via cable television, electronic mail, video rent – and in each one of these cases, the Congress of the United States – like the European Union – said that, before providing these services, a privacy framework had to be established in accordance with the law, to develop trust and confidence in this new business milieu. And there were no protests associated to privacy in respect of cable TV, video rental or e-mail – at least not in the ‘80s. More recently, especially over the last ten years, and even more so after the spread of Internet, the United States have adopted a different attitude, which favours the self-regulatory approach: no common standards or a framework for the new services and new technology. This suggestion has raised a lot of protests – and this I find quite interesting. In fact, certain services, like advertising on Internet – which many of us thought would be Internet’s strong point – have practically collapsed. Advertising via Internet has collapsed in part due to the economic conditions, but it also collapsed as a result of the objections raised by the public against the collection and use of personal information in a milieu not governed by rules. Microsoft has recently admitted that its personalised services on Internet will probably not be continued as expected, also due to current concerns by the public in respect of the lack of privacy protection. Thus, generally speaking, I would say that the right to privacy, the common standards on privacy, have the effect of promoting trust and confidence, which in turn foster economic growth. But now I would like to consider a couple of more specific and technical areas, under the profile of the law and economics, to suggest a sound foundation on which to base privacy protection. There is a phenomenon in economics called rent-seeking behaviour which simply means that, if a corporation has knowledge of the most I am willing to pay for a given product, it will tend asking me for that price. A firm 344 Da costo a risorsa - Attività produttive e protezione dei dati personali could offer me a shirt for ¤ 20; but if it kno ws I am willing to pay ¤ 30 and it has the chance of making me pay ¤ 30, then it will undoubtedly tr y to make me pay just that. Now, if we consider the application of the privacy rules on transactions based on the market, what strikes you immediately is that the capacity of a consumer to keep his identity concealed in the market, enables the consumer to act more effectively and more precisely in this type of negotiation. A consumer could take advantage of a personalised discount pursuant to a loyalty programme, or could choose to remain unnamed, and by so doing avoiding the inconveniences arising from the fact of making the most one is willing to pay known (i.e. the highest sum a consumer is willing to pay). Privacy in this case does not seem capable of protecting a human right, but rather an economic right. I would like to consider another approach based on legal and economic concepts, and this approach concerns the assigning of responsibility. There is a theory called least cost avoider, which simply says that we should assign responsibility to the party implied in the operation which can better minimize the risk. If a person sells a good with a hidden defect that can not easily be discovered by the purchaser, then the law says that the seller is responsible for such defect. Similarly, the law on privacy would say that, from an economic point of view, the responsibility for any further use would fall on the data controller, and not on the person concerned. Why is this? Why is a corporation in possession of personal data the party that can better prevent such item from being misused subsequently. The economic interest aligns with the interest connected to the protection of a human right. Another economic theory is that privacy rules reduce the costs of transactions, as they inform both the seller and the buyer on what the privacy terms in the agreements in question will be. And by reducing the costs of transactions, the markets dealing with the primary product in terms of goods and services, will operate more effectively. Now, there is an interesting corollary on the wish to reduce transaction costs, and it is something we have noted over the last few years. It concerns the growing confusion deriving from privacy policies and reports. Why do self – regulated corporations set forth such complicated declarations on their practices in respect of potential customers? The economic answer is rather simple: they are trying to develop transaction costs, with a view to making it more difficult for the consumer to exercise his right in the transaction in question. So far I have suggested different ideas that we get from the laws of economics on the nature of transactions concerning privacy, and the economic basis of common standards. I would like to give you some more examples on why this approach is useful, and then I would like to say something to put you on guard. I have already mentioned the US experience on the regulation vs. non regulation approach on privacy protection. Please note that the first modern law on privacy in the Unit- M a r c R o t e n b e r g - Collective Rights and Interests: How to Harmonise Approaches and Safeguards 345 ed States, the Fair Credit Reporting Act, which is still from different points of view one of the stricter laws we have in the United States, has brought transparency, accountability and efficiency to the credit reporting industry. In other words, in the absence of this law on privacy, which holds credit reporting agencies responsible for collecting and using credit reports and which gives individuals, whom often could not have access to credits, despite being entitled to them, the chance of ascertaining and correcting these reports – in one word, the markets could not operate effectively, the fact of having to answer in person was lacking, and there was bad information. But privacy has made more rational markets possible. It is a critical approach, I think. I refer to the collection and use of personal information in any market milieu. And now some implications of the economic aspect of privacy protection. Firstly, we are about to see common standards not only from the law profile, but also technologically speaking, as I think it would be effective for both the purchasers and the sellers to find simple ways of dealing with the online milieu. Secondly, I think that we have to be careful when we adopt technical methods requiring consumers to resort to an elaborate set of choices. And here I am thinking of certain protocols having the effect of automating the confusion associated with privacy policies, and introducing a whole set of new transaction costs, which I think should be avoided in everyone’s interest. Lastly, with respect to the development of common standards, I would like to quote a nice analogy concerning cars I heard recently “there should be more technology under the boot and less in the instrument panel”. In other words, these standards should become part of the common protocols to be able to interact in a common online milieu. Now, some words of caution on this approach to privacy protection. First of all, the analysis taken by the reign of economics has suggested many valid instruments. But Posner himself thought that the privacy of an individual is not of great use. In fact, he is quite famous for having opposed any basis – referred to human rights, or legal – to support the privacy of information, as it is commonly meant. Furthermore, in one of Brandeis’ articles written more than a century ago, the author thoroughly considered the matter of whether privacy could be based on a revendication of property ownership rights. This thesis was rejected, firstly because whoever wants to protect his privacy – unlike copy right holders – is not that interested in publishing anything. And secondly the value of privacy probably varies considerably from person to person. So for that reason too, any revendication of property ownership rights is not a good approach. Furthermore, in my opinion, there are many situations where we can easily admit that an economic analysis should not replace an ethical, or legal or moral basis in respect of privacy protection. But I have addressed this aspect today in part be- 346 Da costo a risorsa - Attività produttive e protezione dei dati personali cause I think that in many discussions on privacy, anything that tastes of economics immediately raises the consideration that it is good from the point of view of business cost-effectiveness. If we look closer at some tools provided by the laws on economics, we will find that there are many good economic reasons in the direction of common standards for privacy protection. The conclusion thus is that common standards in respect of privacy protection are not only to be desired for normative reasons, but also to be preferred for economic reasons. And this will be growingly important in the future. I would just like to mention recent developments in the U.S., where, as you probably know, a new project called Total Information Awareness has recently been adopted by our Department of Homeland Security and thoroughly discussed. This project represents an ongoing research effort of our Department of Defence to develop new identification and control systems. I think we should all keep in mind that the reduction in personal privacy resulting from the events of 11 September 2001 is not a surprising and new factor, but the other consequential factor of this event is the increase in the secrecy used by our Government as shown by these programs. Both these factors, considered together, have to be well understood as they represent parallel developments of a similar type. Both privacy reduction and an increase in Government secrecy – I am sorry to say – have recently led to a considerable erosion in civil liberties in the United States. You can find further information on this aspect in our web site (www.epic.org). M a r c R o t e n b e r g - Collective Rights and Interests: How to Harmonise Approaches and Safeguards 347 Investire in privacy per lo sviluppo di nuovi prodotti e servizi Maurizio Costa (1) Sommario: 1. L’impatto della privacy sull’attività d’impresa – 2. I positivi cambiamenti introdotti dalla riforma del 2001 – 3. La legge può servire anche a tutelare la privacy dell’azienda – 4. Le prospettive future del mercato e delle relazioni con i clienti – 5. Il nuovo meccanismo di distribuzione di merci e servizi: dal produttore globale al consumatore individuale – 6. I tre strumenti per riequilibrare i meccanismi di tutela: legge, autodisciplina, tecnologia – 7. L’impegno del mondo delle imprese per favorire lo sviluppo della privacy: il buon esempio di “Cancellami” 1. L’impatto della privacy sull’attività di impresa Vorrei affrontare il tema che mi è stato assegnato con l’approccio pragmatico che un uomo d’impresa applica nella sua attività quotidiana. Svilupperò, perciò, il mio contributo partendo dall’esperienza concreta che la Mondadori, che opera da moltissimi anni nel settore del Direct Marketing, ha potuto maturare. Cercherò inoltre di allargare la prospettiva e di portare non solo qualche spunto di riflessione, ma anche qualche proposta operativa in grado di coniugare l’esigenza di rispondere allo sviluppo dei mercati e l’esigenza di essere assolutamente coerenti con le indicazioni che ci provengono dal sistema normativo. Il mio contributo parte dalla constatazione di ciò che è successo in Italia in questi anni di applicazione della legge sulla tutela dei dati personali e da cosa rappresenta la normativa sulla data protection in relazione ai suoi effetti nella vendita di prodotti e servizi nel continente europeo in generale. La normativa è stata accolta in Italia, un paese che non disponeva di nessuna legge su questo tema, con sospetto e prevenzione da buona parte del mondo imprenditoriale. Periodicamente si alzano voci che ne chiedono con argomentazioni, spesso discutibili, la modifica e la ridefinizione, un passo indietro, quindi, non solo antistorico, ma completamente sbagliato. Si crede che tale legge blocchi le attività economiche, costringendo gli operatori a costosi e fastidiosi adempimenti burocratici. Tuttavia, le osservazioni mosse da parte del mondo imprenditoriale in materia di riservatezza dati sono molto significative. Stabilire dei limiti al libero utilizzo dei dati personali ha indubbiamente un forte impatto nei confronti delle attività di impresa, sia in termini di costi di marketing, sia in termini di costi organizzativi e sia in relazione alle potenzialità di sviluppo delle relazioni con il cliente. Il mio punto (1) Arnoldo Mondadori Editore spa - Italia 348 Da costo a risorsa - Attività produttive e protezione dei dati personali di vista è che questa visione sia eccessivamente pessimistica e che una maggiore riflessione sulla vicenda, peraltro già in atto, consentirà di dare un segno più deciso al pensiero e all’azione di chi è coinvolto sulle tematiche della privacy in Italia. 2. I positivi cambiamenti introdotti dalla riforma del 2001 A seguito delle recenti modifiche attuate alla normativa approvata il 28 dicembre 2001, il tema della riservatezza può essere affrontato con il giusto equilibrio. La privacy potrà diventare davvero una leva per sviluppare il rapporto della comunicazione interattiva, innalzando la soglia di fiducia del cittadino nei confronti delle aziende, senza fare nessuno sconto rispetto all’impostazione originaria. La privacy resta un argomento delicatissimo e trattato con estremo rigore dalle nostre istituzioni, ma ho l’impressione che sia cambiato o stia cambiando l’approccio all’interno delle imprese, diventando più europeo, meglio modulato, meno basato sul formalismo e più sulla sostanza: le sanzioni sono più efficaci, le previsioni di leggi più di buon senso e più facilmente applicabili che in passato ed è inoltre presente un maggiore riconoscimento del ruolo dell’autodisciplina. Attraverso specifiche previsioni di codici deontologici potrà essere inoltre valorizzato il ruolo dei cosiddetti servizi di mail preference, che permettono a chi non vuole ricevere messaggi promozionali di iscriversi in appositi elenchi che dovranno essere obbligatoriamente consultati da chi vuole inviare messaggi indirizzati. Mi riferisco alle cosiddette Robinson lists, uno strumento di grande efficacia e da sviluppare ulteriormente. Inoltre, occorre attribuire il giusto riconoscimento al principio del bilanciamento di interessi, cioè al fatto che in generale il Garante potrà stabilire se il diritto alla riservatezza del singolo debba essere sempre e in ogni caso tutelato attraverso il necessario e previo consenso dell’interessato anche a discapito di un interesse legittimo del soggetto che decide di trattare i dati personali. In pratica, questo principio rappresenta una valvola di sicurezza già esistente in molte legislazioni europee che, se usata con equilibrio, permetterà di evitare applicazioni troppo rigide delle norme che hanno reso troppo spesso la privacy un territorio impervio e ricco di paradossi. Dopo che le nuove regole andranno in porto non ci saranno più scuse: adeguarsi alle normative sulla privacy sarà necessario e possibile. Non dovranno e non saranno ammesse deroghe. È assolutamente importante che le aziende abbiano piena consapevolezza del fatto che un nuovo tassello per l’affermazione della cultura della riservatezza nel nostro Paese si appresta ad esser collocato. Dopo sei anni dall’introduzione della prima legge sulla privacy, queste nuove regole rappresentano una conferma del fatto che si sta procedendo sulla giusta strada, una strada ricca di buoni auspici. Maurizio Costa - Investire in privacy per lo sviluppo di nuovi prodotti e servizi 349 3. La legge può servire anche a tutelare la privacy dell’azienda È compito di noi imprese sottolineare che la privacy non deve essere esaminata solo per evidenziare i limiti, gli aspetti negativi, le problematiche che essa stessa comporta. Essa può essere, al contrario, usata anche per proteggere in modo efficace i dati personali delle stesse aziende e quindi la segretezza delle informazioni che circolano all’interno di realtà complesse. Questo è un aspetto macroscopico che non è mai stato sollevato con la dovuta efficacia dalle aziende e dagli operatori economici. La legge italiana, a differenza di quanto prevedono analoghe discipline straniere e la direttiva comunitaria per la tutela dei dati personali, prevede che possano essere tutelati anche i dati appartenenti a persone giuridiche. L’immediata conseguenza è che, in linea teorica, una società che ritiene di aver subito un trattamento non autorizzato dei propri dati personali o comunque una fuga di notizie relativa alla sua organizzazione interna, potrebbe legittimamente tutelare i propri interessi e rivolgersi ai suoi concorrenti per sapere quali informazioni essi detengano sul proprio conto. In caso di mancata risposta, per l’imprenditore che si ritiene spiato si aprirebbero le porte dell’ufficio del Garante per la Protezione dei Dati Personali o del Tribunale. Lo spionaggio industriale non arricchisce solo le spy stories dei film di successo, ma costituisce un cospicuo strumento anche di guadagni illeciti da parte di alcuni dipendenti disinvolti e non proprio rispettosi dell’obbligo di fedeltà verso il loro datore di lavoro. Questa è una realtà assai diffusa e basterebbe guardare il numero impressionante e la forza di penetrazione dei prodotti gemelli che si affollano sul mercato per concludere che le coincidenze non sono casuali. Bisogna, quindi, riflettere sul fatto che la legge sulla privacy non pone solo limiti, ma offre anche opportunità inesplorate per le aziende. 4. Le prospettive future del mercato e delle relazioni con i clienti Per cogliere tutte le potenzialità che si collegano alla privacy è essenziale rivolgere lo sguardo verso il futuro, guardare allo sviluppo dei valori dell’informazione, della trasparenza e della riservatezza nel nuovo mercato delle vendite a distanza con strumenti telematici. Le caratteristiche essenziali del futuro mercato dei prodotti e dei servizi che, con formula convenzionale, viene ormai comunemente definito elettronico, possono essere descritte da due aggettivi. Il primo aggettivo è, forse banalmente, globale, termine che descrive la dimensione spaziale e anche ideale del mercato di domani, un luogo non più solo fisico, ma anche e sempre più virtuale. Contrariamente al primo, il secondo aggettivo che disegna gli scenari futuri della comunicazione commerciale è individuale, perché il commercio del futuro, sia esso elettronico o no, si baserà sempre più sul- 350 Da costo a risorsa - Attività produttive e protezione dei dati personali la personalizzazione dei servizi e dei prodotti. Questa mia riflessione non deve essere, ovviamente, fraintesa: non credo affatto che, come qualcuno ha sostenuto in passato, ogni individuo è un mercato, ma sono convinto però che ognuno di noi abbia esigenze specifiche e peculiari che è giusto che le aziende provino a soddisfare. 5. Il nuovo meccanismo di distribuzione di merci e servizi: dal produttore globale al consumatore individuale Volendo usare una formula sintetica, credo che il mercato dei produttori e dei fornitori di servizi cesserà di essere un sistema di massa per diventare un articolato e complesso sistema di relazioni individuali, un nuovo meccanismo di distribuzione di merci e servizi dal produttore globale al consumatore individuale. Si tratta di una rivoluzione copernicana iniziata con il boom della new economy che ha prefigurato uno scenario di mercato più finanziario che economico, anche se non ancora maturo. Al di là dei rallentamenti e degli arretramenti di questi ultimi anni, il percorso intrapreso da questo nuovo mercato non può che essere quello di una sempre maggiore e puntuale personalizzazione dell’offerta di beni e di servizi delle aziende. Si tratta, quindi, di una rivoluzione in cui il consumatore è al centro dei messaggi promozionali: sarà sempre più essenziale che chi produce conosca il suo cliente e assecondi i suoi gusti. In tutto è evidente un segno di progresso rispetto alle epoche passate in cui spesso le aziende dovevano indossare i panni anche scomodi di persuasori occulti, di propositori di beni e servizi indifferenziati, a una massa indifferenziata di potenziali clienti. Certo, esistono gravi pericoli di accerchiamento ai danni del singolo, assediato da messaggi mirati e personalizzati; in questo senso l’antico right to privacy potrà costituire un baluardo difensivo importante - tanto più se esso cesserà di essere inteso banalmente come il diritto ad esser lasciati soli, indisturbati - e diventerà il diritto alla autodeterminazione e quindi il presupposto per la libertà individuale. In questa chiave, il Direct Marketing è destinato inevitabilmente ad assumere un ruolo guida nella definizione delle nuove strategie di comunicazione commerciale e anche nell’organizzazione dei meccanismi di vendita. Se questa è la caratteristica del futuro commerciale del mondo, una caratteristica che si affermerà sempre più nel nuovo mercato, diventa essenziale chiedersi con assoluta sincerità che ruolo possono assumere le leggi che dagli anni settanta si propongono di tutelare questo particolare aspetto della privacy che è appunto la protezione dei dati personali. Promuoveranno questo processo o lo affosseranno? La risposta non può essere univoca perché diversi sono gli approcci che su questo tema si offrono all’analisi. Nell’Unione Europea la scelta condivisa dai legislatori di gran parte dei paesi Maurizio Costa - Investire in privacy per lo sviluppo di nuovi prodotti e servizi 351 europei (Regno Unito, Francia, Spagna, Portogallo, Svezia, Olanda, Belgio) fino a non molto tempo fa era nel segno di favorire la libertà del trattamento dei dati, dando all’individuo una sorta di potere di veto per bloccare le operazioni che ritenesse, in astratto o in concreto, lesive della sua riservatezza. In questo quadro normativo il futuro mercato globale poteva agevolmente svilupparsi, permettendo al produttore di entrare in contatto con ogni singolo consumatore. Al contrario l’Italia, capofila di un orientamento ultimamente recepito con crescente interesse anche nel resto d’Europa, ha fatto prevalere la tutela del singolo a scapito delle libere iniziative commerciali. Un simile sistema comporterà una maggiore difficoltà per il mondo imprenditoriale ad affermarsi come interlocutore consapevole delle esigenze dell’individuo e nulla potrà essere fatto senza il preventivo consenso dell’interessato. Il mio punto di vista è che il consenso preventivo sia uno strumento essenziale in alcuni casi, per esempio quando muta sostanzialmente la finalità del trattamento rispetto a quella per la quale il dato personale è stato raccolto; in altre situazioni, invece, il consenso preventivo non serve e chiederlo, conservarlo ed esibirlo diventa paradossalmente una beffa. Il consenso può essere comprato, infatti, anche a basso costo - forse non con la piena consapevolezza della dignità delle persone; anzi, è più facile comprare il consenso preventivo delle persone più deboli e indifese, sia culturalmente che economicamente. La partecipazione ai concorsi a premi, i gadgets, i buoni omaggio, e i carnets di sconto esprimono, con le suadenti note del marketing, questo processo di acquisto consenso. Quindi, ritengo sia interesse delle imprese e di tutta la società comprendere che il consenso è fondamentale, ma deve essere soprattutto un consenso consapevole. La vera partita della tutela della riservatezza, almeno nel settore della comunicazione commerciale, si gioca non tanto sul terreno scivoloso del consenso (sia esso raccolto con tecniche opt-in o opt-out), ma su quello assai più solido dell’informativa trasparente. Se invece ci si concentra solo sul modo in cui il consenso viene raccolto e non ci si preoccupa del livello di informazione dal quale il consenso nasce, la privacy resterà un diritto vuoto. Bisogna quindi studiare con serenità ed efficacia strumenti che permettano di riequilibrare il meccanismo di tutela, proteggendo con efficacia la riservatezza delle persone e, nello stesso tempo, favorendo lo sviluppo della società nella direzione di progresso che le tecnologie e le culture presenti rendono oggi raggiungibili. Non basta proibire per proteggere. Inibire l’attività di trattamento dei dati non elimina il pericolo di abuso, ma rende senz’altro più difficile lo sviluppo del dialogo consapevole tra mercato globale e consumatore individuale. Solo un approccio integrato ai problemi della riservatezza, fatto di norme equilibrate, autodisciplina e strumenti tecnologici può dare slancio all’effettiva protezione dei dati personali in 352 Da costo a risorsa - Attività produttive e protezione dei dati personali un mercato senza frontiere. Queste sono le tre linee di forza da perseguire con coerenza attraverso la collaborazione tra istituzioni, innanzitutto, associazioni di categoria, consumatori, cittadini e imprese. 6. I tre strumenti per riequilibrare i meccanismi di tutela: legge, autodisciplina, tecnologia La legge sulla privacy ha colto un bisogno sociale diffuso: ha dato voce a una domanda di giustizia e trasparenza reale che fino a qualche tempo fa non trovava gli strumenti per farsi sentire. Con una visione allargata del problema è bene chiedersi come può affermarsi la riservatezza individuale di fronte a una società e ad un mercato che pur muovendosi verso la globalizzazione, in realtà mirano sempre di più a stabilire un rapporto diretto con le singole persone: fidelizzazione, one-to-one, permission marketing, sono i termini che identificano una chiara tendenza in atto. In estrema sintesi, sulla base delle esperienze che altre nazioni hanno fatto prima di noi, possono indicarsi tre linee di azione da perseguire con coerenza, attraverso la collaborazione tra istituzioni, Associazioni di Categoria, Consumatori e Cittadini. La prima linea di azione che vi propongo è la specificazione della legge sulla tutela dei dati personali mediante lo sviluppo di singole normative di settore idonee ad adattare le regole generali alle particolarità dei casi (i trattamenti dei dati per finalità di Direct Marketing sono di qualità diversa rispetto a quelli finalizzati ad attività di analisi sociali o di investigazione privata). Le attuali norme rendono assai complesso lo svolgimento di attività comuni e creano dubbi e problemi interpretativi; quindi una prima linea che suggerisco è quella della specificazione. La seconda linea dovrebbe, a mio avviso, essere la promozione effettiva e la valorizzazione da parte del Garante di codici di autodisciplina e di buona condotta per favorire all’interno delle imprese lo sviluppo di una cultura della riservatezza diffusa dal basso nelle singole categorie attraverso le Associazioni di settore. La possibilità di adire singoli Comitati di controllo, seri, indipendenti e competenti permette di realizzare una tutela del cittadino effettiva e poco costosa. La terza linea d’azione è l’introduzione anche in Italia di sistemi di cancellazione centralizzata (il cosiddetto Mail preference o Robinson lists), che permettono ai cittadini che desiderano non ricevere comunicazioni commerciali di comunicare questa volontà ad un Sportello Unico: le singole aziende sarebbero tenute ad accedervi prima di indirizzare le loro comunicazioni commerciali. In questo modo il cittadino non dovrebbe più inviare svariate richieste di cancellazione dei suoi dati personali, ma potrebbe esercitare il suo diritto in modo semplice e immediato. Come dimostra l’esperienza inglese, un efficace strumento tecnico, con un facile accesso attraverso la rete, potrebbe favorire il processo di trasparenza nella comunicazione dei dati per fi- Maurizio Costa - Investire in privacy per lo sviluppo di nuovi prodotti e servizi 353 nalità commerciali e per far valere una volta per tutte il principale tra i diritti che la legge italiana sulla privacy attribuisce all’interessato. Si tratta in definitiva di un’applicazione concreta delle cosiddette Privacy Enhancing Technologies, previste nella direttiva 2000/31/EC dell’8 giugno 2000 sul Commercio Elettronico per utilizzare lo strumento delle e-mail marketing per promuovere le vendite on-line. 7. L’impegno del mondo delle imprese per favorire lo sviluppo della privacy: il buon esempio di “Cancellami” Da circa un anno esiste in Italia un servizio che si chiama Cancellami, che le aziende operanti nel settore del Direct Marketing diretto hanno deciso di sostenere sotto la sigla della AIDiM, l’Associazione italiana di riferimento di questo settore. Si tratta di un servizio che consente, esattamente in analogia con le Robinson lists, di cancellare il proprio nome e non ricevere messaggi, se non desiderati. I motivi che hanno dato origine a questa iniziativa sono tre. La prima è una ragione etica, perché riteniamo che sia giusto stabilire un confine tra l’invadenza della collettività e la sfera personale dell’individuo. La privacy è un presupposto essenziale per poter permettere lo sviluppo della socialità di ognuno di noi. È un baluardo per garantire la libertà individuale e collettiva. La seconda è una ragione normativa, perché il diritto a esercitare un controllo sulle informazioni personali è il risultato di un processo normativo ormai consolidato e non è un caso che la Carta Europea dei Diritti (articolo 8) preveda proprio la protezione dei dati di carattere personale come diritto fondamentale da esercitare secondo questi principi. La terza è una ragione economica. Trattare dati costa molto alle imprese; inviare messaggi promozionali a chi non desidera riceverli è un costo pesante sia in termini materiali (carta, inchiostro, stampa, spese postali, spese telefoniche), sia in termini di gestione (si tratta di operazioni complesse). È intuitivo che le aziende non desiderano spedire messaggi promozionali a chi non vuole riceverli, li considera inutili, fastidiosi, non li legge o li cestina appena ricevuti. Le aziende per prime hanno, quindi, interesse a sapere quali sono le persone che non desiderano ricevere informazioni promozionali, risparmiando tempo e denaro. Mettendo insieme queste tre motivazioni è nata la necessità, etica ed economica insieme, di creare uno strumento agile ed efficiente per dare concretezza alle esigenze delle singole persone che non vogliono essere disturbate con comunicazioni commerciali o di raccolta fondi a loro indirizzate, rendendone l’attuazione compatibile con il regolare e fluido svolgimento delle attività economiche. Il servizio è assolutamente gratuito per i cittadini che decidono di avvalersene, mentre le aziende che aderiscono al servizio coprono i costi di gestione. Mi sembra che questo sia un 354 Da costo a risorsa - Attività produttive e protezione dei dati personali esempio positivo del modo in cui le aziende possono farsi carico della privacy, offrirla come servizio aggiuntivo per i propri clienti e rendere effettivo il passaggio dal mercato di massa al mercato individuale. L’auspicio è che il sistema italiano adotti soluzioni che altre nazioni europee hanno o stanno adottando, integrando la legge, l’autodisciplina e la tecnologia. Credo che questo sia un modo corretto per aiutare a mettere ordine negli archivi polverosi dei diritti insoddisfatti e a non aver paura del futuro, guardando verso la nuova frontiera della società e dei mercati globali e individuali. La privacy è un diritto vitale, multiforme, dinamico e in continuo divenire; è il presupposto stesso per l’affermazione dei nostri diritti sia nel mercato reale sia nel mercato virtuale. Per questo è essenziale favorire lo sviluppo della normativa sulla privacy utilizzando tutti gli strumenti a disposizione: legge, autodisciplina, tecnologia e soprattutto tanto buon senso. Maurizio Costa - Investire in privacy per lo sviluppo di nuovi prodotti e servizi 355 Investing in Privacy to Develop New Products and Services Maurizio Costa (1) Contents: 1. The impact of privacy on business – 2. Positive changes introduced by the 2001 reform – 3. The Law can also be used to protect corporate privacy - 4. The market’s future prospects and relations with customers – 5. The new distribution mechanism of goods and services: from global producers to an individual consumer – 6. The three tools to rebalance the protection mechanism: law, self-regulation, technology - 7. Corporate commitment in favour of privacy development: “Cancellami’s” good example 1. The impact of privacy on business I would like to deal with the theme I have been assigned with the pragmatic approach used by a businessman in his daily activities. Consequently, I will start by talking about Mondadori’s experience, developed over the years in the field of Direct Marketing. I will also try to enlarge the perspective, suggest some ideas to think over, and make some operational suggestions to meet the markets’ development and the need to be absolutely coherent with current legislation. First of all, I will deal with the Italian situation in recent years, since the entry into force of the law on personal data protection, and then I will consider the effects of data protection legislation on the sale of products and services in the European continent in general. Italy had no legislation in this field, and the new law was perceived with suspicion and prejudice by a large share of the business world. Periodically, voices have arisen asking for its amendment and redefinition, often on questionable grounds. Thus a step backwards, which not only is anti-historical, but completely wrong. Said law is believed to hamper economic activities, obliging businessmen to comply with costly and burdensome bureaucratic procedures. However, the remarks made by the business world on privacy are very important. Any limitation in the use of personal data undoubtedly has a strong impact on business, both in terms of marketing and organisational costs and in terms of the development potentialities of relations with customers. In my opinion, this view is excessively pessimistic and a more thorough consideration of the matter, which in fact is in progress, will enable those concerned with privacy in Italy to reconsider their views. (1) Arnoldo Mondadori Editore s.p.a. - Italy 356 Da costo a risorsa - Attività produttive e protezione dei dati personali 2. Positive changes introduced by the 2001 Reform Following the introduction of recent amendments to the Law of 28 December 2001, the subject of privacy can be faced on the right footing. Privacy will be able to become an incentive for the development of interactive communication, by increasing the trust of citizens in corporations, without waiving its original approach. Privacy remains a very delicate issue and is dealt with extreme rigour by our institutions. However, I have the impression that the approach of corporations has changed, or is changing. It is becoming more European, better modulated, less based on formalism and more on substance: sanctions are more effective, the law provisions more sensible and more easily applicable than in the past. Furthermore, the role of self-regulation is increasingly acknowledged. Furthermore, specific provisions of deontological codes will enhance the role of the so-called mail preference services, whereby those who do not want to receive promotional messages can enter their names in special lists that will obligatorily be consulted by whomever wants to send addressed messages. I am referring to the socalled Robinson lists, a very effective tool that has to be further developed. In addition, the right importance has to be given to the balance of interests principle, i.e. to the fact that in general the data protection authority will be able to decide whether the right to privacy of an individual should always and in every case be protected through the necessary prior consent of the person concerned also to the detriment of the legitimate interest of the entity deciding to process the personal data. In practise, this principle is a security valve provided for in many European legislations that, if used in a balanced way, will prevent the rules from being applied too strictly, and thus, more often than not, turning privacy into an inaccessible territory full of paradoxes. When the new rules become effective, there will be no more excuses: to abide by the privacy law will be essential and possible. No departures from said rules will be allowed. It is absolutely important for corporations to be fully aware of the fact that a new piece is about to be placed in the direction of affirming the culture of privacy in our country. Six years after the introduction of the first privacy law, these new rules confirm the fact that we are on the right road, a road full of good omens. 3. The law can also be used to protect corporate privacy Corporations have the duty to stress the fact that we must not talk of privacy only to pinpoint its limits, negative aspects, and relevant problems. On the contrary, it can be used to effectively protect the personal data of corporations themselves, and consequently the secrecy of information moving inside complex milieu. This is a macroscopic aspect that has never been raised as effectively as it Maurizio Costa - Investing in Privacy to Develop New Products and Services 357 should have by corporations and economic operators. The Italian law, unlike similar laws in other countries and the community directive on personal data protection, also provides for the protection of data concerning legal persons. The immediate consequence of this is that, in theory, when a corporation discovers that its personal data has been processed without authorisation or in any event information concerning its internal organisation has been used by unauthorised entities, it could legitimately protect its interests by asking its rivals what information on the corporation they have. If there is no answer, a businessman who thinks he is being spied, could turn to the Personal Data Protection Authority or the Court. Industrial espionage does not only colour the spy stories of successful movies, but is also a way for impudent and disloyal employees to gain unlawful profits. This is quite common, and it is enough to see the impressive number of twin products crowding the market to conclude that they are not chance coincidences. We should, thus, ponder on the fact that the privacy law does not only set restraints, but also offers corporations unexplored opportunities. 4. The Market’s future prospects and relations with customers In order to take advantage of all the potentialities linked to privacy, we have to look ahead, to consider the development of information values, and the transparency and privacy of the new market of remote telematic sales. There are two adjectives that describe the essential characteristics of the so-called electronic, future, market of products and services. The first adjective is, perhaps trivially, global. It is a term that describes the spatial and even ideal scope of our future market: a place that is not only physical, but also and growingly virtual. Contrary to the first term, the second adjective depicts the future scenario of commercial communication and is individual, because future commerce, both electronic and not, will be increasingly based on the personalisation of services and products. I don’t want to be misunderstood: I don’t believe at all that, as someone has said in the past, every individual is a market, but I am convinced that each one of us has specific and peculiar needs that corporations should rightfully try to satisfy. 5. The new distribution mechanism of goods and services: from global producers to an individual consumer. To say it in a few words, I think that the market of service producers and providers will stop being a mass system and will become an articulated and complex system of individual relations, a new distribution mechanism of goods and services 358 Da costo a risorsa - Attività produttive e protezione dei dati personali from global producers to an individual consumers. It is a Copernican revolution launched by the booming new economy, which envisages a financial rather than economic market - even if not fully developed yet. Beyond the slowdowns and drawbacks recorded in recent years, the road taken by this new market can only be that of an ever-growing and detailed personalisation of the corporations’ offers of goods and services. Consequently, it is a revolution where consumers are at the centre of the promotional messages: it will be growingly fundamental for producers to know their customers, and satisfy their tastes. Progress has been made compared with the past, when corporations often had to play the unfortunate role of hidden persuaders, prompters of undifferentiated goods and services to an undifferentiated mass of potential customers. Certainly, individuals run the risk of being encircled and besieged by targeted and personalised messages; in this regard the old right to privacy will constitute an important defensive stronghold – all the more if it stops being banally intended as the right to be left alone and undisturbed – and becomes the right to self-determination and thus the condition for individual freedom. In this regard, Direct Marketing will inevitably take on the leading role of defining the new commercial communication strategies and organising the sale mechanisms. If this is the characteristic of the world’s commercial future, and ever more so of the new market, we will have to sincerely ask ourselves what will be the role played by the laws that have aimed at protecting this particular aspect of privacy, i.e. personal data. Will they foster or shelve this process? There cannot be an univocal answer as there are different approaches to this issue. Within the European Union, until recently the legislators of most European countries (United Kingdom, France, Spain, Portugal, Sweden, Holland, Belgium) supported the freedom in data processing, giving the individual a sort of authority to veto the operations abstractly or concretely considered as detrimental to his privacy. This legal framework could favour the development of the future global market and enable producers to get in contact with every individual consumer. On the contrary, Italy, the leader of a recently developed approach - of growing interest also in the rest of Europe - has favoured the protection of individuals to the detriment of free commercial initiatives. In a similar system, it would be more difficult for corporations to meet the needs of the individual and operate without the prior consent of the person concerned. My point of view is that prior consent is an essential tool in some cases, for example when the objective of data processing changes completely compared with the one for which the personal data was collected; in other cases, instead, prior consent is not required and to ask for it, keep it and show it, paradoxically becomes a farce. Consent may be bought, in fact, and even at a low cost – perhaps not with the full Maurizio Costa - Investing in Privacy to Develop New Products and Services 359 awareness of the dignity of individuals; in fact, it is easier to buy the prior consent of both culturally and economically weaker and defenceless individuals. The competitions with prices, the gadgets, the gift tokens, and the discount tickets are examples of the persuasive notes used by marketing to purchase prior consent. Consequently, I think that it is in the interest of corporations and society as a whole to understand that consent is fundamental, and especially that it has to be a conscious consent. The real data protection game, at least in the field of commercial communication, has to be played not so much on the slippery ground of consent (whether collected with opt-in or opt-out techniques), as on the more solid one of transparent information. If corporations only concentrate on the way in which consent is collected and are not concerned with the level of information giving rise to the consent, then privacy will remain a void right. We have to serenely and effectively develop tools to rebalance the protection mechanism, by effectively protecting the privacy of individuals and, at the same time, fostering the development of our society in the direction of the progress made possible by existing technologies and cultures. Prohibition is not sufficient to ensure protection. The hindrance of data processing activities does not exclude the danger of abuse and certainly makes the development of a dialogue between the global market and individual consumers more difficult. Only an approach taking account of the privacy problems, made up of balanced rules, self-discipline and technological tools can give momentum to effective personal data protection in a market without frontiers. These are the three guidelines to follow with coherence through the co-operation between institutions, in the first place, and then between trade associations, consumers, citizens and corporations. 6. The three tools to rebalance the protection mechanisms: law, self-regulation, technology The privacy law has reflected a far-ranging social need: it has given voice to a request for justice and real transparency that had not yet found a way of making itself heard. By giving the problem a broader scope, we should ask ourselves how individual privacy can affirm itself in a society and a market that although moving towards globalisation, in fact growingly aim at establishing a direct relation with individual persons: promotion of customer loyalty, one-to-one, permission marketing, are the terms that clearly identify the ongoing trend. In short, in the light of the experience gained by other countries before us, we can identify three guidelines that have to be pursued with coherence, through the co-operation between institutions, trade associations, consumers and citizens. The first guideline I am suggesting is the specification of personal data protec- 360 Da costo a risorsa - Attività produttive e protezione dei dati personali tion laws through the development of individual laws that can adjust the general rules to particular cases (data processing for direct marketing purposes are different in quality than those aimed at social analysis or private investigation activities). Existing rules make it very complex to conduct joint activities, nurture doubts and interpretation problems; so the first guideline I suggest is that of specification. The second guideline, in my opinion, should be for the Data Protection Authority to effectively promote and enhance the corporations’ codes of practice and good conduct to favour the diffusion of the privacy culture from the grassroots of individual categories, through the trade associations. By resorting to individual, serious, independent and competent control authorities, citizens could be protected in an effective and inexpensive way. The third guideline consists in introducing centralised deleting system (the socalled mail preference or Robinson lists) in Italy as well. Under this system, a citizen would only have to inform a Single Office that he does not want to receive commercial notices: individual corporations would then have to refer to these lists before addressing their commercial notices. By so doing, a citizen would not have to send various requests for deleting his personal data, but would be able to exercise his right in a simple and immediate way. As the British experience shows, an effective technical tool easily accessible through the net can favour the transparency process in data communication for commercial purposes and, once and for all, help wield the major right protected by the Italian privacy law. Basically, we are talking about a concrete application of the so-called Privacy Enhancing Technologies provided for in Directive 2000/31/EC of 8 June 2000 on Electronic Trade, on the uses of the e-mail marketing instrument to promote on-line sales. 7. Corporate commitment in favour of privacy development: “Cancellami’s” good example A service called Cancellami was set up in Italy about a year ago by the corporations operating in the field of Direct Marketing, under the aegis of AIDiM, the Italian reference Association in this field. Cancellami is a service whereby, like the Robinson lists, one can delete one’s name and thus not receive unwanted messages. There are three reasons why this service has been set up. The first is an ethical reason, because we believe that there should be a boundary between our community’s intrusiveness and an individual’s personal sphere. Privacy is an essential condition for developing the sociality of each one of us. It is a stronghold ensuring collective and individual freedom. The second reason concerns the law, as the right to exercise control over personal data results from a well-developed law, and it is not by chance that the Euro- Maurizio Costa - Investing in Privacy to Develop New Products and Services 361 pean Charter of Rights (Article 8) provides for the protection of personal data as a fundamental right to be exercised under the principles it sets forth. The third reason is economical. It is very expensive for corporations to process data; to send promotional messages to individuals who do not want to receive them is very costly both in terms of the materials (paper, ink, print, posting cost, phone cost) and in terms of the management (they are very complex operations). One can easily understand that corporations do not want to send promotional messages to persons who do not want to receive them; they are useless, annoying, they are either not read or thrown away as soon as they are received. Corporations are thus the first to be interested in knowing the persons who do not want to receive promotional messages, thus saving time and money. These three reasons put together have given rise to the ethical and economic need to develop an agile and effective tool to meet the needs of those persons who do not want to be disturbed by commercial or fund collection communications, and have made the satisfaction of that need compatible with a regular and fluid operation of the business activities. The service is free for the citizens who decide to use it, while corporations have to pay for it. I think that this is a good example of the way in which corporations take privacy on themselves, provide it as an additional service to its customers and implement the passage of a mass market to an individual market. We hope that the Italian system will adopt solutions that other nations adopted or have adopted, integrate its law, self-regulation and technology. I think this is the right way to help put order in the dusty archives of our unsatisfied rights and to face the future without fear, looking ahead at the new frontier of our society and the global and individual markets. Privacy is a vital, multiform, dynamic and ever-developing right; it is the condition itself for affirming our rights both in the real and virtual markets. In view of this, we have to foster the development of the privacy law using all the available tools: laws, self-regulation, technology and especially common sense. 362 Da costo a risorsa - Attività produttive e protezione dei dati personali Growth Expectations for a Global Marketplace That is Mindful of Individuals Mozelle W. Thompson(1) Good afternoon. I would like to thank Chairman Rodotà and members of the Commission for sponsoring this important conference. We have heard a variety of different views and approaches to the issue of privacy protection, and its has been helpful for me to learn more about the Italian experience. The Conference Organizers have asked me to address the topic of Growth Expectations for a Global Marketplace that is Mindful of Individuals. In America we might call this Creating an Individual-Friendly Global Marketplace. This is a somewhat difficult topic to address, partly because I have no crystal ball to predict the future, and partly because I have learned that it is dangerous for senior government officials to make public predictions. Notwithstanding my reservations, I have had an opportunity to observe consumer and government issues around the world from my work as president of the International Marketing Supervision Network [IMSN] and as chair of the OECD Committee on Consumer Policy. So perhaps I can share some of my observations and give you some insight about future issues. Before I begin, my General Counsel requires that I provide you with the same statement that you heard yesterday from Commissioner Swindle – that my comments today are my own and do not necessarily reflect the views of the Commission or any of the other Commissioners. At the outset, I would say that an “individual-friendly global marketplace” is one that has a foundation that places the consumer at the center of its “value proposition.” In other words, it is a market that recognizes the importance of providing consumers with a basket of tools that provide consumers with a means to feel safe and confident to participate in the marketplace. Among those tools are rights and remedies that can protect them from harm harm that can result from fraud, deception, security breaches [an area where my colleague Commissioner Swindle has done excellent work with the OECD], and privacy violations. And these tools can be exercised by government, businesses [in the form of self regulation] and consumers themselves. There are two reasons that this perspective is more important now than at any other time. First, it is no secret that most Western economies are experiencing a period of economic distress. It has also been said that consumer spending repre(1) Federal Trade Commission – Usa M o z e l l e W . T h o m p s o n - Growth Expectations for a Global Marketplace That is Mindful of Individuals 363 sents 80% of the American economy. In France, it is 50% and other European countries fall somewhere in between. A small change in consumer confidence, up or down, can have a significant impact on and country’s economy. As a result, government and businesses alike are focusing on the importance of consumer spending and consumer confidence in maintaining economic health and stimulating future economic growth. While there has been relatively little hard economic study that connects privacy to consumer confidence, many commentators have claimed that consumer privacy concerns result in a failure to achieve billions of dollars in potential sales in the electronic marketplace. Second, one of the important byproducts of globalization and deployment of the Internet is that markets have become more “demand driven.” Because consumers can have easy access to information, consumers can rapidly move their money to many different places. Consequently, they have a greater expectation that their merchants and their governments will be more responsive to their individual demands. Privacy has to be viewed in this context. Although we all have been somewhat self absorbed about the principles of privacy, how we actually deliver privacy depends on how we: - manage consumer expectation - and we have all a long way to go on that front; - define what constitutes “value” for purposes of privacy; and - determine how we measure success. Ideally, we provide guidance through our own combination of laws, rules, and self-regulatory programs. But, there is no “one size fits all” approach to this issue, nor is there a magic answer. Moreover, neither government, consumers nor industry can address these questions alone. Now, I know what some of you are thinking, that I am taking a typically Anglo-Saxon approach because I am focusing on the practical. I most often hear this statement when someone is implying that Americans have no principles. That is not true. What I am saying is that we all have to be measured by what our citizens experience, and none of us have been perfect in this regard. Let me tell you why. First, we need to build a foundation based upon consumers who understand what is reasonable, and not reasonable, to expect in terms of privacy. This foundation is a cornerstone for a demand driven market that measures companies based on how they respond. These consumer expectations need to be considered within the bundle of concerns that we term consumer confidence. This must be done, not because that is the way we in the United States or in Italy consider privacy issues, but because that is the way most of the public experiences privacy issues. We also need to use our expertise to tell industry and governments about what 364 Da costo a risorsa - Attività produttive e protezione dei dati personali we think is appropriate and inappropriate behavior, including providing incentives for innovation – technological or otherwise. And, when industry or government fails to live up to the expectations and requirements imposed through those means, we need to take appropriate enforcement action. That action should not only include the typical government tools of fines, penalties, injunctions and public embarrassment, but should also allow for more creative solutions in appropriate cases that enable wrongdoers to become models for improved practices. So, the question isn’t really what we can expect from an individual friendly global marketplace, but how we create one and ensure that it continues to exist — and in the context of this conference’s topics, how the issue of privacy plays a role in ensuring the development of consumer confidence. Let me take a minute to talk about my experience with this issue. Although you heard something about this yesterday, my personal views might be slightly different than those expressed yesterday by my colleague Commissioner Swindle. It is no secret that the United States and Europe have different approaches to the issue of data privacy. Most countries in the European Union have broad-based privacy laws, while we take a more sectoral approach. However, work done by Consumers International illustrates that: “Despite tight EU legislation in this area, researchers did not find that [Web] sites based in the EU gave better information or a higher degree of choice to their users than sites based in the US” While there has been similar criticism of Web sites in the United States, Consumers International found that “US-based sites tended to set the standard for decent privacy policies” and that US-based most popular sites were the most likely to have a privacy policy and were more likely to post that policy in an easily accessible place. I believe this statement is accurate. Although I have publicly suggested that America’s on-line consumers would benefit from some Federal law that would allow us to address the “holes in our Swiss cheese,” [e.g. companies who are not providing consumers with data protection or otherwise governed by Federal Law], European criticism of the US privacy approach fails to take into account our record of effective prosecution. You heard something about that record yesterday, but to give you further information: To date, the US Federal Trade Commission has brought approximately 255 Internet cases and handled 31 matters with a privacy component. In addition, 279 companies have self-certified under the US-EU Safe Harbor. As the US FTC has undertaken strong enforcement action, we have also spent a great deal of time publicly discussing our cases in order to build consumer de- M o z e l l e W . T h o m p s o n - Growth Expectations for a Global Marketplace That is Mindful of Individuals 365 mand for privacy. Consequently, as consumers have increasingly demanded privacy protection, industry has responded. This visible enforcement activity, clearly has a dual purpose: (1) to send a message to industry about what is acceptable conduct, and in so doing shape the marketplace; and (2) to educate consumers about what they should reasonably expect in the marketplace. In conjunction with strong enforcement, there is a need to educate consumers and businesses as to why privacy is a value – government saying so is not enough. As more people know about privacy, consumer demand will help drive the marketplace. Privacy must be something that consumers understand and that businesses know must be included as part of the value proposition. In a global marketplace it is important for all of us to work together, while at the same time to recognize that countries have different legal and value systems and therefore approach problems differently. Our differences, however, should be valued and we should learn from each other in order to benefit consumers around the world. When we build a global marketplace that recognizes all elements that are important to the consumer, including privacy, we will have an individual-friendly global marketplace that realizes the great potential it has for all of our citizens. 366 Da costo a risorsa - Attività produttive e protezione dei dati personali The Privacy Resource Spiros Simitis (1) I was especially intrigued by the word “resource” in the title of this Conference. Indeed, I decided to look it up in an English dictionary to find the precise definition, which includes many different meanings such as device, supply, riches, but also ingenuity and inner force. I think that, especially after listening to the presentations in these two days, all these definitions apply to a different extent. My first consideration regarding the issue at stake has to do with the approach adopted to address it. In my opinion, we should avoid using obsolete tools to cope with an issue that has wholly different features compared with those one might have descried, say, thirty years ago. Thirty years ago one could reasonably argue that the right to privacy was one facet of personality rights. I think it is high time we relinquished these views, because otherwise we are in danger of admitting that privacy rights may or actually must be placed in parallel with other rights – such as ownership. In fact, as pointed out by Stefano Rodotà a few minutes ago, we are not dealing with personality rights. We have to do with a wholly new legal approach, and this was explained most clearly by the German Constitutional Court in 1983 – when they ruled that respect for private life, and awareness of the ways in which personal data are used are a fundamental prerequisite for any democratic society. Therefore, in debating privacy we actually discuss the structure of our society – and leniency in the application of the rules on personal data will undermine any democratic society. It is not a matter of striking the right balance; there can be no balance when you have to do with data protection, as this is one of the fundamental prerequisites for our societies. This is all the more evident if we consider that, firstly, today we are not deliberating whether to collect certain data – as was the case in the ‘70s, when scholarly papers on privacy started being published – but rather how to use the data that have already been collected; and secondly, that there is no longer any distinction to be drawn between public and private entities, as public entities often avail themselves for their purposes (such as preventing and detecting crimes) of devices and tools that had been originally developed by private entities for private purposes. Therefore, we should bear in mind that any privacy rules to be developed will have to take account of the possible implications related to their implementation in a democratic society. Thus, I think that the key issue is nowadays, how to possibly deny access to (1) Frankfurt University - Germany Spiros Simitis - The Privacy Resource 367 data that are already available. And I believe that the solution, if any, can only be found by re-considering the very core of the rules applying to data protection. This means, firstly, that there should not be any use of personal data unless there are no available alternatives. Therefore, no a priori data collection is to be allowed: it is necessary to prove that the data are necessary for the specific purposes to be achieved, and that the purposes in question may only be attained by using personal data. Such an approach postulates the existence of an independent control entity as well as of clear-cut rules on purposes and mechanisms of use. Secondly, I think that special attention should be paid to the ever-growing practice of marketing personal data. We all are aware of this, and a look at the Internet is enough to realise that you can buy practically any personal data you may wish at a reasonable price. But this commodification of personal data is against the very nature of the fundamental rights involved. You cannot talk about benefit-sharing in this sector – as has been done with regard to the collection and use of genetic data in some countries. Thirdly, the approach based on the opt-out mechanism has always been quite popular in connection with data protection, and has recently been advocated also in respect of the collection of genetic data by “biobanks” – which might be enabled to “buy” a person’s genetic data unless the person in question “opts out”, i.e. objects to this type of processing. The point is, how can one object? This is nowhere explained very clearly. Based on these considerations, I think it is high time we decided whether we are to consider consent as important as it was in the past. Or rather, we should reconsider the way the consent requirement is applied in respect of the processing of personal data. We are faced with a situation in which what matters are no longer the data, but the context of their use. This means we should change our way of thinking and simply set out a few truly unambiguous, binding principles that can then be applied to the specific context. And, what is then the outcome, if any, of our meeting? It seems clear to me, further to what has been said so far, that self-regulation is indeed essential – but only up to a certain extent. We do not need conventional self-regulation; rather, we should think of what has been termed “regulated self-regulation”. Which means that any code developed, for instance, by a corporation or trade association (and in Italy there are excellent examples in this regard) should be submitted to the supervisory authority and only become applicable after being evaluated and approved by the authority. Regulated self-regulation is an elementary component of a new concept of data protection, as no law-making body can impose extensive and apparently comprehensive regulations in this area – necessary though they may be – without deal- 368 Da costo a risorsa - Attività produttive e protezione dei dati personali ing with an endless list of details and thus severely endangering its credibility. For precisely this reason self-regulation is obviously helpful. We nevertheless must elaborate a new concept in which self-regulatory approaches are integrated – keeping in mind that this integration does not mean replacing binding regulatory principles, in respect of which (let me say it once again) no balancing is admissible. Thus, there may indeed be cases in which the duty to provide information to third parties is directly applicable, for instance as regards the police or judicial authorities. At the same time, however, there should be little doubt that any limitation on the information to which data subjects are entitled must be compensated for by the intervention of an independent authority – which has to verify and check whether, for instance, the relevant requirements have been met as formally stipulated. Thank you for your attention. Spiros Simitis - The Privacy Resource 369 AVVISO PER I LETTORI (art. 13 Codice in materia di protezione dei dati personali, d.lg. 30 giugno 2003, n. 196) I nominativi e gli indirizzi utilizzati per inviare questa pubblicazione sono trattati con strumenti anche informatici (senza una loro particolare elaborazione), non verranno comunicati a terzi e saranno utilizzati solo ai fini dell’invio. L’interessato potrà rivolgersi in ogni momento al Garante per la protezione dei dati personali (Roma, Piazza di Monte Citorio n. 121, fax: 06 69677785, e-mail: garante@garanteprivacy.it) per verificarli o farli integrare, aggiornare o rettificare e/o per esercitare gli altri diritti previsti dalla normativa in materia di protezione dei dati personali (art. 7 del Codice in materia di protezione dei dati personali, d.lg. 30 giugno 2003, n. 196). Stefano Rodotà, Presidente Giuseppe Santaniello, Vice Presidente Gaetano Rasi, Componente Mauro Paissan, Componente Giovanni Buttarelli, Segretario generale Redazione Garante per la protezione dei dati personali Piazza di Monte Citorio, 121 00186 Roma fax 06 69677785 www.garanteprivacy.it www.dataprotection.org e-mail: garante@garanteprivacy.it Pubblicazione della Presidenza del Consiglio dei Ministri Dipartimento per l’informazione e l’editoria Direttore: Mauro Masi Via Po, 14 - 00198 Roma - tel. 06 85981 Stampa e distribuzione: Ufficio grafico dell’Istituto Poligrafico e Zecca dello Stato presso il Dipartimento per l’informazione e l’editoria Piazza di Monte Citorio, 121 00186 Roma www.garanteprivacy.it www.dataprotection.org Progetto grafico: Vertigo Design CONTRIBUTI Da costo a risorsa Da costo a risorsa L A TUTEL A DEI DATI PERSONALI NELLE AT TIVITÀ PRODUT TIVE Questo volume si propone di valutare l’impatto della tutela dei dati personali nell’attività delle imprese e quale funzione essa può svolgere nell’economia dei mercati aperti. L’approccio vuole essere di natura di- A cura di Gaetano Rasi namica e non statica, nonché di confronto fra indirizzi ed esperienze diverse. Il volume è ripartito in quattro sessioni: la prima tratta della tutela dei dati personali nel mercato globale; la seconda della libertà di impresa e del diritto alla riservatezza; la terza della tutela dei dati personali nel rapporto tra impresa, utenti e consumatori e la quarta indica la nuova frontiera della privacy come risorsa per lo sviluppo economico. www.garanteprivacy.it