Da costo a risorsa

Transcription

Da costo a risorsa
CONTRIBUTI
Da costo a risorsa
Da costo
a risorsa
L A TUTEL A DEI DATI PERSONALI
NELLE AT TIVITÀ PRODUT TIVE
Questo volume si propone di valutare l’impatto della
tutela dei dati personali nell’attività delle imprese e
quale funzione essa può svolgere nell’economia dei
mercati aperti. L’approccio vuole essere di natura di-
A cura di Gaetano Rasi
namica e non statica, nonché di confronto fra indirizzi
ed esperienze diverse. Il volume è ripartito in quattro
sessioni: la prima tratta della tutela dei dati personali
nel mercato globale; la seconda della libertà di impresa e del diritto alla riservatezza; la terza della tutela dei dati personali nel rapporto tra impresa, utenti
e consumatori e la quarta indica la nuova frontiera
della privacy come risorsa per lo sviluppo economico.
www.garanteprivacy.it
Stefano Rodotà, Presidente
Giuseppe Santaniello, Vice Presidente
Gaetano Rasi, Componente
Mauro Paissan, Componente
Giovanni Buttarelli, Segretario generale
Redazione
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121
00186 Roma
fax 06 69677785
www.garanteprivacy.it
www.dataprotection.org
e-mail: garante@garanteprivacy.it
Pubblicazione della
Presidenza del Consiglio dei Ministri
Dipartimento per l’informazione e l’editoria
Direttore: Mauro Masi
Via Po, 14 - 00198 Roma - tel. 06 85981
Stampa e distribuzione:
Ufficio grafico dell’Istituto Poligrafico e Zecca dello Stato
presso il Dipartimento per l’informazione e l’editoria
Piazza di Monte Citorio, 121
00186 Roma
www.garanteprivacy.it
www.dataprotection.org
Progetto grafico:
Vertigo Design
Si ringraziano quanti nella struttura del Garante
hanno, per le rispettive competenze, contribuito
alla pubblicazione di questo volume
G.R.
Da costo
a risorsa
LA
TUTEL A DEI DATI PERSONALI
NELLE AT TIVITÀ PRODUT TIVE
A cura di Gaetano Rasi
www.garanteprivacy.it
Indice
I contenuti del volume
About this Book
1
3
Introduzione
Cosa cambia per le attività produttive
What Is Changing in Production Activities
di Gaetano Rasi
7
Sessione I - La tutela dei dati
personali nel mercato globale
Session I - Personal Data
Protection in the Global
Marketplace
17
The Privacy Benefits
and Costs from a US Perspective
di Robert Gellman
29
The Impact of the Different Regulatory Models
in the World Scenario
50
di George Radwanski
Diritti fondamentali
e libertà di iniziativa economica
63
The Effectiveness of Privacy Protection
in Economic Systems
di Orson Swindle
69
Balancing of Interests
di Amitai Etzioni
La tutela dei dati personali
in una realtà multinazionale
Personal Data Protection
in a Multinational Framework
di Umberto Paolucci
New Privacy-Oriented Markets
di Alejandra Gils Carbò
New Privacy-Oriented Markets.
Direct Marketing in Hungary
di Attila Peterfalvi
IV
57
Fundamental Rights
and Freedom of Enterprise
di Giovanni Buttarelli
Da costo a risorsa - Attività produttive e protezione dei dati personali
78
82
88
93
98
Indice
Sessione II - Privacy e Impresa
Session II - Privacy and Business
Sessione III - Impresa, utenti
e consumatori
Session III - Business, Users,
Consumers
Quale privacy?
105
What Privacy?
di Mauro Paissan
110
Mercato: trasparenza e privacy
115
Marketplace: Openness and Privacy
di Luigi Spaventa
119
Businesses, Users, Consumers:
Toward a New Relationship
di Giuseppe Santaniello
123
Competizione economica:
i vantaggi della protezione dei dati
The Impact of Privacy Policies
on Business Processes
di Martin Abrams
Does Business Need In-House
Self-Regulation?
di Alfred Büllesbach
Uso a fini privati
dei dati personali in mano pubblica
Impresa, Utenti, Consumatori:
verso un nuovo rapporto
131
Business Competition:
Advantages of Data Protection
di Giuseppe Tesauro
The Anonymous Consumer
di Herbert Burkert
152
201
207
213
220
226
Prevenzione e risarcimento dei danni
234
156
Prevention of and Remedies for Damage
di Piergiuseppe Monateri
240
Privacy e rapporti di lavoro
160
Analisi economica
del diritto alla riservatezza
Privacy in the Employment Context
di Umberto Romagnoli
169
Privacy and Technological Innovation
di Helmut Bäumler
178
Using Personal Data Held
by Public Entities for Private Purposes
di Vincenzo Zeno Zencovich
Garanzie e nuove tecnologie
185
Safeguards and New Technologies
di Giuseppe Casadio
188
La nuova consapevolezza dei consumatori
190
Consumers' New Awareness
di Enrico Letta
194
246
An Economic Analysis
of the Right to Privacy
di Marco Maglio
260
Privacy in a Business:
An Operational Model
di Douwe Korff
273
Infomediazione
come strumento dei consumatori
Infomediation as a Consumer Tool
di Carlo Formenti
283
293
V
Indice
Building Consumer Trust:
Personal Data Protection as a Resource
di Mel Peterson
La Rete: fiducia degli utenti
e sicurezza dei dati
302
311
The Network: Users’ Trust
and Data Security
di Claudio Manganelli
315
Quali regole tra libertà e sicurezza?
319
Freedom and Security: What Rules?
di Maurizio Gasparri
324
Sessione IV - Privacy
e sviluppo economico:
soluzioni e prospettive
Session IV - Privacy and
Economic Development:
solution and Outlook
Globalizzare le garanzie
331
Globalising Safeguards
di Stefano Rodotà
336
Collective Rights and Interests: How to
Harmonise Approaches and Safeguards
di Marc Rotemberg
Investire in Privacy per lo sviluppo
di nuovi prodotti e servizi
Investing in Privacy to Develop
New Products and Services
di Maurizio Costa
Growth Expectations
for a Global Marketplace
That is Mindful of Individuals
di Mozelle W. Thompson
The Privacy Resource
di Spiros Simitis
VI
Da costo a risorsa - Attività produttive e protezione dei dati personali
342
348
356
363
367
I contenuti del volume
Questo volume si propone di valutare l’impatto della tutela dei dati personali
nell’attività delle imprese e quale funzione essa può svolgere nell’economia dei mercati aperti. L’approccio vuole essere di natura dinamica e non statica, nonché di confronto fra indirizzi ed esperienze diverse.
A tal fine sono stati qui raccolti i contributi di autorevoli studiosi ed esperti che
si sono espressi nel corso della Conferenza Internazionale “Privacy: da costo a risorsa” che si è tenuta a Roma, presso la sede dell’Autorità Garante, nel dicembre 2002.
Gli intenti vanno oltre la pur impegnata trattazione scientifica. Si desidera infatti che abbia luogo un ampio confronto tra coloro che operano nelle attività imprenditoriali, professionali e della cultura economica e giuridica, per fare il punto
non solo dottrinale sull’evoluzione della materia. Da tale dibattito il Garante italiano e, si ritiene, anche i colleghi di tutto il mondo che si occupano di protezione
dati, potrebbero trarre utili indicazioni ed avere motivi di ulteriore avanzamento
della normativa sulla protezione dei dati personali con particolare riferimento alla
sua incidenza nella macro e nella microeconomia.
Per dare conto di uno scenario oramai piuttosto complesso, si è deciso di rispettare l’articolazione della Conferenza Internazionale “Privacy: da costo a risorsa”.
Il volume, pertanto, è ripartito in quattro sessioni:
la prima, La tutela dei dati personali nel mercato globale, si è proposta di
introdurre i temi di discussione, individuando quale funzione svolga, nella percezione attuale, la tutela dei dati personali rispetto ai meccanismi del mercato globale ed all’incontro tra domanda ed offerta. Particolare attenzione è stata data agli effetti sulle dinamiche economiche della coesistenza del modello di data protecion di
stampo europeo e del sistema di protezione adottato dagli Usa. Oltre al punto di vista dei rappresentanti istituzionali si è dato spazio all’esperienza diretta di strutture
multinazionali sia statunitensi che europee e sono state introdotte le testimonianze
di esponenti del mondo asiatico e latino americano. Si parla anche delle aspettative
dei consumatori in una dimensione continentale europea.
•
• La seconda sessione, Libertà di impresa e diritto alla riservatezza, ha inteso approfondire il ruolo della tutela dei dati personali nel quadro dell’attività d’impresa. Sono stati presi in considerazione due aspetti: quello statico, relativo alla struttura organizzativa delle aziende, analizzando l’impatto della protezione dei dati personali all’interno dell’impresa e sui problemi connessi con il rapporto di lavoro;
1
quello dinamico con un esame del principio del bilanciamento degli interessi come
strumento per garantire l’equilibrio in concreto tra libertà, impresa e diritto alla riservatezza. Inoltre sono stati trattati i problemi del rapporto fra trasparenza e privacy e delle garanzie nei confronti delle nuove tecnologie.
• La terza sessione, La tutela dei dati personali nel rapporto tra impresa,
utenti e consumatori, ha preso in esame i problemi concernenti l’uso dei dati personali nella comunicazione commerciale e nelle azioni di fidelizzazione dei clienti.
Particolare attenzione è stata prestata alle questioni relative ai problemi della sicurezza, alle modalità di raccolta dei dati utilizzati per attività di comunicazione e di
marketing diretto, ai costi della raccolta di dati, alla relazione tra attività di vendita
a distanza e trattamento di dati personali, all’utilizzabilità dei dati provenienti da
elenchi pubblici, al ruolo del consenso come meccanismo di autotutela del consumatore ed alle possibili forme di protezione dei consumatori con particolare riferimento ai mercati sovranazionali. In questo quadro è stato esaminato anche il tema
dell’allocazione dei costi derivanti per l’impresa dalla violazione delle norme per la
tutela dei dati personali.
La quarta sessione, Verso la nuova frontiera: la privacy come risorsa per
lo sviluppo economico, anzitutto ha affrontato il tema di come universalizzare le
garanzie di tutela dei dati, dal punto di vista dei popoli, dei territori, delle strutture mondiali produttive e distributive delle merci e dei servizi. Inoltre - prendendo
spunto dall’analisi, condotta nelle sessioni precedenti - dei cambiamenti in corso
nel mercato globale, nell’organizzazione dell’impresa e nel rapporto tra consumatori e produttori, ha cercato di individuare le possibili prospettive di sviluppo della tutela dei dati delle persone, intesa come valore verso il quale possono convergere tanto le aziende quanto i clienti per realizzare scelte consapevoli e libere. In
questo quadro è stato messo in evidenza il ruolo che possono svolgere le tecnologie e l’autodisciplina (codici deontologici) per abbandonare una visione negativa
(rispetto della privacy come mero costo o limite allo sviluppo) e per favorire l’affermazione della tutela dei dati personali come strumento in grado di generare valore aggiunto in una civiltà di cosciente, diffuso e superiore progresso.
•
2
Da costo a risorsa - Attività produttive e protezione dei dati personali
About This Book
This book is aimed at considering the impact of personal data protection on
business activities as well as the role to be played by data protection in the openmarket economy. A dynamic rather than a static approach will be followed, also
based on the comparison of different views and experiences.
The contributions submitted by authoritative scholars and experts on the occasion of the international Conference “Privacy: Cost to Resource” were collected
in this book. The Conference was held in Rome, at the premises of the Italian data
protection Authority, in December 2002.
Publishing these contributions is meant to provide more than an opportunity
for carrying out in-depth scientific analysis. Indeed, we hope that it will stimulate
a broad-ranging discussion between industry, professionals and economic and legal
actors, in order to assess the state-of-the-art situation in this sector not only in terms
of jurisprudence. I believe that such a discussion may provide useful guidance not
only to the Italian data protection authority, but to our colleagues worldwide that
deal with data protection issues – in view of the further advancement of privacy legislation with particular regard to its macro- and microeconomic impact.
In order to take account of a scenario that is by now quite complex, the book
is organised according to the structure of the International Conference “Privacy:
Cost to Resource”, i.e. it includes four Sessions:
• session one, concerning Personal Data Protection in the Global Marketplace, aims at presenting the main issues to be debated, by identifying the role played currently by personal data protection in respect of the mechanisms featured in
the global marketplace as well as of the demand-offer interplay. Special attention
was paid to the effects produced on economic mechanisms by the co-existence of
the European and US data protection models. In addition to the viewpoints of representatives from various institutions, the direct experience of both US and European multinational organisations was taken into consideration, and the opinions
voiced by representatives from the Latino-American and Eastern European world
were reported. Consumer expectations in the Europe-wide area were also addressed.
Session two, concerning Freedom of Enterprise and Right to Privacy, addressed the role of personal data protection within businesses in greater detail from
two viewpoints. From a static viewpoint, the organisational structure of businesses
was considered and the impact of personal data protection on both business activi•
3
ties and employer-employee relationships was evaluated. From a dynamic viewpoint,
the balancing of interests principle was taken into account as a tool to ensure that
freedom, enterprise and right to privacy can be reconciled in concrete. The relationship between openness and privacy and the safeguards related to new technologies were also debated.
Session three, concerning Personal Data Protection in the Relationships
between Businesses, Users and Consumers, addressed the issues related to the use
of personal data in commercial communications and customer loyalty initiatives.
Special attention was paid to security issues, mechanisms for collecting data used for
communication and direct marketing activities, costs of data collection, relationships between distance selling and personal data processing, re-use of data from public sources, the role of consent as a self-protection mechanism for consumers, and
the safeguards available to consumers with particular regard to supra-national markets. In this connection, allocation of the costs incurred by businesses following
breaches of personal data protection laws was also considered.
•
• Session four, concerning Towards the New Frontier: Privacy as a Resource
for Economic Development, tackled the issue of how to globalise data protection
safeguards in terms of peoples, territories, and world production and distribution
facilities for goods and services. Additionally, based on the analysis carried out in
the preceding sessions concerning the on-going changes in the world market, in business organisation as well as in the consumer-to-producer relationship, an attempt
was made to outline the development outlook for data protection on the assumption that data protection is the focus of attention for both businesses and customers
in order to make free, informed choices. The role to be played by technologies and
self-regulation (codes of practice) was pointed out in this regard, so as to overcome
the negative concept of privacy - i.e. privacy compliance regarded merely as a cost
and/or a hindrance to development - and foster the establishment of personal data
protection as a tool that can yield added value in a community seeking enlightened,
widespread, and superior progress.
4
Da costo a risorsa - Attività produttive e protezione dei dati personali
Introduzione
C OSA CAMBIA
PER LE ATTIVITÀ PRODUTTIVE
Gaetano Rasi
INTRODUZIONE
Cosa cambia per le attività produttive
Gaetano Rasi (1)
Sommario: 1. Profondi cambiamenti – 2. La valutazione delle esigenze del mercato – 3.
Incidenza nei rapporti fra soggetti economici – 4. La privacy come qualità – 5. L’analisi costi-benefici dello spamming – 6. Necessità di equilibrio tra protezione dati e libera iniziativa – 7. I termini della nuova sfida
1. Profondi cambiamenti
Siamo tutti convinti che viviamo un’epoca di profondi cambiamenti che attraversano in modo sempre più intenso tutte le attività umane. I progressi tecnologici,
da un lato, rendono possibili meccanismi di comunicazione un tempo impensabili
e consentono quasi di annullare le distanze nei trasferimenti delle merci e dei servizi, dei capitali, delle persone e riducono i tempi di realizzazione delle scelte, influendo direttamente sulle modalità di produzione e di distribuzione dei beni; dall’altro lato, sempre gli stessi progressi tecnologici influiscono sul - oppure come nel
caso di Internet si sottraggono al - tradizionale rapporto che collega l’efficacia di una
normativa nazionale ad un ambito territoriale determinato. Tutto questo comporta,
rispetto al tema della tutela dei dati personali, spunti di riflessione di varia natura
che confermano giorno dopo giorno che una generale normativa sulla protezione
dei dati personali è davvero il crocevia verso il quale convergono i possibili percorsi di sviluppo della società contemporanea.
Solitamente l’analisi delle conseguenze derivanti da queste innovazioni e da
queste possibilità si sofferma su formulazioni di carattere giuridico che individuano
i limiti, positivi o negativi, rispetto al diritto ad esercitare un controllo sulle informazioni che ci riguardano.
Ma, da economista, credo opportuno sottolineare che, insieme con le consapevolezze etiche e con le condizioni giuridiche da tutelare, si modifica il peso dei
fattori produttivi e distributivi rispetto ai risultati e cambia l’organizzazione del lavoro all’interno delle aziende.
(1) Componente Garante per la protezione dei dati personali - Italia
Gaetano Rasi - Cosa cambia per le attività produttive
7
Una riflessione particolare merita la scomposizione dei processi produttivi. Mi
riferisco al fenomeno sempre più diffuso della parcellizzazione delle fasi intermedie
fra il varo del progetto riguardante un prodotto (merce o servizio) e la sua commercializzazione. E qui hanno luogo passaggi di dati personali.
Il diffondersi delle fasi di scomposizione del processo non è deindustrializzazione bensì attribuzione all’esterno di funzioni specifiche e specialistiche di singoli
elementi e ruoli per poi riassumere all’interno dell’impresa l’assemblaggio e dar luogo al prodotto finito. Ed anche qui vi sono passaggi fra diversi responsabili o titolari del trattamento dei dati personali
Da tempo, poi, il concetto di innovazione come motore del progresso produttivo va oltre l’incidenza sui processi di fabbricazione o sull’invenzione di nuovi prodotti. È innovazione pure una nuova organizzazione (oltre la terziarizzazione esterna
come l’outsourcing), l’impiego di sistemi automatici nella comunicazione ed elaborazione dei dati, la gestione consortile di settori aziendali comuni ad altre imprese, le
iniziative pre e post vendita.
2. La valutazione delle esigenze del mercato
Il successo di una innovazione dipende non solo dalla sua originalità, ma spesso dalla capacità di valutare le esigenze emergenti o latenti nel mercato.
Questo ci porta a valutare l’elemento personale nella valutazione del venditore e
dell’acquirente nella determinazione a concludere il negotio moderno.
Nei contratti bilaterali – compresi quelli di pura adesione ad una offerta pubblica (per es. l’esposizione della merce in vetrina o su uno scaffale, oppure quella che
viene reclamizzata sui media) – la determinazione ad operare dei singoli soggetti deriva sia dall’utilità perseguita dai consumatori, sia dalle certezze nelle modalità.
Quindi emerge come decisivo nella formazione delle volontà del venditore e
del compratore, oltre il calcolo della convenienza, anche quello della certezza. E
questo ultimo è un elemento tipico del comportamento soggettivo.
Analizziamo in sintesi le componenti in gioco nella formazione della volontà:
a) il rapporto tra il sacrificio per il prezzo da pagare e l’utilità prevista per il bene da
acquisire; b) la convenienza a privarsi del bene in relazione al guadagno calcolato
nell’incasso del corrispettivo; c) il grado di rischio nelle modalità di vendita o di acquisto: fornitura immediata o differita, pagamenti in contanti o dilazionati; d) garanzie rispetto ad eventuali vizi occulti; e) bontà dei mezzi di pagamento; f ) fiducia
nella assistenza post vendita (pezzi di ricambio, riparazioni, celerità intervento,
ecc.); g) grado di affidabilità nella gestione del rapporto (professionalità, riservatezza, personalizzazione, continuità, grado del servizio, qualità della prestazione, adeguatezza delle informazioni, istruzioni per l’uso, ecc.).
8
Da costo a risorsa - Attività produttive e protezione dei dati personali
I punti da c) e g) – 5 su 7 – riguardano possibili trattamenti di dati personali.
Come appare evidente una corretta gestione delle informazioni riguardanti coloro
che le raccolgono o le forniscono danno certezza al mercato: i venditori tendono ad
espandere l’offerta e gli acquirenti sentono tutelati i loro diritti. La regolamentazione dell’elemento responsabilità nei comportamenti a prestazioni corrispettive fornisce fiducia e costituisce la base alle fasi espansive del ciclo economico.
Non esiste attualmente un sistema di misurazione dell’influenza della qualità,
derivante dal corretto trattamento dei dati personali, nelle attività economiche relative allo scambio tra bene e corrispettivo. Tuttavia appare essere rilevante in relazione all’importanza che, da un lato, le imprese attribuiscono alle informazioni sulla
moralità e puntualità nei pagamenti da parte degli aspiranti clienti e, dall’altro, alla
preoccupata attenzione che gli acquirenti pretendono circa l’esatta fornitura di notizie sul proprio comportamento.
Mutano inoltre le relazioni tra le imprese ed i consumatori.
I pubblicitari, come affermava Vance Packard negli anni Cinquanta, utilizzavano le tecniche tradizionali dei persuasori occulti che “non vendono prodotti ma comprano clienti” per l’industria standardizzata. Di fronte ad un mercato di massa anche
la comunicazione commerciale tendeva alla massificazione. Il consumatore non era
preso in considerazione in quanto individuo, ma come membro di un gruppo omogeneo, privo di diversificazioni. Al contrario oggi tendono ad affermarsi, anche a causa dei moderni sistemi di comunicazione interattiva, nuovi metodi di relazione fondati sulla personalizzazione dei messaggi pubblicitari e degli acquisti: il consumatore
si trova così al centro di una rete di messaggi che convergono per indurlo all’acquisto facendo leva sui suoi specifici interessi e bisogni individuali. Si è ormai realizzato il passaggio dal “mercato rivolto alle masse” al “mercato rivolto agli individui”.
Ma non sono solo i momenti del “contatto commerciale” e dell’“invito all’acquisto” ad essere mutati. Anche la fase post-vendita, e quindi i servizi offerti a chi è
già diventato cliente, risente fortemente della possibilità tecnica di modulare l’assistenza assecondando le mutevoli e diversificate esigenze del consumatore.
Non a caso da tempo ormai le aziende parlano di fidelizzazione del cliente e investono ingenti risorse per gestire con attenzione il rapporto con il cliente per protrarlo nel corso del tempo, secondo i metodi che la terminologia anglosassone qualifica come Customer Relationship Management (o Crm).
Credo sia importante osservare che anche la Pubblica amministrazione, sia a livello centrale che locale, tende a utilizzare gli strumenti tecnologici per favorire i
rapporti con i singoli cittadini al fine di offrire con celerità e trasparenza i propri
servizi: mi riferisco in particolare a quel processo di modernizzazione dell’attività
burocratica che va sotto il nome di E-government. Questo cambiamento complesso,
che contiene in sé aspetti positivi per le imprese ed i soggetti pubblici e di vantag-
Gaetano Rasi - Cosa cambia per le attività produttive
9
gio per il consumatore ed il cittadino, presenta però elementi di problematicità e di
pericolo.
3. Incidenza nei rapporti fra soggetti economici
In particolare, in questa prospettiva, la tutela dei dati personali assume una
valenza centrale, incidendo profondamente nel quadro dei rapporti tra i soggetti
economici.
La privacy, quindi, mantenendo il suo ruolo essenziale nel contesto dei diritti
fondamentali della persona (assurgendo a prerequisito per l’affermazione di altri diritti individuali costituzionalmente definiti), acquisisce anche una funzione strategica per determinare gli sviluppi futuri del mercato. Essa, meritoriamente, può individuare il limite invalicabile per difendere il cittadino da azioni condizionanti o invasive ad opera delle imprese oppure della Pubblica Amministrazione. Ma, negativamente, può anche costituire un limite per lo sviluppo di un’offerta che non riesca ad
adeguarsi, per difficoltà di comunicazione, ai bisogni della domanda espressa dalla
società civile e dal mercato, come vuole una fondamentale legge economica. Si tratta quindi di definire i termini necessari per fare in modo che la tutela dei dati personali divenga una leva di sviluppo economico e non un fattore di limite alla crescita.
Posta la problematica in questi termini, appare evidente che il diritto alla tutela dei dati personali è in ogni caso destinato a svolgere una funzione fondamentale
per disegnare i futuri assetti del rapporto tra imprese e consumatori oltre che tra gli
enti pubblici ed i cittadini.
Da una parte sta il rischio, reso possibile dalle nuove tecnologie, di un consumatore assediato, denudato ed influenzabile, conosciuto e scrutato quotidianamente dai “raccoglitori di informazioni personali” che, se non sono sottoposti a regolamentazioni e controlli – meglio ad autoregolamentazioni (i codici deontologici) potranno usare questi dati per sollecitare acquisti inutili o dannosi e stimolare bisogni non reali né attuali. Il rischio del plagio o del cedimento per stanchezza è la conseguenza finale. Dall’altra si può concretizzare la prospettiva di un mercato bloccato che, messo nell’impossibilità di dialogare con il consumatore e di stabilire un rapporto diretto con il cliente, sarebbe destinato a ritornare sui suoi passi ed a riutilizzare i metodi dei “persuasori occulti” per indurre a consumi di massa, ricorrendo a
forme di pubblicità invadente e ridondante. Analoghe considerazioni si possono delineare nei confronti dell’operato delle amministrazioni pubbliche.
4. La privacy come qualità
La tutela dei dati personali da parte delle pubbliche autorità ed il persegui-
10
Da costo a risorsa - Attività produttive e protezione dei dati personali
mento della loro protezione da parte dell’individuo, collocati in un efficiente e consapevole contesto economico, possono invece offrire un utile supporto alla definizione di un corretto e più produttivo rapporto tra impresa e consumatore e, per l’altro aspetto, tra le Istituzioni ed i cittadini. L’esistenza di norme di tutela dei dati personali, infatti, può permettere di migliorare la qualità del rapporto con il cliente e
con il cittadino: le aziende possono disporre di informazioni corrette e genuine, raccolte con il consenso dell’interessato, il quale desideri effettivamente essere contattato per finalità commerciali. Lo stesso discorso può essere effettuato rispetto ai dati trattati dagli enti che forniscono servizi di utilità generale. Si profila in tal maniera un contenuto di utilità sociale e di eticità diffusa per la moderna economia aperta che tende ad identificarsi con la società aperta e con un consapevole concetto di
vantaggio collettivo.
D’altra parte se si esamina l’evoluzione della privacy nel corso della sua storia
ormai secolare, sembra di poter dire che la capacità di adattamento alle nuove esigenze sociali sia proprio l’elemento caratterizzante, il nocciolo di questa conquista
giuridica.
La tutela dei dati personali rappresenta comunque, da oltre trent’anni, un fenomeno normativo ampiamente codificato nell’area europea. La Data Protection si
è inserita nella tradizione del diritto alla privacy che era nato alla fine del secolo
XIX nel sistema giuridico statunitense come espressione elitaria del “diritto di essere lasciati soli”. Ma oggi essa è diventata la risposta ad un’esigenza diffusa trasversalmente nei diversi ceti sociali: quella di permettere ad ognuno di esercitare
un controllo sulle informazioni che lo riguardano in modo da essere arbitro del
rapporto, spesso conflittuale, che esiste tra l’individuo e la collettività. Così la protezione dei dati personali ha cessato di essere un diritto banalmente destinato a tutelare i privilegi di pochi ed è diventata un presupposto per lo sviluppo della personalità individuale di ciascuno, un prerequisito per l’esercizio dei diritti fondamentali di tutti i cittadini. Non a caso, proprio la protezione dei dati di carattere
personale è inserita – nel capo dedicato alla Dignità della persona – tra i principi di
apertura che definiscono la Carta dei diritti fondamentali dell’Unione Europea sottoscritta a Nizza nel dicembre 2000. Ed ora appare ripresa nell’art. 50 del Trattato
di Costituzione europea che è opportuno riprendere nella sua interezza: “Ogni individuo ha diritto alla protezione dei dati di carattere personale che lo riguardano. La
legge europea stabilisce le norme relative alla protezione delle persone fisiche con riguardo al trattamento dei dati di carattere personale da parte delle istituzioni, degli organi e delle agenzie dell’Unione, e da parte degli Stati membri nell’esercizio di attività che rientrano nel campo di applicazione del diritto dell’Unione, e le norme relative
alla libera circolazione di tali dati. Il rispetto di tali norme è soggetto al controllo di
un’autorità indipendente”.
Gaetano Rasi - Cosa cambia per le attività produttive
11
È dunque una conquista sociale e culturale oltre che politica di assoluto rilievo.
Questo è tanto più evidente in relazione all’impetuoso sviluppo tecnologico
ed all’importanza, non solo sociale ma anche economica, che ha assunto il libero
flusso delle informazioni. Se è diventato sempre più facile comunicare e raccogliere informazioni su ognuno di noi per le finalità più diverse, diventa essenziale stabilire entro quali limiti questi trattamenti di dati siano legittimi e secondo quali limiti possa essere esercitato il diritto all’autodeterminazione informativa del quale
ognuno dispone.
Da questa premessa emerge chiaramente che il quadro normativo della Data
Protection ha fondamento, oltre che nel progresso etico e culturale, nelle analisi sociologiche ed economiche, superando gli aridi steccati dei tecnicismi giuridici.
5. L’analisi costi-benefici dello spamming
Un filone particolarmente interessante per capire la dinamica di questa normativa in relazione ad un modello sociale in costante evoluzione è offerto dall’analisi economica del diritto. Anche il giurista non può esimersi dall’esaminare il rapporto costi-benefici che l’esistenza delle norme sulla privacy determina in una società evoluta. Se è certo che la tutela dei dati personali è una esigenza irrinunciabile
nella società contemporanea, è altrettanto evidente che tale bisogno va commisurato con le conseguenze economiche che l’esistenza di questo diritto comporta. L’economista può portare un contributo di analisi particolarmente importante per capire quale impatto abbia prodotto la legge sulla tutela dei dati personali rispetto alle attività produttive.
In un articolo di Maryfran Johnson (redattore capo di Computerworld Editorial Columns) su Computerworld del 25 febbraio 2002, si leggeva che era crescente
nelle imprese e nei consumatori la consapevolezza che il rispetto della privacy offra
l’occasione di maggiori guadagni e di una maggiore fidelizzazione dei clienti. A ciò
si aggiunge il fatto che le imprese e gli enti anche pubblici, per il mancato rispetto
delle norme, si rendevano sempre più convinte del rischio di dover pagare in sanzioni amministrative e in spese giudiziarie quanto non avevano pagato per garantire la sicurezza dei dati. Un sondaggio di Harris Interactive ha indicato, per l’appunto, che la diffusione dei dati personali senza il consenso del cliente, in particolare lo
spamming, costituisce la maggiore fonte di preoccupazione per i consumatori, l’84%
dei quali chiede una “verifica indipendente” della politica seguita dalle imprese in
materia di privacy. La Forrester Research aveva stimato che il volume di affari online
nel 2001 avrebbe potuto essere più consistente di 15 miliardi di dollari (rispetto ai
47,6 miliardi effettivamente conseguiti ) se i consumatori avessero avuto più fiducia nella privacy garantita dalle imprese.
12
Da costo a risorsa - Attività produttive e protezione dei dati personali
Al centro del dibattito si pone dunque l’analisi costi/benefici dello spamming e
il problema del bilanciamento di interessi, quelli della conquista del mercato e quelli della tutela (e soddisfazione) dei consumatori.
A quanto detto sopra si vanno ora ad aggiungere nuovi elementi di valutazione, poiché a partire dal 2003 l’inversione di tendenza e il miglioramento dell’economia in rete ha portato a rivedere molte previsioni allarmistiche, se non talora persino catastrofiche, fornite allora dagli analisti dello spamming, cosí come quella citata della Forrester Research.
Da un lato, si sono attivati, spontaneamente ed autonomamente, meccanismi
difensivi del mercato volti a frenare il dilagante fenomeno dello spamming quali:
- enormi investimenti dei provider in tecnologia anti-spamming, in informativa ed in attivitá di ricerca e di sviluppo di nuove strategie;
- sensibili sforzi da parte delle aziende per riuscire ad instaurare un trasparente rapporto con i consumatori, basato anche e soprattutto su e-mail con
preventivo e selezionato consenso;
- crescita culturale ed informatica dell’utente in rete, sempre piú esigente ed
informato.
Dall’altro, le iniziative legislative dell’Unione Europea, volte alla salvaguardia
dei dati personali sempre piú minacciati in rete, si sono estese agli Stati Uniti, seppur con diverso approccio, portando significativi miglioramenti in molte direzioni.
È ormai certo, quindi, che solo un approccio multi-strategico al problema, ossia
basato su interventi legislativi, auto-regolamentazione, tecnologia avanzata, e cooperazione internazionale sembrano essere la soluzione vincente per ridurre lo spamming.
Riprendiamo quindi dallo studio condotto dalla Forrester Research nel 2001 secondo il quale il volume d’affari on-line avrebbe potuto essere maggiore se fosse stata rispettata maggiormente la “privacy” e valutiamo questa affermazione alla luce
delle evoluzioni nel frattempo intercorse nell’economia della rete di Usa ed Europa.
L’analisi si presenta complessa sia per l’accentuarsi delle differenze comportamentali che si registrano tra gli utenti della rete, ossia tra nordamericani ed europei,
sia per le difficoltà interpretative dei sondaggi, spesso tanto ambigui e contradditori da prestarsi pericolosamente, all’occorrenza, a sostegno di opposte tesi.
Recenti proiezioni prevedono un’esplosione del fenomeno spamming per il
2004, con un valore pari a cinque volte quello registrato nel 2003. Si è rilevato inoltre che a luglio 2003 le e-mail spazzatura rappresentavano il 50% dei messaggi inviati per posta elettronica(2).
Questo significa la crisi dell’economia in rete o della rete stessa?
Prima di procedere, si deve sottolineare che la definizione di spamming non
trova unanime consenso in Europa e in Usa, cosí come non vi è unanimità nel pre(2) Secondo la Brightmail, come riportato da DSTI/ICCP(2003)10/FINAL Pubblicato dall’OCSE il 22/01/2004
Gaetano Rasi - Cosa cambia per le attività produttive
13
vedere l’incidenza che avrá lo spamming nello sviluppo dell’economia in rete e nella tutela della privacy.
Piú ottimismo si riscontra negli Usa, maggiore preoccupazioni vengono registrate nei rapporti dell’Ocse e in quelli dell’Unione Europea.
La Commissione Europea(3) ed altri paesi, come Francia(4) ed Australia, hanno
adottato definizioni standard in cui gli elementi identificativi comuni sono dati dall’essere, lo spamming, “l’invio di messaggi commerciali non sollecitati, normalmente inviati ripetutamente e in gran quantitá, e ove l’identitá del mittente sia intenzionalmente nascosta o falsata per trarre in inganno il destinatario”.
Piú sbrigativa ed ampia è la definizione che si ricava dallo studio del fenomeno spamming condotto dalla Federal Trade Commission nel maggio 2003(5), e la cui
definizione viene utilizzata anche dall’Ocse(6), sia nel senso di e-mail spazzatura(7),
sia di “qualsiasi messaggio che il cliente non gradisce”, indipendentemente dal fatto che abbia dato o meno il suo consenso.
Quest’ultima definizione, che rappresenta una significativa modifica nella definizione concettuale del fenomeno, porta anche a ridefinire il problema della lotta
allo spamming e a ridisegnare le relazioni tra aziende e consumatori.
6. Necessità di equilibrio tra protezione dati e libera iniziativa
Dunque, una maggiore attenzione alla sicurezza delle informazioni ed alla corretta gestione dei flussi di dati è indispensabile per evitare conseguenze spiacevoli.
Per quanto riguarda le imprese, sempre la citata Computerworld ha indicato, in particolare, tre elementi che esse dovrebbero tenere presenti a questo scopo:
1. assicurarsi che i dati sulla clientela siano accurati, aggiornati ed uniformi
per tenere conto in modo adeguato, ad esempio, delle preferenze espresse in
(3) Secondo il 2001 Europea Commision Report “Unsollicited Commercial Communications and Data Protection” “Spam
is generally understood to mean the repeated mass mailing of unsolicited commercial messages by a sender who disguise or
forges his identity”.
(4)Secondo la definizione della Commission Nazionale de l’Informatique et des Libertés
(5) Forum sullo Spamming, presieduto da Mozelle Thomson, dal 1997 membro della Federal Trade Commission, presidente all’ Ocse del Comitato dei Consumatori statunitensi.
(6) Ved. in DSTI/ICCP(2003)10/FINAL, pubblicato dall’Ocse il 22/01/2004, a pag. 9 il riferimento al sondaggio della
Mail Shel qui indicato nel par. 4.3.
(7) Può anche essere rappresentato da annunci multipli dello stesso messaggio, inviati a Newsgroup o server di discussione,
e che non sono relativi al tema in oggetto.
Altri termini comuni per lo spam presenti su Internet sono Uce (Unsolicited Commercial Email) e UBE (Unsolicited Bulk
Email) e corrispondono alla stessa definizione di spam.
Gli individui o le aziende che inviano spam generalmente hanno acquistato o raccolto liste di indirizzi e-mail.
Quindi, procedono all'invio di messaggi da diversi indirizzi verso ogni area del Web.
Tutti i messaggi hanno un indirizzo IP incorporato nell'intestazione completa dell'indirizzo che consente di identificare l'identità del mittente del messaggio e quindi di rintracciare l'individuo presso il relativo gestore di posta o fornitore di accesso in rete.
14
Da costo a risorsa - Attività produttive e protezione dei dati personali
materia di privacy;
2. evitare database sovradimensionati: “piccolo è meglio” per la privacy:
3. seguire gli sviluppi legislativi e regolamentari (che anche negli Usa si fanno sempre più importanti in questo settore).
Ferma restando la necessità dell’attività sanzionatoria delle autorità garanti della privacy va peraltro sottolineato che questa funzione non deve in nessun caso trasformarsi in un ostacolo alla libera iniziativa economica, ma deve contribuire a rafforzare la certezza del diritto, oltre che la fiducia nei rapporti di scambio.
La ricerca dell’equilibrio nel sistema di protezione dei dati personali è essenziale per rendere possibile uno sviluppo effettivo. La cultura della riservatezza nel
nostro Paese sta sempre più diffondendosi. Dobbiamo quindi prendere atto – e ciò
non vale solo per l’Italia – che l’“inglobamento” nelle merci e nei servizi del rispetto della privacy sta per diventare una esigenza proprio del mercato. L’impresa che
non risponderà a questo tipo di nuova domanda rischierà di uscire da esso. Insomma si va verso un tipo di competitività per la quale l’offerta dei prodotti, che non
corrispondono alla richiesta di rispetto della riservatezza, incontrerà sempre maggiori difficoltà a trovare e a mantenere fedeli gli acquirenti.
Diventa quindi essenziale capire quale sia il costo economico (e come esso possa contribuire ad un prezzo competitivo perché comprensivo di questo nuovo tipo
di qualità) della scelta di tutelare la riservatezza dei dati personali e quali benefici
possa comportare - non solo dal punto di vista sociale, ma anche da quello strettamente economico - l’esistenza di un diritto alla tutela delle informazioni personali.
Le più recenti evoluzioni del marketing, ed in particolare del cosiddetto permission
marketing, che basa ogni iniziativa promozionale sul preventivo consenso dell’interessato, confermano che data protection e marketing efficace possono, anzi debbono,
andare d’accordo e viaggiare di pari passo. Ripeto perciò che il rispetto della privacy
può diventare una leva competitiva per le aziende che desiderano stabilire un rapporto di fiducia e trasparenza nei confronti dei propri clienti.
I contributi pubblicati in questo volume si propongono di fare, per la prima
volta in Italia, il punto su questi aspetti poco esplorati della tutela dei dati personali: l’obiettivo – mi sembra che sia chiaro da quanto finora detto - è quello di avviare una riflessione per definire quali siano i diversi criteri da tenere presenti per
coniugare la effettiva protezione dei dati personali con l’efficienza di un sistema
economico che punti allo sviluppo. Si tratta di una prospettiva di analisi finora trascurata, salvo lodevoli eccezioni, da parte degli studiosi ma che in realtà va esaminata per meglio comprendere e gestire i complessi cambiamenti sociali e tecnologici dei quali la tutela dei dati personali è una delle componenti essenziali.
Gaetano Rasi - Cosa cambia per le attività produttive
15
7. I termini della nuova sfida
La privacy, nella sua lunga evoluzione, è così chiamata ad affrontare una nuova sfida: quella di essere il punto di convergenza tra le esigenze di crescita delle imprese e quelle dello sviluppo civile appagando nel contempo il bisogno di protezione e di certezze che il singolo consumatore sollecita. In realtà si profila quella che la
cultura anglosassone definisce una “win-win situation”, nella quale entrambe le parti in gioco hanno da trarre beneficio dalla sottoscrizione di un accordo. Così la privacy, considerata nel quadro delle relazioni tra soggetti economici, è destinata a delinearsi come il valore fondante di un patto tra imprese e consumatori che consentirà un ulteriore dinamismo di un mercato composto da soggetti in grado di realizzare scelte consapevoli e libere. È questa la nuova frontiera della tutela dei dati personali che si inserisce nel moderno concetto qualitativo dello sviluppo sociale ed
economico in grado di valorizzare ad un livello superiore la mera crescita quantitativa nella produzione delle merci e dei servizi.
Con questo spirito il Garante italiano ritiene che sia utile sottoporre alla comunità scientifica internazionale questo tema: l’auspicio è quello di aprire la strada nuove prospettive di ricerca e di confronto tra le ragioni del diritto e le esigenze
dell’economia e che perciò possa fare da esca ad un ulteriore dibattito sul futuro
della data protection.
16
Da costo a risorsa - Attività produttive e protezione dei dati personali
What Is Changing in Production Activities
Gaetano Rasi (1)
Contents: 1. Deep-Ranging Changes – 2. Assessing Market Requirements – 3. Effects on
the Relationships between Economic Actors – 4. Privacy as Quality – 5. Cost-Benefit
Analysis Applied to Spamming – 6. Need for Balancing Data Protection and Freedom
of Enterprise – 7. The Features of the New Challenge
1. Deep-Ranging Changes
We all believe that we are living through an age of deep-ranging changes involving, to an ever-increasing extent, all human activities. Technological developments enable communication in a way that was unconceivable up to some time ago,
indeed they allow almost doing away with distance in the transfers of goods, capitals, and persons and reduce decision-making time by directly influencing production and distribution mechanisms. On the other hand, technological developments
produce effects on – or, as is the case with the Internet, go beyond – the relationship conventionally existing between effectiveness of domestic law and territorial
scope of application. As regards personal data protection, this raises several issues for
consideration – which confirm day after day that the overall framework of data protection legislation is really at the crossroads of the development paths followed by
contemporary society.
In analysing the consequences resulting from these innovations and opportunities, one usually dwells on the legal wording setting out the limitations that may
apply, if any, to an individual’s right of being in control of the information concerning him or her.
Being an economist, I think it is appropriate to point out that – jointly with
the ethics principles and the legal conditions to be safeguarded – there is also a
change in progress concerning both the weight of production and distribution factors as related to final results and work management policies inside enterprises.
Specific attention should be paid to the de-composition of production processes. I am referring to the increasingly widespread practice of fragmenting the steps
between launch of the project concerning a given product (good or service) and
marketing of such product. This is where personal data are transferred.
The widespread practice of process decomposition is not an instance of de-industrialisation; in fact, it entails conferring specific, specialised functions in respect
(1) Member, Italian Data Protection Authority.
Gaetano Rasi - What Is Changing in Production Activities
17
of individual components and positions that will be ultimately assembled to yield
the finished product. Again, personal data are processed throughout the phases of
this process.
Moreover, innovation as the driver of production progress has long ceased being limited to the effects produced on manufacturing processes or else on the invention of new products. Indeed, innovation also means introducing new organisational patterns – such as the externalisation allowed by outsourcing -, using automated systems to communicate and process data, or jointly managing business sectors that are shared with other enterprises.
2. Assessing Market Requirements
Innovations are successful not only to the extent that they are original, but also – quite often – insofar as they are based on the assessment of emerging and/or
hidden market requirements.
This consideration shifts the focus of discussion on the personal components of
the assessment performed by seller and purchaser in the decision-making leading to
conclusion of a “contract” in modern times.
In bilateral contracts – including those based on the mere acceptance of a public offer, such as the exhibition of goods in a shop window or on a shelf, or an offer advertised on media – a party’s decision to enter the contract does not result exclusively from cost assessment as it is also based on the existence of some guaranteed certainties, in addition to the considerations relating to taxation and/or contractual constraints as well as to the immediate and/or future availability and accessibility of the relevant good.
Therefore, a key role in shaping both the seller’s and the purchaser’s intent is
played by the assessment of the certainty degree in addition to the evaluation of economic suitability. And the former item is a typical component of an actor’s individual personality.
Let us briefly consider the components coming into play as regard intent formation. They are the following: a) the ratio between the sacrifice inherent in the price to
pay and the expected benefit resulting from the good to be acquired; b) the economic suitability related to deprivation of the good as opposed to the profit resulting from
payment of the relevant consideration; c) the degree of risk related to sale/purchase
mechanisms, immediate/postponed delivery, and payment in cash or by instalments;
d) guarantees against hidden flaws/defects; e) validity of payment means; f) trust in
post-sales assistance (spare parts, repairs, time to repair, etc.); g) reliability in managing customer relations (professionalism, confidentiality, customisation, continuity,
service levels, performance quality, adequacy of information, instructions for use, etc.).
18
Da costo a risorsa - Attività produttive e protezione dei dati personali
Points c) and g) are related to the processing of personal data. It is quite clear
that the appropriate management of the information concerning those collecting
and/or providing such information means certainty for the market. Sellers tend to
expand their offers and purchasers feel that their rights are safeguarded. Regulating
liability in performance-based contracts is a source of trust as well as providing the
foundations for the expansion phases of the economic cycle.
There is currently no assessment system available as regards the quality resulting
from the appropriate processing of personal data in the economic activities related to
the exchange of goods against a consideration. However, this component would appear to play a key role by having regard to the importance attached by businesses to
the information on their prospective customers’ conduct and timeliness in paying as
well as, on the other hand, to the concern shown by purchasers in respect of the accuracy of the information describing their conduct. The protection of privacy is fundamental in connection with assessing reliability and creditworthiness.
The relationships between enterprises and consumers are also changing.
As maintained by Vance Packard in the ‘50s, advertising companies availed
themselves of the techniques conventionally implemented by “hidden persuaders”,
who “do not sell products, but buy customers” for mass-production industry. In the
face of a mass market, commercial communication also tended to massification. Consumers were not taken into consideration as individuals, but rather as members of a
homogeneous, non-diversified group. Conversely, new contacting methods based on
customised advertising are getting increasingly common nowadays – partly because of
the modern interactive communication systems. Each consumer is therefore becoming the focus of a network of messages converging on him/her to get him/her to purchase goods by leveraging his/her specific interests and individual requirements. The
shift from “mass-oriented” to “individual-oriented” markets has already taken place.
However, the change has not concerned “commercial contact” and “invitation
to purchase” components only. The post-sales phase, i.e. the services provided to established customers, is also undergoing considerable modifications because of the
technical possibility to fine-tune assistance by meeting the consumer’s ever-changing, diversified requirements.
It is no chance that customer loyalty programs have long become the staple of
business management and huge resources are being invested in order to carefully
manage customer relationships and extend their duration – according to Customer
Relationship Management (CRM) principles.
I think it is important to point out that the public administration also avails
itself increasingly of technological tools, at both central and local level, in order to
facilitate contacts with citizens and provide its services speedily and transparently. I
am referring, in particular, to the modernisation of bureaucratic activities that is of-
Gaetano Rasi - What Is Changing in Production Activities
19
ten referred to as e-government. This complex change, though including positive
features for both enterprises and public bodies and producing beneficial effects to
consumers and citizens, is also fraught with some dangers and criticalities.
3. Effects on the Relationships between Economic Actors
The protection of personal data – seen against this background – takes on key
importance as it produces deep-ranging effects on the relationships between economic actors.
Thus, privacy retains its fundamental role within the framework of fundamental personal rights – that is to say, it is established by now as a pre-requisite to
ensure implementation of all other personal rights set out in constitutional instruments – and, at the same time, it is coming to play a strategic role in determining
future market developments. Privacy can set the inviolable boundary defending citizens against undue influence and/or interference from enterprise and/or the public administration. However, in a negative perspective, privacy can also dampen the
development of an offer that cannot adjust to the demand coming from markets
and the society at large – as per a fundamental law of economics. Therefore, it is
necessary to create the conditions for the protection of personal data to become a
driver of economic development rather than a hindrance to growth.
Given these premises, there is little doubt that the right to personal data protection is bound to play a fundamental role in shaping the future pattern of the relationships between enterprise and consumers as well as between public bodies and
citizens.
On the one hand, there is the danger – resulting from new technologies – that
consumers are besieged, denuded and influenced, investigated and surveilled daily
by “collectors of personal information” – who, in the absence of rules and checks,
or preferably of self-regulatory tools such as codes of practice, might use this information to urge useless or downright harmful purchases and stimulate demand in a
way that is unrelated to real, actual requirements. The ultimate risk is that customers may be exposed to undue influence or else give up in exhaustion. On the
other hand, markets might end up being blocked and unable to get in touch with
consumers to set up a direct relationship with them, which would oblige them to
re-trace their steps and avail themselves of the methods used by “hidden persuaders”
to induce mass consumption – via invasive, redundant advertising. Similar considerations apply to the activity of the public administration.
20
Da costo a risorsa - Attività produttive e protezione dei dati personali
4. Privacy as Quality
The protection of personal data by public authorities and the attempt to protect personal data made by individuals – if placed in an efficient, knowledgeable
economic context – can actually assist in developing appropriate, more productive
relationships between enterprise and consumers as well as between institutions and
citizens. Indeed, the existence of data protection legislation can allow improving the
quality of relationships with customers and citizens: enterprises can be provided
with accurate, truthful information that is collected with the data subjects’ consent
where the latter are really interested in being contacted for commercial purposes.
The same applies to the data that are processed by public utility bodies. In this manner, social usefulness and all-round ethicality can become components of today’s
open economy, which tendentially goes hand in hand with the open society and the
awareness of the community benefits to be achieved.
On the other hand, if one considers the evolution of privacy over its centuryold history, one could argue that its peculiar feature, indeed the core of this major
legal achievement, consists exactly in the capability to adjust itself to new social requirements.
Personal data protection has been the subject of deep-ranging regulations
throughout Europe for over thirty years. Data protection has sprouted from the
privacy law tree, which had been first sown at the end of the 19th century in the
US legal system as the expression of the elitarian “right to be left alone”. However, nowadays it has turned into the response to a requirement existing cross-wise in
all social strata – i.e. the requirement that everyone should be in control of the information concerning him or her so as to be free to decide how to behave in the
frequently strained relations between individuals and society. Personal data protection has ceased to be a right simply aimed at protecting the privileges of the happy few; it has become a pre-requisite for the development of everyone’s personality – a pre-requisite to exercise the fundamental rights pertaining to all citizens. It
is no chance that exactly the protection of personal data is included – in the Chapter concerning “Dignity of Individuals” – among the opening principles of the
Charter of Fundamental Rights of the EU signed in Nice in December 2000 –
now corresponding to Article 50 of the Draft Constitution, which is appropriate
to quote here in its entirety: “1. Everyone has the right to the protection of personal
data concerning him or her. 2. A European law shall lay down the rules relating to the
protection of individuals with regard to the processing of personal data by the Union’s
Institutions, bodies and agencies, and by the Member States when carrying out activities which come under the scope of Union law, and the rules relating to the free movement of such data. Compliance with these rules shall be subject to the control of an independent authority.”
Gaetano Rasi - What Is Changing in Production Activities
21
Therefore, we are confronted with a social, cultural and political achievement
of the utmost importance.
This is shown most clearly by considering the unrelenting technological development and the importance that is attached to the free flow of information both in
social and in economic terms. Whilst it is increasingly easy to communicate and
collect information on any of us for multifarious purposes, it is fundamental to set
out the boundaries within which this type of processing is lawful and to what extent one may exercise the right to informational self-determination.
I think it is quite evident that the regulatory framework applying to data protection rests not only on ethical and cultural developments, but also on the findings
of sociological and economic analysis – which goes well beyond the dry ground of
legal technicalities.
5. Cost-Benefit Analysis Applied to Spamming
An especially interesting approach to better appreciate the development of this
regulatory framework with regard to a continuously evolving social model can be
found by considering the so-called law economics. No law scholar should actually refrain from assessing the cost-benefit ratio as resulting in an advanced society from the
existence of privacy regulations. There is little doubt that personal data protection
is a fundamental requirement in contemporary society; however, it is also obvious
that this requirement should be gauged against the economic effects produced by
its existence. Economists can provide an especially important contribution to this
analysis in order to fully understand the impact produced by personal data protection legislation on production activities.
In a paper by Maryfran Johnson (from Computerworld) of 25 February
2002, it was stated that businesses and consumers were increasingly aware that respect for privacy provided opportunities for increasing profit and customer loyalty. This is compounded by the fact that businesses and private/public bodies are
increasingly mindful of the risk of having to pay the monies they had not invested to ensure data security in the form of administrative sanctions and legal costs
following breaches of the relevant regulations. A survey by Harris Interactive
showed actually that dissemination of personal data without the customer’s consent – in particular as related to spamming – was the first cause of concern for consumers, of whom 84% requested “independent verification” of the privacy policies
adopted by businesses. According to estimates released by Forrester Research, the
online business turnout in 2001 might have been higher by 15 billion dollars –
compared with the 47.6 billion dollars achieved – if consumers had been more
confident in the privacy afforded by businesses.
22
Da costo a risorsa - Attività produttive e protezione dei dati personali
The discussion is therefore focused on the cost/benefit analysis applied to
spamming as well as on balancing the interests at stake – those aimed at market expansion and those concerning consumer protection (and satisfaction).
New items should be added to the above considerations, since a trend reversal
and the improvement in network economy starting from 2003 prompted the revision of several alarming, at times downright catastrophic, forecasts made in previous years by spamming analysts – including the one by Forrester Research.
On the one hand, market protection mechanisms were developed spontaneously and autonomously in order to curb the expansion of spamming, such as
- huge investments by service providers in anti-spamming technology, information-raising and research and development of new strategies,
- market efforts made by businesses to set up transparent relationships with
consumers also based, in particular, on sending e-mails with their prior, specific consent, and
- cultural growth and increased familiarity with computer science by increasingly discriminating, well-informed network users.
On the other hand, the law-making policy followed by the EU with a view to
safeguarding personal data – which are increasingly threatened on the Net – was also extended to the Usa albeit in accordance with a different approach, and this led
to significant improvements in all respects.
Therefore, there is by now little doubt that only a multi-policy approach to
this issue, i.e. based on legislation, self-regulation, advanced technology and international co-operation, can yield a successful solution to reduce spamming.
Let us get back to the study carried out by Forrester Research in 2001, showing that the online turnout might have been higher if privacy had been more respected. This finding should now be assessed in the light of the evolution that was
subsequently experienced by network economy both in the Usa and in Europe.
This is a complex analysis both on account of the enhanced behavioural differences applying to network users, i.e. Americans and Europeans, and because of
the difficulties in interpreting survey findings – which are often so ambiguous and
contradictory as to dangerously lend themselves to supporting opposite views.
Based on recent forecasts, spamming is expected to boom in 2004 up to five
times as much as the amount reported for 2003. Moreover, it was found that in July 2003 junk e-mail accounted for 50% of e-mail messages.(2)
Will this jeopardise network economy, or the network itself?
Before going forward, one should stress that the definition of spamming is not
unanimously agreed upon in Europe and the Usa; nor is the impact produced by
spamming on the development of network economy and privacy protection unanimously evaluated.
(2) According to Brightmail, as quoted in DSTI/ICCP(2003)10/FINAL, published by OECD on 22.01.2004.
Gaetano Rasi - What Is Changing in Production Activities
23
More optimistic views are held in the Usa, whereas the reports released by both
OECD and EU voice increased concerns.
The European Commission(3) as well as some countries including France(4) and
Australia has adopted standard definitions, sharing the view that spamming consists
in unsolicited commercial messages that are usually mass-mailed repeatedly, whereby the sender has intentionally disguised or forged his/her identity in order to deceive recipients.
A more concise as well as broader definition can be found in the study on
spamming carried out by the US Federal Trade Commission, released in May
2003,(5) and this definition was also used by the OECD(6) - spamming is considered
to include both junk e-mail and “any message that is disliked by a customer” regardless of the latter’s consent.
The latter definition significantly changes the conceptual framework of spamming and postulates a new definition of the fight against spamming as well as the
re-configuration of the relationships between businesses and consumers.
6. Need for Balancing Data Protection and Freedom of Enterprise
Therefore, increased attention to security of information and appropriate management of data flows is a fundamental prerequisite in order to prevent unpleasant
consequences. As for businesses, Computerworld referred, in particular, to three
items they should take into account in this regard, i.e.
1. Ensuring that customer data are accurate, updated and homogeneous in
order to adequately take account, for instance, of privacy preferences;
2. Refraining from the establishment of oversize databases: “small is better”
for privacy;
3. Keeping up with legislation and regulatory developments (which are becoming increasingly important in the Usa as well).
Without prejudice to the need for supervisory authorities to impose sanctions
as required, it should be pointed out that this should not turn out to be a hindrance
to freedom of enterprise; in fact, it should contribute to strengthening the rule of
law as well as trust in economic exchanges.
The search for balance within the framework applying to personal data protection is fundamental to enable effective development. The privacy culture is get(3) According to the 2001 European Commission’s Report on “Unsolicited Commercial Communications and Data Protection”, “Spam is generally understood to mean the repeated mass mailing of unsolicited commercial messages by a sender
who disguises or forges his identity”.
(4) See the definition adopted by the Commission Nationale de l’Informatique et des Libertés.
(5) Forum on Spamming, chaired by Mozelle Thomson.
(6) See DSTI/ICCP(2003)10/FINAL, published by OECD on 22.01.2004.
24
Da costo a risorsa - Attività produttive e protezione dei dati personali
ting increasingly widespread in our country. We should consider – which does not
apply to Italy only – that the “incorporation” of privacy compliance into goods and
services is soon to become a requirement dictated exactly by market. Any business
that is not capable to meet this new demand will be in danger of being ousted from
the market. In short, the competition pattern that is being developed is one in
which it will be increasingly difficult to find and ensure loyalty of customers if the
products on offer do not comply with the demand for respecting privacy.
Thus, it is of the essence to appreciate the economic costs of protecting personal data and how they can contribute to setting a price that is competitive because
it also includes this new qualitative feature. It is also fundamental to appraise the
benefits resulting from the existence of a right to personal data protection, not only from a social viewpoint, but also in merely economic terms. Given the most recent developments in the marketing sector, in particular the so-called permission
marketing whereby promotional initiatives are based on the recipient’s prior consent, one might reasonably argue that data protection and effective marketing can,
indeed must go hand in hand. Therefore, let me say it once again, businesses can
leverage respect for privacy in order to set up customer relationships based on mutual trust and transparency.
The contributions collected in this book are aimed at providing an overview –
never attempted before in Italy – of these largely unexplored issues related to personal data protection. The ultimate objective, as readers may have gathered from the
above considerations, would consist in starting an exercise with a view to identifying the criteria to be taken into account to reconcile effective data protection with
efficiency of a development-oriented economic system. Apart from a few commendable exceptions, scholars have not yet addressed privacy issues in this perspective; in fact, it is a necessary step in order to better understand and manage the complex social and technological changes of which personal data protection is a fundamental component.
7. The Features of the New Challenge
Privacy is therefore called upon to cope with a new challenge, i.e. how to be at
the crossroads between businesses’ growth and civil society’s development by simultaneously meeting the protection demand coming from individual consumers. Actually, we are facing what is termed a “win-win situation” in the Anglo-Saxon world,
in which both parties can benefit from the stipulation of an agreement. Within the
framework of the relationships between economic actors, privacy is bound to be the
founding value of a covenant between businesses and consumers that will enhance
the dynamic features of a market comprised of entities making free, informed deci-
Gaetano Rasi - What Is Changing in Production Activities
25
sions. This is the new frontier for personal data protection as an instance of nowadays’ qualitative concept of social and economic development, which must be capable to raise merely quantitative increases in the production of goods and services
to a higher level.
This is the spirit in which the Italian data protection Authority considers it
useful to draw the international scientific community’s attention to the issue at
stake. We do hope that in so doing we will manage to pave the way to new approaches to research and confrontation between law and economics, and thereby
spark further debates on the future of data protection.
26
Da costo a risorsa - Attività produttive e protezione dei dati personali
Contributi
S ESSIONE I
L A TUTEL A DEI
DATI PERSONALI
NEL MERC ATO GLOBALE
Sessione I – La tutela dei dati personali nel mercato globale
Privacy Benefits and Costs From a U.S. Perspective
Robert Gellman (1)
Contents: I. Introduction - II. Privacy Protections Benefit Record Keepers – III. The Absence of Privacy Protections Costs Record Subjects – IV. Challenges in Assessments of Privacy Costs and Benefits – V. Conclusion
Protecting the privacy of personal information involves costs and results in
benefits. Most analysts in the United States would probably agree with that statement, but there is little agreement on much else relating to privacy costs and benefits. The purpose of this paper is to identify some cost and benefit elements that
should be considered in evaluating the economics of privacy protection in the United States. No comprehensive model is proposed.
A major preliminary issue is defining privacy. This is much more of a problem
in the United States than elsewhere. Most of the world accepts Fair Information
Practices (FIPs) as describing the basic elements of information privacy. Support of
FIPs by the American government and American record keepers has been fitful.
Privacy protections may benefit record keepers as well as record subjects. The
types of benefits that may accrue to record keepers include an increase in sales, a reduction in transaction costs, record keeping efficiencies, reduced costs through
greater uniformity of privacy requirements, and other benefits.
Privacy rules – and the absence of privacy rules – also have consequences for
consumers. One way to measure the importance of privacy to consumers is to observe actions that consumers take to protect their personal information. An American family seeking to protect the privacy of its information could spend hours of
time and several hundred dollars annually in out-of-pocket expenses plus other intangible and unmeasurable costs. Some will pay higher prices for goods and services to protect privacy. Avoidance of identity theft, a crime fueled by the availability
of personal information, imposes other costs for consumers. Assessing privacy costs
and benefits in a formal way is difficult anywhere. Challenges include:
(1) Privacy and Information Policy Consultant - Usa
Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective
29
- Establishing a baseline from which to measure the actual or likely effect of
a rule.
- Identifying benefits from privacy rules and quantifying the benefits,
whether the benefits accrue to record keepers or record subjects.
- Identifying and valuing record keeper costs.
Future work will benefit greatly from agreement on the definition of privacy;
on whether and how to account for secondary and tertiary effects of processing
practices; on how to find fair ways to share costs and benefits between record subjects and record keepers; and on how to measure baselines internationally in light
of significantly different privacy regimes.
I. Introduction
Protecting the privacy of personal information involves costs and results in benefits. Most analysts in the United States would probably agree with that statement,
but there is little agreement on much else relating to privacy costs and benefits.
The United States, with its highly developed marketplace for personal data and
lack of legislative protection for many types of personal data, presents a particular
challenge for evaluating costs and benefits. It is difficult to find agreement in the
United States on basic definitions of privacy or on the categories of costs or benefits that might be measured. Unlike countries that have omnibus privacy laws, the
United States has occasional and uncoordinated state and federal privacy laws; selfregulatory activities that range from meaningful to insincere; and no response to
privacy at all. Professor Spiros Simitis once described the American approach to data protection as “an obviously erratic regulation full of contradictions, characterized
by a fortuitous and totally unbalanced choice of its subjects.”(2) Simitis’s characterization remains true ten years later.
The purpose of this paper is to identify some cost and benefit elements that
should be considered in evaluating the economics of privacy protection in the United States. No comprehensive model is proposed. The goal is simpler. First, some of
the benefits from privacy that accrue to record keepers (rather than record subjects)
are identified. Some American record keepers have been vocal about the costs of privacy, while ignoring the benefits. Their controversial privacy cost studies are only
mentioned here in passing. Second, some of the costs that consumers bear when privacy is not protected at law or by business practice are discussed. Third, several challenges of assessing costs and benefits are reviewed. The conclusion considers some of
(2) Spiros Simitis, New Trends in National and International Data Protection Law, in Recent Developments in Data Privacy
Law 22 (J. Dumortier ed. 1992).
30
Da costo a risorsa - Attività produttive e protezione dei dati personali
the fundamental difficulties that arise in assessing privacy costs and benefits.
A major preliminary issue is defining privacy. This is much more of a problem
in the United States than elsewhere. Most of the world accepts the Fair Information
Practices (FIPs) defined in the Guidelines of the Organization for Economic Cooperation and Development(3) as describing the basic elements of information privacy.(4) The eight OECD FIPs are: Collection Limitation, Data Quality, Purpose Specification, Use Limitation, Security Safeguards, Openness, Individual Participation,
and Accountability.
Although FIPs were first proposed as a framework for privacy in the United
States in 1973,(5) and although the US Government embraced the OECD Guidelines during the early years of the Reagan Administration,(6) active support of FIPs
has been fitful. American companies, trade associations, and even federal agencies
significantly restate FIPs to suit their own interests. The result is that it is difficult to
find any broad consensus on privacy policy, goals, or language in the United States.
For example, in 2000, the Federal Trade Commission recommended that consumer-oriented commercial websites that collect personal identifying information
from or about consumers online should be required to comply with “the four widely-accepted fair information practices.”(7) The FTC’s version of FIPs includes notice,
choice, access and correction, and security. Choice is not a core element of traditional FIPs. Choice means that consumers would have to be offered some ability to
say how their personal data may be used for secondary purposes. It appears that the
FTC modeled its choice principle on privacy policies from elements of the American business community.
(3) Organization for Economic Cooperation and Development, Council Recommendations Concerning Guidelines Governing
the Protection of Privacy and Transborder Flows of Personal Data, 20 I.L.M. 422 (1981), O.E.C.D. Doc. C (80) 58 (Final)
(Oct. 1, 1980), at <http://www.oecd.org//dsti/sti/it/secur/prod/PRIV-EN.HTM>. See also Council of Europe, Convention
for the Protection of Individuals with Regard to Automatic Processing of Personal Data, 20 I.L.M. 317 (1981), at <http://conventions.coe.int/treaty/en/treaties/html/108.htm>.
(4) Colin J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (1992).
(5) Secretary’s Advisory Committee on Automated Personal Data Systems, Records, Computers, and the Rights of Citizens (1973)
(Department of Health, Education & Welfare) <http://aspe.os.dhhs.gov/datacncl/1973privacy/tocprefacemembers.htm>.
(6) See Report on OECD Guidelines Program, Memorandum from Bernard Wunder, Jr., Assistant Secretary for Communications and Information, Department of Commerce, to Interagency Committee on International Communications and Information Policy (Oct, 30, 1981), reprinted in International Telecommunications and Information Policy, Hearings before a Subcommittee of the House Committee on Government Operations, 97th Congress at 27-58 (1981-82). Official supporting activities were part of an effort to show interest in privacy through voluntary action rather than legislation. See General Accounting Office, Privacy Policy Activities of the National Telecommunications and Information Administration, (Aug. 31, 1984)
(GGD-84-93). More than 180 major U.S. multinational companies and trade associations endorsed the guidelines. The Reagan Administration dropped its interest in the Guidelines by 1983. The sincerity of the effort has been questioned, and the
effect of the endorsements was unclear at the time. Robert M. Gellman, Fragmented, Incomplete, and Discontinuous: The Failure of Federal Privacy Regulatory Proposals and Institutions, 6 Software Law Journal 199, 227-233 (1993).
(7) Federal Trade Commission, Privacy Online: Fair Information Practices in the Electronic Marketplace, (May 2000), at
<http://www.ftc.gov/reports/privacy2000/privacy2000.pdf>.
Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective
31
The FTC statement of FIPs does not address the collection limitation or data
quality principles. The accountability principle is not mentioned, but it is part of
the FTC’s proposal by implication since the Commission would have an enforcement role. The other missing principle is that of purpose specification. The Commission’s choice principle appears to be a partial substitute. What is absent is any
requirement that a record keeper specify the purposes for data collection and that
subsequent use or disclosure be limited to those purposes and other closely related
purposes. Other restatements of FIPs by American businesses contain even fewer
FIPs elements than the FTC’s version.
The importance of a definition is that the costs and benefits of privacy depend
on what elements are being assessed. Selective review of either costs or benefits produces an incomplete picture. Those who seek to assign a high price tag to privacy
sometimes focus on cost without considering the corresponding benefits or methods for mitigating the costs or consequences.
II. Privacy Protections Benefit Record Keepers
Privacy protections benefit consumers.(8) However, it is often overlooked that
protecting privacy may be good for record keepers as well as record subjects. In the
United States, self-regulatory activities are evidence that some businesses recognize
that offering privacy protections is important to attracting and satisfying customers.
Protecting privacy may be another factor in business success, along with free parking, competitive prices, convenient hours, and good service.
For some in the American business community, the principal motivation for
self-regulation is a desire to avoid additional privacy legislation at the federal or state
level. However, some companies sincerely believe that privacy is important to their
customers and therefore to business operations. For activities such as health care,
customers expect a higher degree of privacy protection, and privacy is an inherent
characteristic.
The types of benefits that may accrue to commercial record keepers include an
increase in sales, a reduction in transaction costs as privacy-sensitive consumers
agree to use less expensive Internet facilities, record keeping efficiencies, and reduced costs through greater uniformity of privacy requirements.
A. Increased Sales
The lack of adequate controls over the use and disclosure of personal information appears to take a significant toll on Internet sales. Internet users fill and
(8) This paper uses the terms record subject, consumer, and customer interchangeably. In some contexts, the terms can have
different meanings or connotations.
32
Da costo a risorsa - Attività produttive e protezione dei dati personali
then abandon shopping carts in huge numbers. One study suggests that four out
of five consumers try to purchase online and give up. The two leading reasons
are 1) too much information has to be provided, and 2) unwillingness to enter
credit card details.(9)
Other studies and surveys show the importance of privacy in the online environment. In a recent report to the Congress, the Federal Trade Commission estimated that lost online retail sales due to privacy concerns may be as much as $18
billion. The FTC also cited a study showing that 92% of respondents from online
households stated that they do not trust online companies to keep their personal information confidential.(10)
Marketplace effects are sometimes most apparent when consumers react angrily
to privacy policies. In 1998, a newspaper story revealed that two pharmacies in the
Washington, D.C., area were sending prescription information to an independent
company that mailed patients reminders about prescription refills. Within a few days,
both pharmacies stopped the programs because of customer complaints.(11) Another
illustration comes from a change in a privacy policy announced in 2002 by Qwest
Communications, a large regional telecommunications company in the Western
United States. Qwest told customers that their personal data would be disclosed to
subsidiaries and to others unless the customers took steps to opt-out. In response to
complaints from customers, regulators, and consumer groups, Qwest revoked the
new policy within weeks and substituted a policy more acceptable to consumers.(12)
The extent to which good privacy policies or practices increase sales, whether
in an online or offline environment, is hard to measure directly. Anecdotal evidence
suggests that consumers sometimes object when they become aware of data practices, and these objections may result in a loss of business or a tarnished reputation
for the company. A headline from a recent report from a business research company makes the point clearly: Enterprises That Stray From Best Practices When Dealing
With Personal Information Risk Customer Backlash or Worse.(13)
(9) A.T. Kearney, Satisfying the Experienced On-Line Shopper at 8 (2000) <http://www.atkearney.com/pdf/eng/Eshopping_survey.pdf>.
(10) Federal Trade Commission, Privacy Online: Fair Information Practices in the Electronic Marketplace 2 (2000)
<http://www.ftc.gov/reports/privacy2000/privacy2000.pdf>.
(11) Robert O’Harrow Jr., Prescription Sales, Privacy Fears: CVS, Giant Share Customer Records With Drug Marketing Firm,
Washington Post, Feb. 15, 1998 at Page A01; Robert O’Harrow Jr., Giant Food Stops Sharing Customer Data, PrescriptionMarketing Plan Drew Complaints, Washington Post, Feb. 18, 1998 at Page A01.
(12) Lisa M. Bowman, Qwest Backpedals on Privacy Plan, ZDNet News, Jan. 28, 2002 <http://zdnet.com.com/2100-1105824663.html>.
(13) W. Janowski, Worst Practices in Customer Privacy Management (2002) (Gartner Group) (TU-16-6918) retrievable at
<http://www3.gartner.com/pages/story.php.id.2367.s.8.jsp>.
Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective
33
B. Reduced Transaction Costs
Internet transactions offer the benefit of reduced transaction costs. It is widely
reported, for example, that bank transaction costs greatly diminish when customers
shift to the Internet. A typical transaction involving a bank teller may cost from
$1.00 to $1.44. A transaction at an automatic teller machine may cost 25 to 30
cents. However, estimates of the cost of an Internet transaction range between 1 and
4 cents.(14) The reduction in cost from an Internet transaction may exceed 95 percent.
Assessing the level of consumer concerns about privacy and the marketplace effects of those concerns is difficult and controversial. However, even if only a relatively small percentage of consumers decline to engage Internet transactions because
of privacy concerns, privacy protections that would induce more customers to use
the Internet can still result in a net benefit for companies through a reduction in
cost. The savings may be sizeable enough to outweigh the revenues that a bank may
realize by exploiting customer records for other purposes.
C. Record Keeping Efficiencies
Many good privacy practices are good record management policies as well. Evidence suggests that privacy laws sometimes force record keepers to do things that
they should have done otherwise. The effect of a privacy law can be better protections for data subjects as well as greater efficiency and lower costs for record keepers. Clear examples with firm cost savings are hard to find without considerable research and cooperation from record keepers. However, experience with a governmental privacy law offers some useful anecdotal evidence.
The Privacy Act of 1974(15) was one of the first generation of privacy laws.(16) It
applies only to federal agencies in the United States, and it requires agencies to implement Fair Information Practices in a systematic way. The combined effect of the
law’s provisions requiring publication of notices of data systems, inclusion of privacy notices on forms that collect information from individuals, and other privacy
protections forced agencies to review and reconsider their data processing practices.
In a 1977 review of the law, the Privacy Protection Study Commission reported
these results:
- Some agencies eliminated systems of records in order to avoid the requirement to publish a descriptive notice.
(14) See, e.g., Juan Hovey, Bank On It, Entrepreneur Magazine (April 2000) <http://www.Entrepreneur.com/article/0,4621,268144,00.html>.
(15) 5 U.S.C. §552a.
(16) For a discussion of the generations of privacy laws, see Viktor Mayer-Schönberger, Generational Development of Data
Protection in Europe in Technology and Privacy: The New Landscape, 218-241 (Philip E. Agre & Marc Rotenberg eds.,
1997).
34
Da costo a risorsa - Attività produttive e protezione dei dati personali
- Some agencies disposed of records to avoid the responsibility of managing
them.
- The Foreign Service reduced the amount of material in its personnel
records by 50 to 60 percent.
- The Drug Enforcement Administration destroyed some records after discovering that it has no statutory authority to maintain them.
- The United States Information Agency eliminated 9300 personnel
records. The Community Services Administration also disposed of outdated personal records.
- The Department of Housing and Urban Development and the National
Center for Health Statistics eliminated personal identifiers from research
records.
- Some agencies stopped publishing directories with the home addresses
and telephone numbers of employees.
- One agency removed Social Security Numbers and other irrelevant information from carpool application forms.
- The Civil Service Commission revised the government’s standard employment application form and eliminated 20 subsystems, including unnecessary records on 1.3 million individuals.
- The Department of Labor stopped collecting Social Security Numbers
from two million people each year, changing the records from identifiable
to non-identifiable.
- The Department of Defense eliminated more than 58,000 forms, and
simplified another 22,000 forms. Hundreds of data elements were eliminated from some personnel systems.(17)
These actions taken to comply with privacy requirements resulted in cost savings, greater efficiency, better management, improved compliance with legal obligations, or other benefits to the record keepers. Improving controls over information
systems with personal data helps both the record keeper and the record subject. A
measurement of the benefits, however, is not available.
Some evidence of commercial benefits from privacy regulations can also be
found. Perhaps more than any other industry, the American credit reporting industry is heavily regulated for privacy. The Fair Credit Reporting Act,(18) which dates
back to 1970, is the oldest federal commercial privacy law. Equifax, one of the three
major American credit bureaus, acknowledged the benefits of privacy in a 1992 annual report. Equifax said that greater attention to customer concerns for fair infor(17) Privacy Protection Study Commission, The Privacy Act of 1974: An Assessment 51-55 (1977) (Appendix 4 to the Report
of the Privacy Protection Study Commission) <http://aspe.hhs.gov/datacncl/77apdx4/index.htm>.
(18) 15 U.S.C. §1681 et seq.
Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective
35
mation practices “has reduced operating costs and increased profit margins.”(19)
When companies that use records to make decisions about consumers maintain
those records with greater accuracy, the result will be fairer and better decision-making as well as lower costs.
D. More Efficient Compliance through Greater Uniformity
The European Union long ago realized the importance of privacy laws to its
common market for goods and services. Few Americans recognize that the EU Data Protection Directive has two separate purposes: one regarding the protection of
personal privacy, and one on the free movement of personal data. The Directive recognizes that a uniform level of privacy is vital to the transfer of personal data within the EU internal market.(20)
In the United States, recognition of the same principle continues to grow in
other ways. Perhaps the single most important privacy issue for the American business community is the desire for uniform federal rules that preempt state laws.
American companies that operate in interstate commerce do not want to face having to comply with fifty different state laws. They argue that differences in state laws
as well as differences in national laws create barriers to commerce.
While some in the American business community still wish that privacy would
disappear as a public concern, it is apparent that privacy is here to stay. Record keepers will be forced by laws, self-regulatory mechanisms, or market pressure to address
privacy. Thus, the choice is not whether to have privacy rules, but who will impose
the rules. Whether self-regulation is effective is an open question. However, self-regulation may not dissuade legislators from enacting privacy laws so the jurisdiction
issue may be unavoidable.(21) Laws govern international personal data processing activities in many countries, and those laws are also unavoidable.
Companies that do not meet international standards for privacy face the
prospect of either lost business or increased costs to meet those standards. It is difficult to put a price tag on the potential losses and costs, but the strong objections
from parts of the business community suggest that the stakes are significant. The
Safe Harbor agreement(22) between the US Department of Commerce and the European Commission offers one way for American companies to meet EU standards.
Meeting the terms of Safe Harbor imposes costs on American record keepers, with
(19) Equifax, Inc., Annual Report to Stockholders 17 (1992), quoted in Paul M. Schwartz & Joel R. Reidenberg, Data Privacy Law 264-65 (1996).
(20) Recital 8.
(21) Even self-regulation raises its own jurisdictional problems. See Robert Gellman, Can Privacy Be Regulated Effectively on
a National Level? Thoughts on the Possible Need for International Privacy Rules, 41 Vill. L. Rev. 129 (1996).
(22) <http://www.export.gov/safeharbor/>.
36
Da costo a risorsa - Attività produttive e protezione dei dati personali
corresponding benefits to the data subjects whose personal information is exported
to the United States.
If the United States enacted privacy legislation that allowed American companies to conduct international business activities without the need for individual
company compliance with privacy standards of other countries, more uniform and
less expensive privacy obligations would be one result. As the EU Member States already learned, a degree of uniformity in privacy regulation opens markets, reduces
barriers, and lowers costs. The benefits to business of privacy harmonization can be
significant, although the benefits may be hard to quantify. The same benefits might
flow to businesses if American legislation established either common or minimum
standards within the United States.
Preemption of state laws is one of the most controversial privacy issues in the
United States. Privacy advocates generally oppose federal laws that prevent states
from enacting laws with higher standards. Advocates tend to favor federal privacy
laws that establish a floor of protection with the possibility that state laws that offer addition protections can remain in force. Businesses tend to favor federal laws
that completely preempt state laws so that there is a single uniform rule throughout
the country.(23) Resolution of competing demands about preemption will not happen quickly or easily. However, either approach toward uniform or minimal privacy standards bring with it some promise of cost savings for record keepers.
E. Other Benefits
Other potential benefits include avoidance of lawsuits and reputational damage.
Even more than other benefits, these benefits are particularly difficult to quantify.
However, some companies with inadequate privacy policies or practices have been
the subjects of private lawsuits, government investigations, and negative press. The
immediate cost of responding to an unexpected and negative media story can be
measured in the millions of dollars in out-of-pocket costs and lost sales. In one highprofile case, the market value of a company that ran into privacy problems dropped
precipitously when the problems became the subject of public controversy.(24)
Another benefit from privacy can be better information from consumers. Consumers concerned about privacy, spam, or other consequences of information sharing have learned to lie.(25) Privacy protections may induce consumers to disclose accurate information so that record keepers will have better quality data.
(23) See, e.g., John Dugan, Financial Services Coordinating Council, Testimony before the Senate Banking Committee
(Sept. 19, 2002) <http://banking.senate.gov/02_09hrg/091902/dugan.htm>.
(24) See, e.g., Chris Oakes, A Turning Point for E-Privacy, Wired News, Mar. 4, 2000 (discussing DoubleClick)
<http://www.wired.com/news/politics/0,1283,34734,00.html>.
(25) See, e.g., Leslie Miller, Web Surfers Keen on Politics and Privacy, USA Today, June 30, 1996 (“More than on
fourth (26%) say they’ve given false information about themselves when asked to register at Web sites.”)
Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective
37
III. The Absence of Privacy Protections Costs Record Subjects
Any discussion of privacy costs and benefits must take a comprehensive look
at costs and benefits to all participants. Privacy rules impose costs on record keepers. Privacy rules can also result in benefits to record keepers through increased sales,
reduced costs, greater efficiencies, or in other ways. Privacy rules – and the absence
of privacy rules – also have consequences for consumers.
One way to measure the importance of privacy to consumers is to observe actions that consumers take to protect their personal information. When people perceive threats to privacy and insufficient systemic responses, they are left to protect
themselves. An American family seeking to protect the privacy of its information
could spend hours of time and several hundred dollars annually in out-of-pocket expenses plus other intangible and unmeasurable costs.(26)
A. Higher Prices
American merchants increasingly offer frequent shopper programs that offer
lower prices to consumers who register, provide personal information, and allow
their purchases to be tracked. One opponent of the cards calls them registration and
monitoring programs.(27) The most common examples are supermarket frequent
shopper cards. Before the cards were in common use, supermarkets usually offered
sales and discounts to all customers. The ability of merchants to set prices and limit discounts to registrants places tremendous pressure on consumers to participate
in the programs. Any customer who refuses to use a frequent shopper card – or is
unaware of the requirement – will pay more.
Individuals may object to these programs for different reasons, including inadequate privacy policies from the merchants and the lack of statutory protections.
Some merchants address these concerns, at least in part, by allowing anonymous
registration. Some individuals lessen the consequences by acquiring cards using
pseudonyms, by lying, or through other tactics. However, merchants sometimes require identification.
The number of people who refuse to use frequent shopper cards is unknown.
The higher prices paid by those who reject frequent shopper cards represent a direct
financial sacrifice for privacy. For consumers as a whole, it is likely that frequent
shopper programs represent a net expense from the previous regime where sale
prices were available to everyone. Under the programs, some consumers receive discounts while others pay higher prices. A group that opposes the cards suggests that
<http://www.cc.gatech.edu/gvu/user_surveys/>.
(26) See Privacy, Consumers, and Costs.
(27) Consumers Against Supermarket Privacy Invasion and Numbering <http://nocards.org/essays/nofakes.shtml>.
38
Da costo a risorsa - Attività produttive e protezione dei dati personali
supermarkets may make a profit on the programs from the higher prices that some
consumers pay.(28)
B. Junk Mail
Recipients of unsolicited advertising (junk mail) through the Postal Service
bear some costs. Recipients spend time sorting through the mail and discarding it.
They pay to have the trash removed, not a trivial expense on a nationwide scale.
The basic numbers indicate the vast scale of junk mail sent and received in the
United States:
- The average person receives 10.8 pieces of junk mail each week or nearly
560 pieces per year. For a household, the amount of junk mail received annually can easily exceed 1000 pieces a year.
- The total volume of junk mail produced each year in the United States is
approximately 4.5 million tons.
- Each year, 100 million trees are used to produce junk mail.
- Estimates are that 44% of junk mail is discarded unopened and unread.(29)
- A 1995 survey by the US Postal Service found that 50% of households
wished that they received less “advertising” mail, up from 30% in 1987.(30)
Some junk mailers allow consumers to opt-out of the sharing of their personal
information for marketing purposes. Those who do opt-out may receive less unwanted mail. The burden on consumers of opting-out is significant. Many companies require those seeking to opt-out to write letters. Writing a letter is a significant burden
on most individuals, and the cost for paper, postage, and time is not trivial.(31) If the
cost to a consumer of sending an opt-out letter were 50 cents, the consumer who opted out of one type of junk mail each week would spend $26.00 in the course of a year.
Some broader opt-outs are available, but not all are free. Individuals who want
to use the Mail Preference Service run by the Direct Marketing Association to optout of junk mail must pay a five dollar “processing fee” and pay by credit card if
they want to register for the service online.(32) The reticence of privacy-sensitive consumers to disclose their credit card numbers online is well known, so the demand
(28) See Consumers Against Supermarket Privacy Invasion and Numbering, Supermarket Cards: The Pricing Issues <http://nocards.org/savings/index.shtml>.
(29) Native Forest Network <http://www.nativeforest.org/stop_junk_mail/nfn_junk_mail_guide.htm>.
(30) Direct Marketing Association, Statistical Fact Book 1998 at 37.
(31) In regulations issued under Gramm-Leach-Bliley governing opt-outs offered by financial institutions, the Federal Trade
Commission distinguished between reasonable and unreasonable opt-out methods. The Commission said expressly that it is
an unreasonable method if the only way for a consumer to opt-out is to write a letter. The Commission favored check-off
boxes, reply forms, and electronic means to opt-out. 16 C.F.R. §313.7(a)(2).
(32)< http://www.dmaconsumers.org/cgi/offmailinglistdave >.
Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective
39
for disclosure of a credit card is a seemingly intentional barrier on the use of this
service. The DMA’s email opt-out service has no processing fee.(33) However, it is only effective for two years and must be affirmatively renewed. Exercising these optouts imposes a cost on consumers that must also be attributed, at least in part, to
the lack of adequate privacy protections.
C. Telemarketing
Telemarketing is highly unpopular among consumers. Polls confirm that people find telemarketing calls annoying, unacceptable, invasive, and offensive.(34) The
Privacy Rights Clearinghouse makes the point with the subtitle of its fact sheet on
telemarketing calls: Whatever Happened to a Quiet Evening At Home?(35) There are
many ways to measure consumer unhappiness with telemarketing. Connecticut is
one of many states that operates a state do-not-call list. Recent statistics show that
nearly half of Connecticut households have placed their telephone number on the
list.(36) When AOL announced in 1997 that it would begin to sell the telephone
numbers of its members, the move “unleashed a storm of criticism.”(37) It took only
one day for AOL to hear the complaints and reverse its decision.
The Telephone Consumer Protection Act(38) gives recipients of unwanted calls
a limited legal remedy. Several websites help people to exercise these remedies. One
reports that its members have recovered more than $800,000 in damages over the
calls.(39) However, the courts are beyond the reach of most, and consumers use other techniques and technologies to avoid, evade, and stop telemarketing calls. Consumers spend time, effort, and money in their efforts, and these are costs that result
in part from the lack of adequate protections for the privacy of personal information. Many consumers simply suffer the aggravation and disruption of unwanted
telemarketing calls. Both the Federal Trade Commission and the Federal Communications Commission are considering stronger rules on telemarketing that would
enhance the ability of consumers to stop unwanted calls.(40)
Telephone companies and device manufacturers use objections to telemarket(33) <http://www.dmaconsumers.org/optoutform_emps.shtml>.
(34) For a collection of polls on the subject, see <http://telejunk.norman.ok.us/surveys.html>.
(35) <http://www.privacyrights.org/fs/fs5-tmkt.htm>.
(36) DM News, Connecticut DNC List Doubles in Size at 6 (June 11, 2001).
(37) Associated Press, AOL Backs Off Plan to Give Out Phone Numbers (July 25, 1997).
(38) 47 U.S.C. §227.
(39) See Private Citizen, <http://www.private-citizen.com/>. See also <http://www.stopjunkcalls.com/links.htm>.
(40) Federal Trade Commission, Request For Information on Proposed National Do-Not Call Registry (2002)
<http://www.ftc.gov/os/2002/05/16cfrpart310.htm>; Federal Communications Commission, Notice of Proposed Rulemaking, In the Matter of Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991 (2002)
<http://www.fcc.gov/Daily_Releases/Daily_Business/2002/db0918/FCC-02-250A1.pdf>.
40
Da costo a risorsa - Attività produttive e protezione dei dati personali
ing as a selling point for enhanced telephone services. In other words, consumers
who want to avoid telemarketing calls can buy protection. Here are some examples:
- Caller ID is often promoted as a privacy protection and a way to avoid unwanted calls. Qwest’s version is called Caller ID with Privacy+.(41) Verizon offers a service under the name Call Intercept.(42) The prices for these services
vary. Listed price in 2001 for Verizon Call Intercept service as described on
its website was $5 per month. The cost for Caller ID with Name was an additional $7.50 per month.
- Answering machines and voice mail have long been used to screen calls. A
1997 survey found that about 3 in 4 households had answering machines.
The firm that conducted the survey took special note of the role of answering machines in avoiding telemarketing calls, describing the answering machine as particularly “valuable in screening out those annoying telemarketing calls that we all like to avoid, as well as capturing those calls and messages that we don’t want to miss.”(43)
Answering machines can also serve another purpose in protecting consumers.
State securities regulators consider answering machines to be the consumers’ best
weapon in the fight against telemarketers selling fraudulent investment schemes.(44)
The advice is a reminder that not all telemarketers offer legal products and services.
- Another product expressly and exclusively aimed at telemarketers is EZ
Hangup by Zenith. This telephone accessory allows a the user to hang up
on an unwanted sales call and press a button to play a recording rejecting
the call and asking to be removed from a calling list. The product lists for
around $25.00.(45)
- Verizon, like other telephone companies, offers customers several ways to
keep telephone numbers private. Customers can pay for non-listed numbers (not in the telephone directory but listed for directory assistance) or
non-published numbers (not in the directory or directory assistance). Each
service has a monthly charge.(46) A 1995 study found that 31.5% of households had unlisted or unpublished numbers. In some communities, the
percentage exceeds 60%.(47) Another estimate is that a quarter of households pay an average of $1.50 a month to be unlisted. The total cost to
(41) <http://www.qwest.com/pcat/for_home/product/1,1354,431_1_8,00.html>.
(42) <http://www22.verizon.com/ForYourHome/SAS/ProdDesc.asp?ID=6063&state=P1>.
(43) Decision Analyst, Inc., More Households Using Answering Machines (Press Release, October 15, 1997) <http://www.decisionanalyst.com/publ_data/1997/ansmachi.htm>.
(44) ABP News, Regulators: Answering Machines Can Foil Telemarketing Fraud, (Oct. 17, 1999)
<http://www.apbnews.com/safetycenter/business/1999/10/17/securitiesfraud1017_01.html>.
(45) Full Life Products, EZ Hangup <http://www.superproducts.com/anti-telemarketing/ez/index.htm>.
(46) <http://www.opc-dc.gov/bdcrates.html>.
(47) Brad Edmonson, Unlisted America, American Demographics (June 1995) <http://www.demographics.com/publications/
Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective
41
telephone subscribers for these privacy-protecting services is more than
$400 million a year.(48)
Techniques to avoid telemarketing are not practices only for those who are especially privacy sensitive. Anti-telemarketing techniques are a recognized activity
recommended by governments and other mainstream organizations as a way of protecting privacy and avoiding unwanted calls. A consumer guide published by the
Commonwealth of Massachusetts advises consumers to register for all do-not-call
lists, to consider having an unlisted number, to avoid disclosures through contests,
surveys, and sweepstakes, to use blocking technology to avoid disclosing a telephone
number when making a call, and to screen calls with an answering machine.(49)
Consumers spend time and money to avoid telemarketing calls. Even an individual with a casual objection to telemarketing could spend a considerable sum
on equipment or monthly charges. These represent costs that consumers pay because they are unable to control how their personal information is used and disclosed. Some telephone capabilities, such as answering machines, voice mail, and
unlisted numbers serve other goals beyond the protection of privacy. A fair cost accounting would allocate only some of the expense to privacy protection and some
to other objectives. Nevertheless, the telephone costs consumers incur for privacy
reasons are significant.
Society faces other consequences when consumers are forced to act in their personal interest to keep their telephone numbers secret. Telephone directories help to
make the telephone network inclusive, efficient, and useful. When large percentages
of the population have unlisted numbers because of concern about misuse, every
telephone directory user suffers from the lack of an effective, interconnected universal telephone system.
D. Identity Theft
Identity theft occurs when an individual appropriates another’s name, address, Social Security number, or other identifying information to commit fraud. Identity
thieves may use consumers’ identifying information to open new credit card accounts,
take out loans, or steal funds from existing checking, savings, or investment accounts.(50)
The financial and emotional harm to victims of identity theft is significant
ad/95_ad/9506_ad/AD767.htm>.
(48) Jay Chris Robbins, Phone Book “Non-Service”Dials up Huge Profit (Jan. 14, 2000) <http://tampabay.bcentral.com/tampabay/stories/2000/01/17/editorial3.html>.
(49) A Massachusetts Consumer Guide: Stopping Junk Mail, Phone Calls, And Email
<http://www.state.ma.us/consumer/pubs/stopjunk.htm>.
(50) Testimony of David Medine, Associate Director for Credit Practices, Bureau of Consumer Protection, Federal Trade
Commission, before the Subcommittee on Technology, Terrorism and Government Information, Senate Committee On The
Judiciary (May 20, 1998) <http://www.ftc.gov/os/1998/9805/identhef.htm>.
42
Da costo a risorsa - Attività produttive e protezione dei dati personali
and long lasting.(51) It can take years of hard work and hundreds or thousands of
dollars in out-of-pocket expense to remove all vestiges of identify theft from a victim’s record.(52) In the interim, a victim may be unable to obtain a job, purchase a
car, or qualify for a mortgage.(53) The number of victims is hard to measure, but
some estimate that the numbers range into the hundreds of thousands annually in
the United States.(54)
- The costs to financial institutions are also significant. Definitional problems and lack of data make it difficult to estimate costs with precision, but
the losses appear to be measured in the hundreds of millions of dollars.(55)
Consumers may ultimately pay for many of these losses through higher
prices and higher interest rates. Identity theft also undermines consumer
confidence in the credit system and the Internet, deterring the growth of
electronic commerce.(56)
- Identity theft mushroomed in the 1990s. It may not be a coincidence that
the growth of identity theft roughly parallels the growth of the Internet.
Personal information is available from many commercial and public sources
on the Internet. The widespread availability of consumer data makes it easier for criminals to engage in identity theft. Identity theft occurs for many
reasons, and the routine trafficking in personal data is a contributing cause.
Several independent studies support the relationship between personal data
availability and identity theft. In a 1998 report, the General Accounting Office said
that “[m]any of the officials we contacted said that Internet growth, which enhances
the availability and accessibility of personal identifying information, obviously creates greater risks or opportunities for criminal activity, including identity fraud.”(57)
Industry argues that the availability of personal data helps to reduce fraud.(58)
This is undoubtedly true to some extent. Yet the vast amount of consumer data avail(51) Id.
(52) The Identity Theft Resource Center reports that, on average, victims spend 175 hours and $808 in out-of-pocket expenses to clear their names <http://www.idtheftcenter.org/html/facts_and_statistics.htm>.
(53) General Accounting Office, Identity Fraud: Information on Prevalence, Cost, and Internet Impact Is Limited at 4 (GAOGGD-98-100BR) (1998) [hereinafter cited as GAO Identity Fraud].
(54) See id at 24-41 (discussing information sources and lack of comprehensive national statistics). The Identity Theft Resource Center estimates that there were 700,000 to 1.1 million victims in 2001. <http://www.idtheftcenter.org/html/
facts_and_statistics.htm>.
(55) GAO Identity Fraud at 4.
(56) See, e.g., National Fraud Center, National Fraud Center White Paper Says Internet Driving Dramatic Increase in Identity
Theft - Balanced Approach Required to Address Issue (Press Release, March 16, 2000) <http://www.nationalfraud.com/pressrelease/IDTheft.htm>.
(57) GAO Identity Fraud at 4. See also National Fraud Center, Inc., Identity Theft: Authentication As A Solution (2000)
<http://www.nationalfraud.com/identity%20theft%203.13.htm>.
(58) Ernst & Young, Customer Benefits of Information Integration by Financial Services Companies 5 (2000) <http://www.privacyalliance.org/resources/research.shtml>. The survey of Financial Services Roundtable members found that 63% of respondents
Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective
43
able today to credit grantors has not stopped the growth of identity theft. The value
of more data as a protection against identity theft is limited. At the same time, extensive and largely unregulated trafficking in personal data – typically without consumer knowledge or consent – makes it easier for some identity thieves to operate.
Privacy laws that would give individuals more control over the use and disclosure of their personal information have potential to limit identity theft.(59) Stronger
security protections might also protect against misuse of personal data. The lack of
protections thus appears to contribute to identity theft. More importantly, activities
that individuals take on their own initiative to protect against identity theft impose
costs that can be attributed in significant part to the absence of privacy protections.
Some companies profit by selling personal information to detect or avoid
fraud. At the same time, they also sell personal data that may be used directly or indirectly to support identity theft. These companies profit from both sides. Now the
same companies seek to profit in a third way as well. The companies want consumers to pay to protect themselves against identity theft. An example comes from
a recent Equifax press release about a Credit Watch service that costs $39.95 a year.
The service promises to “quickly detect possible identity theft and minimize its potentially devastating consequences.”(60) Costs incurred by individuals who are afraid
of being victims of identity theft represent costs that result from the lack of adequate privacy protections.
The New York State Attorney General is one of many authorities suggesting
that consumers buy a copy of their credit report each year.(61) For a family with two
adults, the cost is $51 a year to buy reports from three credit bureaus. Better privacy protections for personal data might lessen the risks, reduce the need for monitoring credit reports, or provide equivalent data directly to consumers at no cost
to them.
The Federal Trade Commission suggests that consumers take other actions to
protect their information.(62) These include exercising opt-out rights, such as prescreening for credit offers. This strategy can have only limited benefits. Many comthought that restrictions on information sharing included in the Gramm-Leach-Bliley (GLB) law would restrict their ability to
detect fraud. A second question found that 79% thought that potential new restrictions on information sharing would restrict
their ability to detect fraud. The second question left the nature of any information restrictions to the imagination of the respondent. Even so, 21% did not see a connection between information restrictions and ability to detect fraud. In a survey designed to elicit positive responses to these questions, the presence of a sizeable minority view may be more telling than the opinion of the majority.
(59) The same point could be made that privacy laws would limit telemarketing fraud and other forms of consumer fraud
that benefit from the ready availability of personal information.
(60) Equifax, Inc., Equifax Credit Watch Provides Early Warning Of Identity Theft To Consumers (Press Release 4/10/01)
<http://www.equifax.com/press_room/press_releases2001/2001_04_10.html>.
(61) <http://www.oag.state.ny.us/consumer/tips/identity_theft.html>.
(62) <http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm#risk>.
44
Da costo a risorsa - Attività produttive e protezione dei dati personali
panies that traffic in personal information do not notify data subjects that their
records are being sold, do not allow consumers to opt-out, or allow narrow opt-out
choices. The number of telephone calls and letters required for a family that elects
all available opt-outs is uncertain, but it could be measured in the dozens. The time,
trouble, and expense of opting out are costs that consumers incur.
A recent development is the offering of insurance to protect individuals against
losses due to identity theft and to provide reimbursement of expenses incurred to
deal with the consequences of being an identity theft victim. For example, one policy offers to reimburse up to four weeks lost wages resulting from dealing with
fraud. This policy costs $85 per year for coverage of $10,000.(63)
IV. Challenges in Assessments of Privacy Costs and Benefits
Assessing privacy costs and benefits in a formal way is difficult anywhere. An
assessment in the United States is even harder because of the widespread lack of
consensus about nearly everything relating to privacy. What follows is a discussion
of some of the problems for any privacy cost benefit analysis.
A. Baseline
When assessing costs or benefits of a privacy rule, it is important to establish a
baseline from which to measure the actual or likely effect of a rule.(64) A rule that
prohibits conduct that no one engages in will likely have no direct costs. A rule that
requires conduct that is already common practice will have little marginal cost.
It is difficult to determine a baseline because of the great variation in privacy
practices in the United States. For example, it is increasingly common for major
American commercial websites to maintain a privacy policy. Legislation requiring
the adoption of online privacy policies would have a smaller cost because some websites are already be in compliance.
The Gramm-Leach-Bliley law that requires financial institutions to adopt limited privacy protections offers an interesting example. Financial institutions covered
by the law must give customers the right to opt-out of data sharing with nonaffiliated third parties.(65) A cost is associated with implementing this requirement. However, some financial institutions never shared customer data with third parties. The
reasons for not sharing vary. Some companies would not benefit from data sharing,
(63) Travelers Insurance <http://www.travelerspc.com/personal/theft/?>.
(64) See Peter Swire, New Study Substantially Overstates Costs of Internet Privacy Protections (May 9, 2001)
<http://www.osu.edu/units/law/swire1/hahn.doc>.
(65) 15 U.S.C. §6802.
Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective
45
some may be avoiding adverse customer reaction, and others may be more protective of customer privacy. For these companies, the cost of administering an opt-out
program is zero.
Another example comes from the Video Privacy Protection Act,(66) a law that
limits the disclosure of videotape rental or sale records for marketing and other purposes. The law was enacted at a time when the video rental industry did not routinely sell detailed customer data. The effect of the law was to prevent the development of commercial practices that would have negatively affected the privacy of customers. If the law had associated costs, they were probably minor. However, had the
law also covered the rental or sale of magazine subscribers, the costs would have
been much greater because magazine publishers make extensive use of their lists.
B. Identifying and Valuing Benefits
Identifying benefits from privacy rules and quantifying the benefits is difficult
whether the benefits accrue to record keepers or record subjects. A recent attempt
by the US Department of Health and Human Services (HHS) at assessing privacy
costs and benefits for a health privacy rule may be one of the most comprehensive
and independent attempts to determine both the costs and benefits of privacy regulation. HHS found a lack of data, models, or empirical studies that provide credible measures of benefits for record subjects.(67) HHS summarized some of the difficulties in valuing confidentiality in health care:
There are important societal benefits associated with improving health information privacy. Confidentiality is an important component of trust between patients and providers, and some studies indicate that a lack of privacy may deter patients from obtaining preventive care and treatment. For these reasons, traditional
approaches to estimating the value of a commodity cannot fully capture the value
of personal privacy. It may be difficult for individuals to assign value to privacy protection because most individuals view personal privacy as a right. Therefore, the
benefits of the proposed regulation are impossible to estimate based on the market
value of health information alone. However, it is possible to evaluate some of the
benefits that may accrue to individuals as a result of proposed regulation, and these
benefits, alone, suggest that the regulation is warranted. Added to these benefits is
the intangible value of privacy, the security that individuals feel when personal information is kept confidential. This benefit is very real and very significant but there
are no reliable means of measuring dollar value of such benefit.(68)
(66) 18 U.S.C. §2710.
(67) Final Rule, Standards for Privacy of Individually Identifiable Health Information, 65 Federal Register 82461, 82776 (Dec.
28, 2000).
(68) Id. (footnote omitted).
46
Da costo a risorsa - Attività produttive e protezione dei dati personali
HHS offered examples of benefits for which it was able to assign a monetary
benefit. The analysis began with evidence that fears about disclosure of health information dissuades some individuals from seeking treatment. Consequences of postponing treatment include preventable spreading of infectious diseases, reduction in
the quality of life, and lost wages that might have been avoided if people sought early treatment of cancer and other diseases.(69) For cancer alone, HHS calculated that
encouraging people to seek early cancer treatment through enhanced privacy protections could save $1.6 billion in lost wages. The specificity of the calculation is not especially convincing, but it is believable that there would be some benefit.
Even if HHS’s lost wage number were accurate, its relevance is not entirely
clear. Wages lost by one worker might be paid to another so the systemic effect
might be less than the calculation suggests. On the other hand, a healthier workforce produces benefits for employers through lower health insurance costs and
greater productivity. Another benefit may be lower health care costs from early
treatment. Whether secondary and tertiary effects of privacy protection can be
measured or should be counted in a cost-benefit analysis is uncertain.
C. Identifying and Valuing Record Keeper Costs
In the United States, the quantification of privacy costs and benefits has rarely
been undertaken in any systematic or objective manner. Some examples illustrate
the point.
The Congressional Budget Office of the US Congress estimates the cost of bills
passed by congressional committees. In recent years, CBO prepared cost estimates
for several bills with privacy implications. Not all privacy bills impose costs on the
private sector, so not all CBO estimates address private sector costs. However, for
estimates that included costs for the private sector, CBO has not been able to offer
firm privacy cost estimates. At best, CBO estimates include a general discussion of
the types of costs that the bills might entail. The consistent inability of CBO to provide more detailed cost estimates strongly suggests the lack of any meaningful privacy cost methodology.(70) CBO has no obligation to attempt to calculate the benefits of legislation for secondary beneficiaries.
In promulgating its health privacy rule, the US Department of Health and Human Services attempted to assess the costs and benefits of the rule in a systematic
(69) Id. at 82776-79.
(70) See, e.g., Congressional Budget Estimate, Cost Estimate for S. 2201, Online Personal Privacy Act (June 18, 2002)
<http://www.cbo.gov/showdoc.cfm?index=3549&sequence=0>; Cost Estimate for H.R. 4585, Medical Financial Privacy
Protection Act (July 14, 2000) <http://www.cbo.gov/showdoc.cfm?index=2249&sequence=0>; Cost Estimate for H.R.
4857, Social Security Number Privacy and Identity Theft Prevention Act of 2000 (Oct. 6, 2000) <http://www.cbo.gov/showdoc.cfm?index=2583&sequence=0>.
Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective
47
way.(71) The detailed cost estimates generally reviewed each of the rule’s requirements, identified the employees who would carry out their responsibility, determined their average wage, and calculated the cost. The attempt is instructive, but
of limited relevance to a comparable analysis of commercial activities that involve
the sale, rental, and sharing of personal data for profit. Significant parts of the
health care system in the United States are governmental or non-commercial. In addition, many health care activities are governed by ethical rules that protect the confidentiality of health data and prohibit commercial exploitation of the data.
As part of the American political debate about privacy, elements of the business community have offered a series of commissioned “studies” written or sponsored by the Financial Services Roundtable, the Direct Marketing Association, the
Association for Competitive Technology, and others.(72) The cost of privacy is a legitimate issue, but the studies and the conclusions drawn from them have serious
flaws, poor definitions, and questionable methodology. Some criticisms of these
studies can be found elsewhere.(73)
V. Conclusion
Like many other human endeavors, the protection of privacy imposes costs
and produces benefits. Both costs and benefits are relevant to decisions to impose
privacy rules on record keepers.
One problem is defining the scope of privacy. If privacy is viewed solely as an
individual right, the identification and calculation of benefits will be determined in
one way. If, however, privacy is viewed as a common good,(74) the process and the
result will be different. Definitions matter to a cost-benefit analysis. In the privacy
arena, agreement on definitions is unlikely, but it may be possible to agree on some
elements relevant to costs and benefits.
A second problem involves consequential effects. If a lack of privacy dissuades
individuals from seeking medical treatment, how many of the consequences of that
lack of treatment count in the calculation? If privacy laws limit direct mail solicitations of customers so that direct mail sales diminish but other sales increase, does
the calculation consider only the losses and not the gains? If privacy laws create new
industries,(75) do the resulting jobs and profits count as benefits or costs? Should
(71) Final Rule, Standards for Privacy of Individually Identifiable Health Information, 65 Federal Register 82461, 8275982779 (Dec. 28, 2000).
(72) Many of these papers are available at <http://www.privacyalliance.org/resources/research.shtml> or at <http://www.bbbonline.org/UnderstandingPrivacy/library/whitepapers.asp>.
(73) See, e.g., Privacy, Consumers, and Costs.
(74) See, e.g., Priscilla M. Regan, Legislating Privacy: Technology, Social Values, and Public Policy 214-243 (1995).
(75) See, e.g., Call Compliance, a company that provides tools for telemarketers to ensure regulatory compliance with donot-call lists. <www.callcompliance.com>.
48
Da costo a risorsa - Attività produttive e protezione dei dati personali
these secondary and tertiary effects be included?
A third problem involves the best way to share costs and benefits. If privacy
protections impose costs on record keepers and the absence of privacy protections
imposes costs on record subjects, then a reasonable inquiry is who can and should
bear the costs most efficiently and most fairly. From a societal perspective, it may be
more efficient to ask record keepers to bear some costs because the collective expenditure is less than the expenditures that individuals incur to protect their own privacy. On the other side, if the number of individuals interested in privacy protections
is small, it may be more efficient for those individuals to bear some of the costs.
A fourth problem that complicates international comparisons of privacy costs
and benefits involves the baseline. Privacy law and personal data processing vary
considerably between the United States and Europe. A privacy rule could have minimal effect in Europe because it does not change existing policies or practices greatly. In the United States, the same rule could force a major change in practices for a
much larger range of commercial activities.
In the United States so date, discussions of privacy costs have been mostly driven by political considerations. Privacy benefits are rarely considered. Participants in
privacy debates have not agreed on any terms or framework for a fair assessment of
the costs, and no formal assessment of the benefits has been undertaken. Without
agreement on terms and methodology, American debates over privacy costs and
benefits are likely to remain unenlightening.
Robert Gellman - Privacy Benefits and Costs From a U.S. Perspective
49
The Impact of the Different Regulatory Models in the World Scenario
George Radwanski
(1)
I’m very happy to be able to participate in a conference on the advantages to
business of respecting privacy. That’s a subject about which I speak frequently to
business audiences in Canada. It is my firm belief that respect for the privacy of
customers and employees is a fundamental element of competitive advantage for
businesses.
It’s also a great pleasure to be at a conference hosted by the Italian Data Protection Commission, which is headed by one of the most respected Data Protection
Commissioners on the international stage, Dr. Stefano Rodota. You here in Italy are
very lucky to have privacy and data protection in such capable hands.
That is of the greatest importance, because privacy is a fundamental human
right, recognized as such by the United Nations. Privacy is often described as the
right from which all our other freedoms flow—freedom of speech, freedom of association, freedom of thought, virtually any freedom you can name.
As Justice Gérard La Forest of the Supreme Court of Canada has written, “privacy is at the heart of liberty in a modern state.” To me, that’s almost self-evident:
How can we be truly free if our every move can be watched, our every activity
known, our every preference monitored?
Privacy lets us live as free individuals. It means we have a right to a private sphere
of thought and action that is our own business, and no one else’s. It means that we
don’t have to go through life with persons unknown watching over our shoulderswatching and assessing every move, every purchase, and every human interaction.
And privacy is more than a fundamental human right. It’s also an innate human need. When you go home at night, you probably close the curtains. It’s not
that you’re trying to hide something. You just instinctively need your privacy, your
freedom from being observed.
If you’re on a bus or a plane, and someone starts reading over your shoulder,
you probably feel uncomfortable. What you’re reading isn’t secret; it’s just that your
privacy is being invaded.
If you’ve ever had your home or even your car broken into, you’ll know that
the sense of intrusion, of having your privacy violated, can be even more painful
than the loss of whatever was stolen.
And yet, almost every day, in some new and creative way, that innate human
need, that fundamental human right–the right to privacy–is being chipped away.
(1) Privacy Commissioner of Canada
50
Da costo a risorsa - Attività produttive e protezione dei dati personali
Individuals have the sense that businesses and governments have more curiosity
about them than ever before. Every day someone wants more information about
them. Every day someone has some new use for their personal information, or some
new way of collecting it without their consent.
That thirst for personal information has become almost insatiable, and the
pressures on privacy almost overwhelming, since the terrorist attacks of last year in
the U.S. While this is primarily a business conference, it is difficult to talk of privacy and the need to protect it without referring to this broader context.
As many of you will know, since September 11, 2001, Dr. Rodotà has been
very much a leader in the ongoing struggle to protect and enhance privacy while ensuring security. I’m very proud to be alongside him in that struggle. It’s certainly the
most difficult privacy challenge facing us all right now.
The essence of the problem is that privacy is not an absolute right. All of us involved in privacy protection acknowledge that fact. We all accept that there may be
a need for privacy-invasive measures to meet the kinds of security threats our world
is facing. But these choices must be made calmly, carefully and case by case. The
burden of proof must always be on those who suggest that some new intrusion or
limitation on privacy is needed in the name of security.
In Canada, I have suggested that any such proposed measure must meet a fourpart test. It must be demonstrably necessary to meet some specific need. It must be
demonstrably likely to be effective–in other words, it must be likely to actually
make us significantly safer, not just make us feel safer. The intrusion on privacy
must be proportional to the security benefit to be derived. And it must be demonstrable that no other, less privacy-intrusive, measure would suffice to achieve the
same purpose.
Necessity, effectiveness, proportionality, and lack of a less privacy-invasive alternative–that’s the test that I believe can allow us to take all appropriate measures
to enhance security, without unduly sacrificing privacy.
Compared to the threat that governments pose to privacy, the risks of private
businesses collecting, using, and disclosing and our personal information may seem
minor. But they should not be underestimated. The threat may be less dramatic, but
the fact is that a vast amount of our personal information finds its way into the
hands of private businesses.
Of course, it’s perfectly understandable why businesses want personal information. They depend on it. In an increasingly competitive globalized marketplace,
they rely on personal information to identify and stay in touch with their customers. They want to use it to seek out new customers who might be interested in
their products. They want to find out what the market is looking for and what it
G e o r g e R a d w a n s k i - T h e I m p a c t o f t h e D i f f e r e n t Re g u l a t o r y M o d e l s i n t h e Wo r l d S c e n a r i o
51
will bear. And they want information about their employees, so that they can administer benefits and ensure a safe and productive workplace.
Getting that personal information, and using it, in ways that don’t offend the
fundamental human right of privacy–that’s the challenge for modern businesses.
And they have to rise to that challenge, or they will alienate their workforces and
drive away their customers.
This challenge is complicated by the fact that people more than ever insist on
control over their personal information.
In a world where so much is taken out of our control, one of the few things
that people still feel that they can control is their personal information. So they’re
sensitive on the subject of businesses collecting it. They want to know what happens to it and how it’s used when they deal with businesses.
When businesses don’t respect our rights, it strikes at our sense of control over
our lives. And people respond very, very negatively to that. Let me give you a couple of examples from Canada.
Air Canada, our major airline, operates a program called Aeroplan, where people earn and redeem “points” every time they fly on Air Canada planes or do business with partners in the program. Some six million people participate. In June
2001, Aeroplan sent 60,000 of them–about one per cent–a brochure called “All
about your privacy.”
That brochure caused Aeroplan a lot of problems.
It didn’t communicate clearly, simply, in plain language what Aeroplan would
do with members’ personal information. It was vague about what information was
to be shared, with whom, and for what purpose. It appeared to say that potentially
highly sensitive information about personal and professional interests, use of products and services, and financial status would be shared.
Members could opt out, by indicating each situation where they did not want
their information shared, and then mailing the brochure back to Aeroplan. If they
didn’t opt out, Aeroplan would consider them to have consented.
Not surprisingly, members objected when they received Aeroplan’s brochure.
In fact, my Office was flooded with e-mails from people objecting. As a result
of the overwhelming public interest, I had to publicly state my own concerns about
the program. That didn’t make things pleasant for the people at Aeroplan.
The good news is that my Office was able to work with Aeroplan to remedy
the situation. It was a painful lesson for them. In spite of all their efforts to ensure
that they were respecting privacy, they fell down on this very basic requirement–the
requirement to communicate their practices clearly to their members and get their
informed consent.
52
Da costo a risorsa - Attività produttive e protezione dei dati personali
A similar situation happened with Canada Post, the public sector corporation
responsible for moving the mail in Canada. It offers a change of address service, for
a fee, if people want their mail redirected from their old address to their new one.
That’s a useful service, but with a significant privacy price-tag.
The problem was that, unless people had read the fine print, they wouldn’t
know that Canada Post did more with their names and addresses than just redirect
their mail. It sold their new addresses, and the buyers included list brokers, mass
mailers, and direct marketers.
So when they moved to their new addresses and asked Canada Post to redirect
their mail, they would get their mail, alright–and they’d also get marketing
brochures, junk mail, and telephone solicitations. To avoid this, they had to opt out
in writing.
When this came to light, the public was utterly indignant. As had been the case
with Air Canada, corporate good sense prevailed. Canada Post moved to make the
process more transparent and switch to a system of opt-in consent.
These are the types of incidents than can plague a company that is not respectful of privacy. People are getting angrier and angrier. They want control over their
personal information, including, and maybe especially, when it’s connected with
their financial transactions.
Think about what it means for a company that’s seeking a competitive edge, if
its customers perceive it as careless about privacy.
And you have to ask yourself: what are some of these companies thinking?
What use is a mailing list made up of names of people who may very well not want
to be marketed to? Why would any marketer want a list like that?
Organizations collect and analyze personal information to find out who is going to want their products and promotions. The key to that is getting people’s solid, affirmative consent to the use of their personal information.
If people don’t trust businesses, if they see businesses twisting consent or unjustifiably inferring it, they’ll undermine the system. They’ll refuse to give information, or give false information. They’ll inundate companies with complaints. They’ll
reject things that might be of benefit to them, out of sheer anger and frustration
and resentment. And they’ll look for competitors who do respect their privacy.
That, to my mind, is the largest single reason why respecting privacy is less and
less regarded as a business cost. Smart businesses are coming to see that respecting
privacy is a key element of good customer relations–and that makes it a key element
of competitive advantage.
And what, fundamentally, is respect for privacy? In the business world, it’s really nothing more complicated than respect for the golden rule–do unto others as
G e o r g e R a d w a n s k i - T h e I m p a c t o f t h e D i f f e r e n t Re g u l a t o r y M o d e l s i n t h e Wo r l d S c e n a r i o
53
you would have them do unto you. It’s not an abstract legal concept. It’s simple consideration, respect, and courtesy–the essence of a good relationship with your customers and employees.
Of course, protecting privacy is more than just a wise business move. And privacy is more than just an individual right. Privacy is a public good. It goes to the
heart of decisions that people make collectively about how they want to live as a society. That’s why privacy and data protection legislation are so fundamental to the
fabric of our societies.
In Canada, we’ve had privacy protection in the public sector since 1983. The
Privacy Act puts important limits on the Federal government’s ability to collect, use,
and disclose information about Canadians. It gives Canadians the right to see what
information federal government institutions hold about them. And it gives me, as
Privacy Commissioner, broad powers to initiate and investigate complaints and audit compliance. Most of our provinces have followed the example of the federal government, and enacted similar laws applying to their public sectors.
But for a long time Canadians have been concerned about privacy in their
dealings with the private sector, too. Computer networking, sophisticated surveillance technologies, commercial trade in customer information, and the explosive
growth of the Internet have heightened their concerns.
That’s why, over the past fifteen years or so, Canada has worked on developing privacy protection that will apply to the private sector. In 1984, we adopted the
OECD’s Guidelines for the Protection of Privacy and Transborder Flows of Personal Data. The Canadian Standards Association, with representatives from business, government, labour, and consumer groups, used the OECD Guidelines as the starting
point for a model privacy code for the private sector. The Code was completed in
1996, and incorporated by the government into the Personal Information Protection
and Electronic Documents Act, which came into effect in January, 2001.
This law strikes a balance between the legitimate information needs of the private sector and the fundamental privacy rights of individuals. It has been able to
achieve that balance partly because the Canadian Standards Association’s Code on
which it is based was the result of a consultative, cooperative process.
The Act incorporates provisions that are common to data protection laws
around the world—the requirement for consent to collection, use, or disclosure of
personal information; the requirement that personal information collected for one
purpose not be used or disclosed for other purposes without consent; the right of
individuals to see the personal information that an organization holds about them
and to correct inaccuracies; oversight, through me and my office, to ensure that the
law is respected, and redress if people’s rights are violated.
54
Da costo a risorsa - Attività produttive e protezione dei dati personali
In addition, the Act contains a very important provision that is not always
found in data protection laws. Even with consent, an organization can only collect,
use, or disclose information for purposes that a reasonable person would consider
appropriate under the circumstances.
That provision– “the reasonable person test” as it’s known–is what makes the
Act a true privacy protection statute, rather than just a code of fair information
practices. It’s particularly important in situations like employment, where there’s a
power imbalance between an individual and an organization that wants to collect,
use, or disclose his or her personal information. The organization can’t use its
greater bargaining power to coerce the individual to consent. It has to be able to justify what it wants to do, and show that it’s reasonable.
Of course, what’s reasonable varies from one situation to another. Video surveillance of employees in a diamond polishing operation, for example, might be reasonable. But it’s not likely to be reasonable in an insurance company–whether or
not employees consent to it.
The Act applies at the moment to industries that, under the constitution, are
the responsibility of the federal government–primarily banks, airlines, telecommunications companies, broadcasters, and transportation companies. It also applies to
personal information held by any organization if it’s sold, leased, or bartered across
provincial or national boundaries.
Beginning in January 2004, the Act will apply across the board–to all personal information collected, used, or disclosed in the course of commercial activities by
all private sector organizations–except where provinces have passed their own privacy legislation.
At that point, we’ll have seamless privacy protection in Canada.
As I’m sure you’re aware, Canada’s privacy law is one of the few outside the European Union that the EU considers adequate to protect the personal information
of its citizens. Last December, the European Commission recognised that the Act
meets the demands of the EU’s Data Protection Directive and provides adequate
protection for personal information transferred from the EU to Canada.
This is a major step forward for Canada. It’s an important element in the competitive strength of Canadian businesses.
But when I say that, in fact I’m selling privacy a little short. As important as it
is to affirm that good privacy is good business, it’s not enough. Privacy is much,
much more.
Privacy is a fundamental human right, and it’s the safeguarding of that fundamental right that is the real achievement of our privacy laws, in your country as
in mine.
G e o r g e R a d w a n s k i - T h e I m p a c t o f t h e D i f f e r e n t Re g u l a t o r y M o d e l s i n t h e Wo r l d S c e n a r i o
55
And so, when businesses respect the privacy of their customers and employees,
yes, they are improving their own competitive position. Yes, they are demonstrating
consideration and courtesy and basic respect. But they are doing much more.
When businesses respect privacy, they are enhancing individual autonomy, and
advancing the cause of freedom and human dignity. That is what privacy really
means.
This presents businesses, not with a burden, but with an opportunity, a duty
and a challenge. It is an opportunity, a duty and a challenge that I’m sure the Italian business community, with the help of my esteemed colleague Dr. Rodotà, will
be able and eager to meet.
56
Da costo a risorsa - Attività produttive e protezione dei dati personali
Diritti fondamentali e libertà di iniziativa economica
Giovanni Buttarelli (1)
Il dibattito giuridico sul rapporto che intercorre tra la libertà di iniziativa economica e i suoi limiti sembra datato e aver perso di attualità.
Ho voluto però sfiorare questo tema perché vi ho trovato elementi utili per la
Conferenza.
Prenderò spunto dal contesto italiano, cercando di globalizzare alcune riflessioni
e di tener presenti le problematiche del mercato interno europeo e dei flussi internazionali di dati.
L’art. 41 della Costituzione italiana afferma che l’iniziativa economica privata è
“libera” e non deve svolgersi in contrasto con l’“utilità sociale” o recando danno alla
libertà e alla dignità umana.
Qualcuno ha sostenuto che l ‘iniziativa economica privata dovrebbe perseguire
non tanto il fine particolare del singolo operatore di mercato, quanto una “funzione
sociale” ed essere pertanto orientata a conseguire i beni dell’utilità sociale e della dignità umana.
In alcuni casi la Corte costituzionale ha interpretato l’espressione “utilità sociale”, ma non è stata enucleata una nozione generale e unitaria.
“Utilità sociale” è anzi un concetto indeterminato e in costante evoluzione, da
adattare ai tempi, al punto che Massimo Severo Giannini ritenne che l’art. 41 non sia
tra le disposizioni più “perspicue” della nostra Costituzione.
Una cosa è più chiara: dietro le espressioni “utilità sociale” e “dignità umana” vi
sono non tanto singoli beni individuali dell’uomo quanto i valori costitutivi della soggettività umana e della personalità, che sono inscindibili.
In norme di questo tipo, anche in altri Paesi, abbiamo quindi una garanzia
unitaria dei diritti e delle libertà fondamentali della persona e non di singoli suoi
frammenti.
Non siamo oggi qui per sostenere il primato dell’intervento pubblico sul principio di libertà imprenditoriale.
Del resto, diritti e libertà fondamentali della persona vanno rispettati “a monte”
da chi esercita un diritto di libertà quale quello di iniziativa economica (che è anch’
esso tutelato costituzionalmente, ma che non è agevolmente riconducibile ai “principi fondamentali” della prima parte della Carta costituzionale).
In platea sono rappresentate molte imprese. Permettetemi quindi di assicurarvi
che non intendiamo chiedervi di non perseguire un fine di profitto, di divenire “be(1) Garante per la protezione dei dati personali
Giovanni Buttarelli - Diritti fondamentali e libertà di iniziativa economica
57
nefattori” della privacy e di prestare un servizio sociale per il quale dovreste essere a
questo punto remunerati.
Il profitto può essere però perseguito in una dimensione nuova.
Il mercato non è solo un luogo di scambi, di produzione e lavoro. È anche un
contesto in cui bilanciare valori e interessi in nome del principio del rispetto.
Questo bilanciamento di interessi non dovrebbe essere fatto solo ex post, con
norme di legge sulla privacy che “correggano” un’attività economica che si svolge già
da tempo.
Il bilanciamento dovrebbe invece far parte dell’esperienza quotidiana dell’operatore economico.
Non è però configurabile una piena autodisciplina del mercato.
Quando si tocca la sfera più intima della persona (come in questa materia), la formula dello “Stato minimo” non è facilmente utilizzabile nel mercato.
Si potrebbe obiettare (prendendo in prestito le parole di Luigi Einaudi) che il
mercato soddisfa “domande”, non “bisogni”.
Si potrebbe però replicare che esiste anche un’esigenza di soddisfare bisogni che
non si esprimono in domande aventi i requisiti richiesti dal mercato: e che ciò accade
proprio per i diritti della personalità, i quali non sono nati per essere commercializzati.
Questo è ancor più vero in tempi di globalizzazione, nei quali, in assenza di una
disciplina come quella europea attuale sulla privacy, avremmo corso il rischio di globalizzare una lex mercatoria, a svantaggio dei diritti della persona.
In passato, gli interessi che ruotano attorno alla privacy non hanno trovato nel
mercato una loro conciliazione spontanea.
Questo spiega come le leggi sulla privacy abbiano cercato di non lasciare il cittadino al giuoco del mercato, affermando ad esempio il principio di proporzionalità nel
trattamento dei dati il quale prevale sulla logica del consenso dell’interessato.
Le diverse decisioni adottate in Europa negli ultimi due anni in tema di flussi
transfrontalieri di dati, e i recenti approfondimenti in atto a Bruxelles a proposito
delle garanzie che le imprese possono offrire attraverso binding corporate rules, dimostrano lo sforzo dei c.d. watchdog europei della privacy di tener conto delle nuove sfide del mercato interno europeo, alla luce del Trattato di Amsterdam, e di una
corretta competizione su scala Mondiale: è l’impegno che 27 Paesi hanno preso nel
2000 con la “Carta di Venezia” sottoscritta dalle rispettive autorità garanti della privacy. Ora che le regole sulla privacy si sono in parte armonizzate nel mondo, e si basano meno sugli adempimenti formali, guardando alla sostanza della tutela e favorendo la combinazione flessibile di diversi strumenti di regolamentazione (compresa la deontologia), è giunto il momento in cui l’impresa può guardare alla privacy in
modo nuovo e non più come controparte.
A mano a mano che cresce l’integrazione nella Società dell’Informazione sale il
trend secondo il quale il rispetto della privacy è sentito da ampi strati di popolazione
58
Da costo a risorsa - Attività produttive e protezione dei dati personali
informata è non più da ristrette elite.
In una ricerca del 2001 Alan Westin individua in una quota alta (63% del campione intervistato, rispetto al 55% nel 1990) coloro che hanno una buona percezione
del rischio privacy e sono quindi disponibili a permettere il trattamento di informazioni personali in cambio di servizi personalizzati, offerte e sconti solo se soddisfatti
del grado di correttezza con cui queste informazioni sono trattate.
Un restante 25% di campione viene ironicamente definito da Westin come composto di privacy fundamentalists, mentre la percentuale dei privacy unconcerned scende
dal 20% del 1990 al 12%, appunto, del 2001.
Ripetuto il sondaggio a novembre del 2001, dopo i gravi fatti dell’ 11 settembre,
il numero dei privacy fundamentalists è salito al 34%, quelli dei privacy unconcerned è
sceso all’ 8% (quello dei semplicemente “pragmatici” scende conseguentemente dal
63% a1 58 %).
Siamo al punto più alto di evoluzione di idee, regole, dispositivi e procedure per
rendere sicura la custodia dei dati personali.
Ma siamo anche ad un punto in cui, mai come ora, si sono create le condizioni
per condizionare contestualmente e negativamente i diritti della personalità di milioni di persone sull’intero pianeta.
Vorremmo non accettare passivamente l’idea secondo cui l’integrazione in rete
delle persone comporta un’inevitabile compressione della loro riservatezza.
Al contrario, sulla base dell’esperienza alle nostre spalle - che comincia a farsi lunga - pensiamo che sia maturo il momento per un’ennesima svolta nella disciplina della privacy.
Abbiamo attraversato due o tre generazioni di regole basate (la prima) sulla presenza di pochi elaboratori e su freni alla loro interconnessione, (la seconda) sulla tendenza delle leggi a dettagliare i principi di privacy in molti settori e (la terza) sulla semplificazione di adempimenti non vitali per concentrare l’attenzione sulle garanzie sostanziali, sulle privacy enhancing technologies e sui privacy audits.
Cosa ci aspettiamo dalla privacy di quarta generazione ?
Una combinazione di strumenti giuridici diversi, ma, anzitutto una privacy condivisa, una privacy orientata spontaneamente al rispetto della persona, concepita come una trave portante e non come un fardello.
Non può essere altrimenti: i casi e le occasioni in cui numerosi cittadini sono
coinvolti sono infiniti e siamo di fronte ad una vera e propria questione di massa.
La semplice prospettiva di un passaggio dal marketing invasivo al permission
marketing appare già modesta e insufficiente ancor prima di essersi affermata nel
mercato.
Vi chiediamo di scrivere assieme una ben altra pagina nella protezione dei dati,
nella quale l’impresa assicuri un grado elevato ai diritti della persona per effetto di un
nuovo sentire.
Giovanni Buttarelli - Diritti fondamentali e libertà di iniziativa economica
59
Una pagina nella quale dovrebbe essere il mercato stesso, prima che il legislatore,
a confinare nella patologia i casi in cui la privacy è assicurata solo quando interviene
un reclamo, una richiesta di risarcimento del danno o una sanzione.
Vi chiediamo di scrivere questa pagina sfruttando quel connotato propulsivo e
creativo che è insito in ogni attività imprenditoriale.
Il vostro mestiere è combinare i fattori della produzione per creare nuova ricchezza: usate meglio l’ingrediente privacy.
Dobbiamo tutti rivalutare il valore della manifestazione di volontà dell’interessato, non banalizzarla o addirittura commercializzarla in cambio di sconti e gadget.
Occorre soddisfare la legittima aspirazione di tutti gli utenti ad utilizzare di più
la rete, ad essere curiosi nella navigazione e ad avere differenti gradi di solitudine e di
socializzazione, senza essere per tutto ciò penalizzati.
Chi tratta dati personali non ha di fronte oggetti, ma persone.
Che sensazione vi darebbe accorgervi all’uscita di un centro commerciale che vi
era stato attaccato alla schiena un cartello che indicava, di minuto in minuto, la lista
dei negozi visitati, l’elenco dei prodotti guardati e acquistati, il tempo speso davanti
ad una vetrina; sapere che questo cartello è stato copiato, vostro malgrado, da altri che
vi hanno poi aggiunto altre considerazioni, valutazioni e notizie che vi riguardano?
Penso che anche se vi sentiste perfetti sconosciuti nel centro commerciale non apprezzereste tutto ciò.
Eppure è questo che accade in rete, dove è come se milioni di uomini sandwich
fossero masticati da una minoranza che ingenera rassegnazione circa la possibilità di
decidere se e come indossare quel cartello, cosa scriverci e a chi farlo eventualmente vedere.
Se è vero che l’iniziativa economica ha come suo pendant il fattore-rischio
dobbiamo anche essere più consapevoli che cresce il rischio di infortuni, contrazioni di mercato e di sostanziali fallimenti proprio a causa di erronee valutazioni del
fattore privacy.
Con le diverse clausole contrattuali-tipo sul trasferimento dei dati all’estero sono
state valorizzate le garanzie per le persone fornite su base contrattuale: quante imprese, però, se ne avvalgono?
Noi possiamo raccogliere ancora una volta la vostra domanda di avere regole certe, chiare e di facile applicazione.
Lo vorremmo fare con la vostra collaborazione, visto che con la nuova generazione di codici deontologici potete costruire voi stessi alcune regole per stabilire quando
un trattamento è legalmente lecito e corretto.
Va raccolta anche la domanda di valutare preventivamente e in modo più approfondito l’impatto della disciplina della privacy: lo possiamo fare subito utilizzando meglio, in tutti i Paesi, lo stesso strumento delle audizioni e delle consultazioni
pubbliche.
60
Da costo a risorsa - Attività produttive e protezione dei dati personali
Adottando nuove best practices in materia di privacy vi rimarrebbe egualmente un
ragionevole margine di utile economico e di convenienza ad iniziare e proseguire
un’attività che si basi sull’utilizzo di dati personali.
Così come, dopo 1’11 settembre dello scorso anno, abbiamo coniugato lo slogan
“privacy e sicurezza non sono in antitesi” possiamo azzardarci a pensare che la privacy
è compatibile con il profitto, anzi, che può essere un volano per il profitto. Basti pensare - per puro esempio - ai risparmi che le società che offrono servizi di telecomunicazione possono trarre nel non conservare per svariati anni miliardi e miliardi di dati
di traffico telefonico.
Può darsi che siano utili alcuni audit interni all’azienda, la formazione professionale, investimenti nella ricerca di tecnologie pulite, come pure certi meccanismi di
certificazione.
Assai più utile risulterebbe anche una prassi diffusa di studio dell’impatto sulla
privacy, prima del lancio di un nuovo prodotto o servizio o di una metodologia di lavoro interna all’azienda.
Occorre maggiore attenzione ai profili sostanziali della tutela, anziché solo agli
adempimenti formali.
Le risorse impiegate per la privacy customer satisfaction non sono mal utilizzate,
specie a medio-lungo termine. Lo potranno dimostrare le riflessioni di questi due giorni sul danno all’immagine dell’impresa, sui costi derivanti da contenziosi, procedure
amministrative e sanzionatorie, dal clima negativo che può determinarsi in azienda a
seguito di un controllo occhiuto dell’uso del p.c., dalla ridotta fiducia del consumatore sulla correttezza dell’impresa, sulla sicurezza della rete e sui mille tranelli della democrazia elettronica.
È di poche ore fa la notizia della seconda sentenza italiana di risarcimento del
danno, successiva alla legge sulla privacy del 1996, che obbliga uno sportello bancario
a rifondere circa 40 mila euro - determinati forfettariamente - a causa del solo dubbio
che alcune informazioni pregiudizievoli custodite distrattamente presso uno sportello
bancario siano state sbirciate dal pubblico in fila.
Non è detto che una privacy più soft di quella che teorizziamo avvantaggi l’impresa: l’inchiesta sullo spamming di cui ha dato notizia lo scorso settembre il mensile
italiano “Happy Web” ci dice ad esempio che nel 2001 solo le aziende italiane hanno
speso ben 10 milioni di euro in connessione per scaricare dai propri computer la
“spazzatura elettronica”. Ci dice che con questo trend, entro tre anni, saranno oltre 14
mila le spam e-mail che ciascun utente italiano riceverà in un anno.
Alla domanda: “chi paga i costi di un elevato livello di privacy?”, ovvero “quanta
parte dei costi ricade sul consumatore-utente?”, possiamo comunque replicare che con
questa eventuale quota contributiva l’interessato si sottrae comunque ad una situazione deteriore.
Potremmo infine chiederci perché mai, nel groviglio delle esenzioni, rottamazio-
Giovanni Buttarelli - Diritti fondamentali e libertà di iniziativa economica
61
ni, detrazioni e sconti fiscali per le imprese non vi sia spazio per qualche incentivo per
documentate iniziative, quanto meno di ricerca o di formazione professionale.
Non pensiamo solo al dilemma divulgare dati “si”- divulgare dati “no”.
Guardiamo anche ai benefici che l’impresa può trarre dalla circolazione di notizie esatte, pertinenti e aggiornate, private del “rumore” di un eccesso di notizie
esuberanti.
Riflettiamo anche, anche in sede pubblica, su altri nodi, ad esempio su alcuni riflessi negativi sulla privacy che possono derivare da interventi pubblici, pur doverosi,
a tutela della concorrenza nel mercato.
A questo punto l’avrete intuito: non siamo qui per nascondere o sottovalutare il
tema “costi”.
Che ci siano “costi” in questa materia lo riconosce espressamente la direttiva europea-madre sulla privacy, come pure, per implicito, la legge italiana in materia che,
riguardo alle misure tecniche di sicurezza, sposa l’idea che è sensato obbligare le imprese a spendere in misure di sicurezza solo se tali misure, benché costose, sono al top
dell’ evoluzione tecnologica.
Stime incontrovertibili sui costi non sono disponibili e sono rapportate al genere di attività svolta e alle relative modalità, dal Paese in considerazione. Vanno infine
storicizzate in base alle regole di volta in volta vigenti.
Uno studio dell’Aston Business School del 1994 di stima dell’impatto della direttiva europea del 1995 ridimensionava le preoccupazioni formulate in ambienti
privati.
Successive stime hanno quantificato tali costi nel 2% circa della spesa complessiva edp.
Quel che vogliamo verificare con voi è il margine di ricavo che deriva dai costi:
quanto, cioè, si può essere ripagati dalla singolare opportunità che viene da questa necessità di tutelare diritti e libertà fondamentali.
Sembra avere compreso questa opportunità la società EarthLink, nell’esperienza che Ann Cavoukian e Tyler J.Hamilton sintetizzano nel recente volume “Privacy
PayOff ” di cui sembriamo oggi, mi rendo conto, mandanti.
Ancor più sembra comprenderlo l’RBC Financial Group, istituzione finanziaria
canadese, secondo i cui studi interni il tasso di privacy assicurato dal Gruppo contribuirebbe già oggi, nella misura del 7%, alle scelte del consumatore e, sempre per il
7%, al valore aggiunto dell’ organizzazione, sicché la banca stima già al 14% il contributo che la privacy può dare al marchio RBC.
Per iniziare, non è poco.
62
Da costo a risorsa - Attività produttive e protezione dei dati personali
Fundamental Rights and Freedom of Enterprise
Giovanni Buttarelli
(1)
The debate among legal scholars concerning the relationship between freedom of enterprise and its limitations would appear to be outdated and no longer
current in scope.
Still, I decided to deal with this issue because I found that one could get some
useful clues in respect of the Conference topics.
I will start from the Italian situation and then expand the scope of my considerations to also take account of the issues related to Europe’s internal market and
international data flows.
Under Article 41 of Italy’s Constitution, freedom of enterprise by private entities is “free” and must not be carried out so as to be in conflict with “common good”
or else in a way that may harm human freedom and dignity.
It has been maintained that private economic enterprise should pursue not so
much the individual market operator’s purpose, but rather a “common purpose”
and therefore be focussed on achieving common good and human dignity.
In a few cases, the Constitutional Court has provided its interpretation of
“common good”, however no general, unified concept has been developed.
In fact, “common good” is an indefinite, continuously evolving concept, to be
adjusted depending on the specific circumstances, so much so that Massimo Severo
Giannini believed that Article 41 was not to be regarded as one of the most “perspicuous” provisions of our Constitution.
One thing can be said with a greater degree of certainty: terms such as “common good” and “human dignity” refer not so much to individual human goods, as
to the fundamental values of human subjectivity and personality – which should
not be kept separate.
Therefore, provisions of this kind can afford, also in other countries, unified
safeguards for fundamental human rights and freedoms rather than for individual
components of such rights and freedoms.
Our purpose today is not to argue for the primacy of public intervention over
freedom of enterprise.
Indeed, fundamental human rights and freedoms should be respected “a priori”
by any entity exercising freedom of economic enterprise rights – such rights being also protected by the Constitution, although they cannot be easily traced back to the
“fundamental principles” laid down in the first part of our Constitutional Charter.
There are several representatives from major businesses in the audience today.
(1) Italian Data Protection Authority
Giovanni Buttarelli - Fundamental Rights and Freedom of Enterprise
63
Let me assure you that we are not going to ask you not to pursue gain in your
activities – to become privacy “benefactors” and deliver social services, for which
you should then be entitled to wages.
However, you might pursue gain within a different framework.
The market is not merely a place to exchange, produce and process goods. It
also provides the framework within which to balance values and interests for the
sake of respect.
This balancing of interests should not be only performed ex post, i.e. by means
of privacy laws that bring about “corrections” in respect of long-standing economic activities.
Rather, such balancing should be a part of economic operators’ daily experience.
However, market self-regulation is not a feasible option.
If you have to do with the most intimate sphere of a person’s life – as is the case
here - , the “minimum State” approach cannot be easily applied to the market.
One might argue – by quoting Luigi Einaudi – that market can meet “demands” rather than “needs”.
A possible objection to this argument would be that it is also necessary to meet
needs that are not reflected by demands with the qualifications required by market
– and that this is the case exactly with personal rights, which have not arisen with
a view to their being marketed.
This is even more so in the age of globalisation: indeed, we would have run the
risk of globalising a lex mercatoria and jeopardising personal rights if no regulations
applying to privacy had been devised such as those currently existing in Europe.
In the past, the interests related to privacy could not be reconciled autonomously on the market.
This accounts for the attempt made by privacy legislation to prevent citizens
from being left a prey to market dynamics – for instance, by laying down the proportionality principle in processing personal data, which can override the data subject’s consent.
The decisions adopted in Europe during the past two years concerning transborder data flows as well as the ongoing debate in Brussels regarding the safeguards
that businesses can provide by means of binding corporate clauses testify to the effort made by the so-called European privacy watchdogs to take account of the new
challenges posed by the European internal market in the light of Amsterdam
Treaty, as well as of a fair competition strategy at world level. This is the commitment undertaken by 27 countries in 2000 with the “Charter of Venice”, which was
adopted by the respective data protection supervisory authorities. Now that privacy rules have been partly harmonised at global level and are less related to compliance with bureaucratic requirements - being focussed on the substantive components of the relevant safeguards and encouraging a flexible mix of the different regulatory instruments, including codes of practice – it is high time for businesses to
64
Da costo a risorsa - Attività produttive e protezione dei dati personali
view privacy in a new perspective, i.e. no longer as their counterpart.
With the increased integration into the Information Society there is an upward
trend in the appreciation of the need to respect privacy – which is shared by a considerable portion of the public opinion rather than by a small group of experts.
According to a 2001 survey carried out by Prof. Alan Westin, over 63% of the
respondents (compared with 55% of 1990) had a good perception of privacy risks
and were ready to allow processing of their personal data in exchange for customised
services, offers and discounts only if they were satisfied that their data would be
processed in a fair manner.
A further 25% of the respondents were ironically termed “privacy fundamentalists” by Prof. Westin, whilst the percentage of “privacy unconcerned” fell from
20% of 1990 to 12% of 2001.
When this survey was repeated in November 2001, after the 9/11 events, the percentage of “privacy fundamentalists” rose to 34% whilst privacy unconcerned made up
only 8% of the sample and “pragmatists” fell consequently from 63% to 58%.
We have attained a peak level in the development of concepts, rules, provisions
and procedures to achieve secure personal data retention.
However, we are also faced with an unprecedented situation, providing the opportunity to simultaneously jeopardise the personal rights of millions of people all
over the world.
We would not like to passively acquiesce in the concept according to which network integration of individuals inevitably entails limitations on individuals’ privacy.
In fact, based on our – by now long-term – experience, we think it is high time
that a new page should be turned in the history of privacy regulations.
We have gone through two or three generations of rules that were focussed
firstly on the presence of very few computers and the imposition of limitations on
their interconnection, secondly on the legislative trend to detail privacy principles
as applying to several sectors, and thirdly, on simplification of non-essential requirements and the attempt at highlighting basic safeguards including privacy enhancing
technologies and privacy audits.
What shall we expect from fourth-generation privacy rules?
That they are made up of a mix of different legal instruments – however, we
would expect that privacy regulations could be shared, could be spontaneously focussed on respect for individuals, could be considered a pillar rather than a burden.
There is no possible alternative: there are endless cases involving citizens, so
much so that a veritable public issue is arising.
The mere shift from invasive to permission marketing would appear to provide a modest, insufficient response even apart from its actual implementation on
the market.
We would like you to write, jointly with us, a totally different chapter in the
history of data protection – in which businesses do ensure a high level of protection
Giovanni Buttarelli - Fundamental Rights and Freedom of Enterprise
65
for personal rights because of their taking a new stance.
In this chapter, it should be market itself, rather than the law, that marks the
cases in which privacy is only ensured following either a complaint, a claim for
damages or a fine with the brand of abnormality.
We would like you to write this chapter by taking advantage of the propelling
force and the creative spirit that are inherent in all entrepreneurial activities.
You are masters in combining production factors to create value: why not use
the privacy ingredient better?
We should all re-consider the value of the manifestation of a data subject’s will
– without turning it into a trivial circumstance, or maybe bartering it for discounts
and gadgets.
It is necessary to fulfil users’ legitimate expectations to use the Net more, navigate following their curiosity and be able to choose among different degrees of isolation and socialisation – without being in any way disadvantaged.
In processing personal data you are dealing with people rather than with objects.
How would you feel if you realized on leaving a shopping mall that a plate had
been tagged to your back in which the list of the shops you visited, the products you
had examined and purchased and the time spent before each shop-window were duly noted minute by minute, and if you knew that this plate had been copied against
your will by others, who might have added further considerations, judgments and
information concerning yourself?
I think that you would not be happy with all this, even though you felt that
nobody knew you within the shopping mall.
Still, this is what happens on the Net, where it is as if millions of sandwich men
were chewed by a minority that breeds resignation to the impossibility of deciding
whether and how to carry that plate, what should be written on it and who could
possibly have a look at it.
If it is a fact that economic enterprise is fraught with risk, one should also be
aware of the fact that the risk of accidents, market contraction and failure is actually increased by misjudging the privacy factor.
The standard contractual clauses for transborder data flows have enhanced the
value of safeguards for individuals based on contractual agreements – however, how
many businesses are actually making use of these clauses?
Again, we are ready to meet your demand for clear-cut, definite, easy-to-apply rules.
We would like to do so with your co-operation, since the new generation of
codes of practice can allow you to set forth rules in order to assess whether processing operations are lawful and fair.
It is also necessary to take account of the request to assess the privacy impact
in advance more precisely; this can be done by making a better use, in all countries,
66
Da costo a risorsa - Attività produttive e protezione dei dati personali
of hearings and public consultation.
If you adopt new best practices applying to privacy you could still count on a
reasonable profit margin in starting and maintaining an activity based on the use of
personal data.
After the 9/11 events, we chose to pursue the principle that “privacy and security are not in conflict”; by the same token, we may now be as daring as to say that
privacy is compatible with profit – indeed, it can become a profit lever. Only think,
for instance, of the cost reduction that can be achieved by TLC companies if they
are not required to store billions of telephone traffic data for several years.
Perhaps certain internal audit mechanisms, vocational training, and investments to develop non-polluting technologies as well as certification initiatives are
useful for the above purposes.
However, the widespread practice of assessing the privacy impact prior to
launching a new product or service or implementing a new production method inside a business would be probably more useful.
Greater attention is to be paid to substantive safeguards rather than to merely
formal requirements.
The resources deployed for privacy customer satisfaction purposes are not used
improperly, especially in the medium to long term. This will be shown by the considerations made during these two days concerning the harm to business image, the
costs resulting from litigation, administrative and sanctioning procedures, the negative effects that may be produced inside a business by intrusive controls over the
use made of PCs and by consumers’ low confidence in business fairness, network
security and the tricky procedures of electronic democracy.
The news of the second decision by an Italian court awarding damages pursuant to the DPA of 1996 was broadcast a few hours ago. In this case, a bank agency
will have to pay about 40,000 euros as a lump sum on account of the mere possibility that some sensitive information kept negligently at a bank counter may have
been glimpsed by other customers waiting to be served.
It is by no means certain that a softer privacy approach will be beneficial for
businesses. Indeed, based on the findings of a spamming survey that was carried out
by an Italian journal last September, it appears that over 10 million euros were spent
by Italian businesses in 2001 to download “electronic garbage” on their own computers. Based on this trend, there will be over 14,000 spam e-mails received yearly
by each Italian user within three years.
If you ask “who pays the costs of a high privacy level?” or maybe “what portion of the costs is to be borne by users-consumers?”, the answer should be that by
paying this possible contribution data subjects can anyhow escape a definitely worse
situation.
Finally, one might wonder why there should not be the possibility to support
initiatives undertaken by businesses – at least as regards research activities and/or
Giovanni Buttarelli - Fundamental Rights and Freedom of Enterprise
67
vocational training in this sector – given the jumble of exemptions, end-of-life incentives, deductions and tax reductions that have been devised for businesses.
We should not only think of the disclosure/non-disclosure dilemma as regards
personal data.
We should also consider the advantages for businesses resulting from circulation
of accurate, relevant, updated information without the “noise” caused by excess data.
Public bodies should perhaps consider other issues, such as the possible negative effects produced on privacy by public measures that are taken to safeguard market competition.
As you may have already guessed, it is not our intention to downplay or underestimate the “costs” issue.
That there are “costs” involved in dealing with this subject matter, it is expressly acknowledged by the European privacy directive as well as – implicitly – by the
Italian DP Act. Indeed, as regards technical security measures, our Act supports the
view that it is sensible to oblige businesses to invest in implementing such measures
- expensive though they may be – only if they are based on state-of-the-art technology.
There is no such thing as an unquestionable cost estimate, and anyhow such
estimates are dependent on the features of the activity that is carried out and the relevant arrangements as well as on the country considered. Moreover, they must be
placed in the relevant context based on the rules that apply to the specific case.
According to a survey carried out by the Aston Business School in 1994 to estimate the impact of the 1995 privacy directive, the concerns raised by private entities were excessive.
Subsequent surveys put the relevant costs at about 2% of the overall EDP expenditure.
We would like to assess, with your help, the profit margin resulting from costs
– i.e., how much one can benefit from the peculiar opportunity provided by the
need to protect fundamental rights and freedoms.
This is what has been apparently realised by EarthLink, as described by Ann
Cavoukian and Tyler J. Hamilton in their recently published book on the “Privacy
PayOff ” – which actually would seem to have been commissioned by us here.
The RBC Financial Group, a Canadian financial group, would appear to have
realised this if possible to a greater extent. Based on their in-house surveys, the privacy rate afforded by the Group is said to contribute by 7% to the decisions made by
consumers, and by another 7% to the Group’s added value – therefore, the contribution provided by privacy to the RBC trademark is estimated to already total 14%.
This is really not too bad as a start.
68
Da costo a risorsa - Attività produttive e protezione dei dati personali
The Effectiveness of Privacy Protection in Economic Systems
Orson Swindle (1)
General Opening
Good Morning. Thank you, Mr. Rasi.
And, let me also thank Professor Rodotá and the Italian Garante for the invitation to participate in this important privacy dialogue.
In particular, I want to commend the conference’s review of privacy protection
in the context of:
- consumer expectations,
- costs and benefits to businesses and governments,
- and effects on economies and the global marketplace.
Disclaimer/FTC
I am one of five Commissioners at the Federal Trade Commission.
So as I begin, let me explain that my remarks today are my own. They do not
necessarily represent the views of the Federal Trade Commission or of any other individual Commissioner.
Road Map of My Remarks
My remarks today will principally focus on our experience at the Federal
Trade Commission in helping to shape privacy protection in the marketplace
through the use of:
- our enforcement authority against unfair or deceptive acts or practices in
or affecting commerce; and
- our education and outreach to consumers and businesses.
At the FTC, our experience supports the notion that effective privacy protection is best ensured by focusing enforcement action against the misuse of information and the harmful consequences of such misuse.
Let me suggest a premise for consideration:
effective privacy practices are good for business; the free flow of information is
good for consumers.
Or said another way by a Member of the US Congress:
- “The ideas that privacy can actually be good for business and that infor(1) Commissioner, US Federal Trade Commission
Orson Swindle - The Effectiveness of Privacy Protection in Economic Systems
69
mation sharing can actually be good for consumers are the “two dirty little
secrets” of the privacy issue.” [Representative Diana DeGette (D-Colorado)]
Information Economy
What are consumer’s privacy expectations in an Information Economy?
- There is no question that consumers are deeply concerned about the privacy of their personal information.
- And, there is no question that a lot of information is being collected and
exchanged offline and online in a networked environment where we are all
increasingly interconnected.
- While consumers want the conveniences, services and product choices
that are made possible through new mediums and information technologies, there are questions about how consumer information is being used and
who is using it.
These are questions of importance to Americans, and we know that they are
concerns for individuals, businesses, and governments around the world. For this
reason, consumer privacy and consumer information security are two of the Federal Trade Commission’s highest priorities.
FTC’s Framework For Analyzing Privacy Issues
Let me begin by describing to you the framework we use to analyze privacy issues.
- The availability of information confers many benefits in our informationdriven economy.
- The miracle of instant credit helps to drive the American economy - and
at automobile dealerships, it allows Americans to drive away in new car
- Consumers can shop online 24 hours a day/7 days a week.
- These are benefits that consumers want and enjoy.
- At the same time, consumers are clearly concerned about their privacy.
- We believe that what consumers are most concerned about is that their information, once collected, may be misused in ways that harm them or disrupt their daily lives.
- These kinds of negative consequences drive consumer concerns about privacy.
- At the FTC, we think the most important part of any privacy agenda is
stopping or minimizing the kinds of practices that can cause those negative
consequences. Consumers want protection from:
70
Da costo a risorsa - Attività produttive e protezione dei dati personali
physical consequences - Consumers want to restrict availability of personal information, particularly for safety reasons [potential harm to children, stalking];
• economic consequences - Consumers fear harmful economic consequences ranging from improper denial of credit, even a job, or, in extreme circumstances, identity theft; and
• unwanted intrusions - Consumers have had enough of what I call “nuisance” intrusions to their privacy from activities like unsolicited spam
and unwanted telemarketing calls.
- Existing laws in the US, which target the need for privacy in different information sectors (financial, children, medical, etc.) areas through an industry sectoral approach, allow us to address harmful consequences and enforce
privacy promises.
- Our broad enforcement authority under Section 5 of the Federal Trade
Commission Act to deter “unfair or deceptive acts or practices in or affecting commerce” assists us in bringing cases that enforce privacy promises
made to consumers. This includes the promises made by US companies
that self-certify compliance with privacy principles under the US-EU Safe
Harbor framework.
- So, we focus on the consequences of information use, good or bad.
- When there are bad consequences from information uses, we look for
ways to correct the problems that may result.
We believe that this framework of analyzing privacy issues is highly effective in
the United States for:
- influencing the expectations and behavior of consumers and businesses in
the marketplace, and
- representing a pragmatic and efficient use of government resources by directing our enforcement efforts at the misuse of personal information that
can actually cause harm to consumers.
•
The FTC Privacy Agenda
In October 2001, FTC Chairman Timothy Muris announced an ambitious
privacy agenda that focused on vigorous enforcement of US laws and privacy promises to consumers.
We have doubled the number of staff dedicated to privacy enforcement and
have brought major cases and educational efforts forward.
During the past year,
- More than 30 cases were brought or settled, involving privacy and securi-
Orson Swindle - The Effectiveness of Privacy Protection in Economic Systems
71
ty, children’s online privacy protection, pretexting, the Fair Credit Reporting Act, abusive telemarketing practices, and spam.
- There are ongoing efforts to stop identity theft through collecting and analyzing consumer complaints, criminal referrals, education and training;
- We have conducted public workshops on financial privacy notices and security;
- There has been activity in rulemakings on telemarketing (pending Telemarketing Sales Rule) and security of financial information;(2) and
- We have conducted more than 15 consumer and business education initiatives.
We have ambitious plans for this coming year that further emphasize consumer information security, anti-spam efforts, and a federal Do-Not-Call List option for consumers who choose not to receive certain telemarketing contacts.
Case Discussion
The FTC has placed particular emphasis on the relationship between privacy
and security - which are really two sides of the same coin. Both have enormous effects on consumer trust and confidence. Without trust and confidence the full potential of information technology will not be realized.
The most recent FTC privacy cases underscore the basic principle that privacy
promises are important and must be honored. This is a test.
National Research Center for College and University Admissions and
American Student List
- Last month, we announced settlements with two companies: National
Research enter for College and University Admissions and American Student List. These cases involved the offline collection of sensitive personal information from high school students – such as name, date of birth, and religious and ethnic affiliation.
(2) The FTC promulgated a “Safeguards Rule” to implement the security requirements set forth in the Gramm-Leach-Bliley
Act. The Rule, which becomes effective in May, 2003, requires financial institutions under FTC jurisdiction to secure customer records and information. As part of its plan, each financial institution must:
1. designate one or more employees to coordinate the safeguards;
2. identify and assess the risks to customer information in each relevant area of the company's operation, and evaluate the
effectiveness of the current safeguards for controlling these risks;
3. design and implement a safeguards program, and regularly monitor and test it;
4. select appropriate service providers and contract with them to implement safeguards; and
5. evaluate and adjust the program in light of relevant circumstances, including changes in the firm's business arrangements
or operations, or the results of testing and monitoring of safeguards.
72
Da costo a risorsa - Attività produttive e protezione dei dati personali
- The two companies market a student survey to high school teachers and
guidance counselors asking them to administer the survey during class time.
the offline collection of sensitive personal information from high school students – such as name, date of birth, and religious and ethnic affiliation.
- The two companies market a student survey to high school teachers and
guidance counselors asking them to administer the survey during class time.
- The privacy statement on the survey claimed that students’ data “is used
by colleges, universities and other organizations to assist students and their
families by providing them with valuable information.”
- While using this information to match students to colleges might benefit
students and their parents, regrettably the companies also shared the information with commercial marketers.
- Contrary to their claim, substantial funding to finance the survey came
from commercial entities, including American Student List, one of the defendants.
- As a result of our action, the companies are prohibited from misrepresenting their privacy policy. If they sell the information for any non-educationrelated marketing purpose, they must disclose that fact as well as the types
of entities to whom they will sell the information. And, previously-collected information may be used only for education-related purposes.
In addition to looking at privacy promises both on and off-line (whatever the
medium), we are also focusing great attention on information and network security.
The Eli Lilly Case focuses on a firm’s responsibility for the security of
information
- First, a brief review of what happened in our Eli Lilly case:
• The privacy promise: Ely Lilly promised to keep consumers’ information confidential and secure
• The privacy problem: Consumers using prescription drugs for depression subscribed to a reminder email service offered at Lilly’s website.
- When Eli Lilly terminated the service, the email notifying subscribers revealed the subscribers’ email addresses – over 600 in all.
- The reason for the privacy problem was Lilly’s inadequate security
- Our complaint alleged that Eli Lilly’s failure to take appropriate steps to
ensure the security of consumers’ information – in light of the sensitivity of
the information – violated the FTC Act
- In Eli Lilly, there was an inadvertent breach that led to the disclosure of
sensitive personal information.
Orson Swindle - The Effectiveness of Privacy Protection in Economic Systems
73
Consequences can also be “potential” harm, rather than actual or realized harm.
In other words, we do not have to wait for a breach to take action.
The Microsoft Case focuses on keeping promises and potential harm
- The Microsoft Passport System is an online authentication service. Microsoft has 200 million e-mail accounts. It’s Passport Wallet has 2 million
accounts.
- Microsoft promised that it maintained a high level of security by taking
sufficient measures reasonable and appropriate under the circumstances.
- To our knowledge, there was no security breach which compromised consumer information.
- However, we still alleged Microsoft failed to or could not deliver on its privacy and security promises.
- In particular, we alleged that Microsoft did not maintain a high level of
security because it failed to have systems in place to prevent or detect unauthorized access; to monitor for potential vulnerabilities; and to record and
retain system information sufficient to perform security audits and investigations.
- The Remedy: Microsoft must implement an information security program and submit to bi-annual audits by an independent third-party for
many the next 20 years.
- Besides failing to deliver on its security promises, the Microsoft complaint
alleged other privacy violations:
• Collection of sign-in history was not disclosed
• Microsoft erroneously promised parents that they could control information collected about their children for Kids Passport service.
- The FTC’s Order requires Microsoft to institute an information security program that takes into account the sensitivity of the information collected and an ongoing assessment of reasonably foreseeable risks and threats. It also requires Microsoft to comply with its privacy promises.
Other Privacy and Security Concerns
Deceptive Spam
Within the past month, the Federal Trade Commission and 12 federal, state,
and local law enforcement and consumer protection agencies announced a fourpart initiative launched to fight deceptive spam.
74
Da costo a risorsa - Attività produttive e protezione dei dati personali
- The centerpiece of the initiative is a group of more than 30 law enforcement actions, including three FTC complaints and four settlements with
Spammers caught in an FTC sting. In addition, 10 law enforcement agencies signed letters to approximately 100 Spammers warning them that their
Spam appeared to be illegal and that action against them could be taken if
they continued their fraudulent scams.
- Ten agencies participated in the FTC’s “Spam Harvest,” an initiative designed to test which actions consumers take online that put them most at
risk for receiving spam.
- The initiative also developed consumer education material, including a
publication, “E-mail Address Harvesting: How Spammers Reap What You
Sow” (http://www.ftc.gov/bcp/menu-internet.htm). This material uses the
lessons learned from the Spam Harvest to provide tips to consumers who
want to minimize their risk of receiving spam.
Consumer and Business Education on Privacy and Information Security
Security Workshop and Education Campaign
- Last May, we held a public workshop to address consumer information security issues. The workshop discussion highlighted one very important –
and timely – point: that good information security is everyone’s responsibility: government, industry, and individual consumers. In addition, failure to
implement good information security practices has potentially devastating
consequences at all levels of our economy.
Culture of Security
- Another point that participants emphasized was the role that the FTC
should play in educating consumers and businesses in creating a “culture of
security.”
- The FTC’s Information Security Education Campaign was launched in
September. The goal of this campaign is to focus on the critical role information security plays in all sectors of our economy. The campaign comes
complete with a dedicated website (www.ftc.gov/infosecurity) and it features our very own: Dewie The e-Turtle (We call this taking a hard shell approach to security).
- The website highlights the recently revised OECD Guidelines for the Security of Information Systems and Networks. The FTC led the US delega-
Orson Swindle - The Effectiveness of Privacy Protection in Economic Systems
75
tion in the OECD Guidelines review. Our team consisted of the Departments of Commerce, State, Justice and Treasury.
We are constantly disseminating information throughout our society about
how to practically implement a “culture of security”.
Closing
The FTC’s framework for approaching privacy issues is to focus on the adverse
consequences caused by misrepresentations and misuse of consumer information and
to enforce existing US privacy laws to ensure that privacy promises are kept. I believe
this approach helps curb market abuses and fosters respect for consumer privacy.
We vigorously encourage corporate leadership, investment and innovation to
enhance information privacy and security practices.
- I firmly believe that the private sector is best equipped, motivated and capable of solving most of our concerns.
- I believe a combination of responsible self-regulation, market pressures, an
informed public, government encouragement, and vigorous law enforcement is the best path to better solutions rather than burdensome and most
likely ineffective government regulation.
- Although being an advocate for industry solutions for privacy and security, I never fail to remind industry leaders that,“Either you lead and make
responsible information privacy and security practices a part of your corporate culture, or I will assure you there will be an FTC in your future.”
In the United States, we see the results of our public and private sector partnership efforts in terms of increased compliance with privacy policies and increased attention to privacy and information security issues on the part of corporate leadership.
I believe that in the United States, the best means of protecting consumer privacy without unduly burdening e-commerce (or commerce, in general) has been a
combination of (1) consumer awareness, (2) leadership and self-regulation by the
private sector, and (3) aggressive government enforcement of existing law.
This approach is flexible enough to respond to changes in technology and to
the tremendous insights that we are gaining from the continuing dialogue among
government, industry, and consumers on privacy issues.
To that end, the FTC and I personally have been actively working with industry members, consumer groups, and others to address privacy concerns.
A simple truth: Consumers expect privacy protection - and, equally important firms realize that it is to their competitive advantage to respond to consumer expectations.
As public awareness of privacy issues has grown, market forces have definitely
come into play. For example, last year a Progress and Freedom Foundation study in-
76
Da costo a risorsa - Attività produttive e protezione dei dati personali
dicated that the most frequently visited US websites have clearly recognized that information management policies and privacy practices are necessary parts of everyday business on the Internet.
In addition, recent years’ progress in the development of privacy protection
tools is encouraging. Firms are making significant investments in time, ingenuity,
resources, and money to best solve and minimize privacy concerns. These investments and industry leadership and commitment need to continue.
I agree with US House of Representatives Energy and Commerce Committee
Chairman Billy Tauzin (R-Louisiana), who said that “ … the real and perceived fears
surrounding privacy need to be addressed.” “… Before we can have great debates of
how to fix the current situation, we must understand the current situation and the
constraints we are bound by ... Before we add new law, we must examine the old, as
the heavy hand of government often takes a broad swipe when invited in.”
This is the approach we have been taking at the FTC. We have increased our
enforcement of existing law by using our broad authority to enforce privacy promises made to consumers. At the same time, we are constantly assessing whether
there are areas of concern in need of greater enforcement authority. Yet, we have
been guarded in approaching the issue of whether broad new privacy legislation is
necessary.
We must all keep the dialogue going in high-quality and professional forums
such as this one in Rome.
Working together, domestically and on a cross-border basis, I believe that we
can effectively address the misuse of personal information and protect consumers
from harm, and at the same time, encourage innovative solutions to meet consumer
expectations in the marketplace.
Orson Swindle - The Effectiveness of Privacy Protection in Economic Systems
77
Balancing of Interests
Amitai Etzioni (1)
Before we lay a glove on our individual rights, at the heart of a free society, we
must assess the scope and nature of the threats to our safety. These can be readily
overstated. Thus, the danger of dirty bombs has been vastly exaggerated; a good part
of their exposure can be washed off with soap and water. The bomb’s main effect is
panic, which is best curtailed by expanding public education, not by trimming
rights. Before we feel cornered by a worldwide conspiracy, we ought to note that
very different groups - including Chechnyan freedom fighters, Columbian drug
dealers, and Philippine kidnappers - have been spun together into a global terrorist
network by the United States. Such overstatements can readily lead us to tolerate
unduly repressive policies.
Nevertheless, a cautious assessment finds thousands of Islamic extremists openly declaring their intention to harm the free world, especially the Big Satan (the
United States); the production of various kinds of weapons of mass destruction by
states known to have collaborated with terrorists in the past; and poor control of
weapons, including miniature nuclear weapons and biological arms, in former communist countries. All of this calls for stronger safety measures. True, so far nations
other than the United States have not been a prime target of Islamic terrorists, but
all free countries have good reasons to stand by their major ally and refuse to serve
as launching pads for attacks on it, as to some extent, Hamburg and Montreal have
been. Nor can a nation assume that it is immune from terrorist attacks, as we witnessed, for instance, when the Armed Islamic Group of Algeria planted a series of
bombs in rail stations in France in the mid-1990s.
The most welcome new safety measures are those that do not entail curbing
rights. These include reinforcing cockpit doors in airplanes, providing pilots with
stun guns, and training flight attendants in self-defense, to name just a few. Refusing to allow people who are suspected of being terrorists entry into one’s country violates no rights; obtaining a visa is a privilege a nation accords visitors, not a right
anyone commands. Insisting that airlines provide the names of passengers to public authorities before they land is fully acceptable for the same basic reason. Arguably, the same holds for smart cards, in effect, voluntary ID cards, of the kind
used in Schiphol airport, which allow vetted travelers to zoom through lines, enabling public authorities to focus their attention on the rest. X-raying containers
imported from overseas might well also qualify. (These last two items could raise
(1) George Washington University – Usa
78
Da costo a risorsa - Attività produttive e protezione dei dati personali
some privacy concerns, if not properly introduced and supervised.)
When we must turn to trade-offs between rights and security (which cannot
be fully avoided), a mini-max approach should be the guiding principle. Measures that
entail a minimum (at worst, a low) level of violation of rights and, at the same time,
greatly (at least significantly) enhance our security should be tolerated; measures
that provide substantial intrusion and add little safety should be avoided. Those that
fall in-between should be introduced only when threats are high and must be particularly closely monitored. Because this principle addresses the core of the question
at hand, and the devil of unnecessarily violating rights or not providing essential security lies in the details, several examples are provided using the mini-max criterion
just discussed. Note, though, that this is but an illustrative list, and not an exhaustive one. Moreover, one may disagree about the details and yet buy into the minimax criterion.
Mass detention (not to mention deportation) of citizens based on their ethnicity or religion, say those of Pakistani origin or all Muslims - the way Japanese Americans were detained during World War II - constitutes a gross violation of the individual rights of many thousands of innocent people, while adding precious little to
national security. Questioning hundreds of thousands of immigrants, just because
of they are of Arab origin, as the Fbi is doing, has a similar, highly objectionable
profile. Cameras in public spaces may be justified, but certainly not keeping records
of the movements of one and all, especially if that information is available for users
other than those who fight terrorists. Screening the e-mail messages of all citizens
to find those of terrorists is another bad case in point, as is indiscriminate analysis
of credit card records to look for unusual purchase patterns. In short, treating everyone as if they were terrorists until proven innocent constitutes a maximum violation
of rights. Furthermore, these same measures provide little, if any, security. Actually,
they may set it back by cluttering the system and draining resources. Similarly, mobilizing all citizens-especially mailmen, taxi drivers, and truckers—to act as the eyes
and ears of public authorities may not constitute a technical violation of anyone=s
rights, but it will make people suspicious of each other, undermine the social fabric, and flood authorities with useless tips and malicious gossip. It will hide the terrorists needles we need to find in enormous, government-made haystacks.
In contrast, roving wiretaps introduced in the Usa Patriot Act meet the criterion of minimum intrusion and make a significant contribution to public safety. Wiretaps of any kind are approved only after public authorities have presented evidence
to a magistrate that there is good reason to suspect that a specific person is a terrorist (or other kind of criminal). The level of evidence required is quite high, reflected
in the fact that rather few such wiretaps were authorized before 9/11. Indeed, in the
U.S. the standards were set so high that Fbi, whose agents were keen to search the
Amitai Etzioni - Balancing of Interests
79
computer of Zacarias Moussaoui (believed to be the 20th hijacker), did not even
bother to ask for permission. Most damaging to security is that before 9/11, when
taps were authorized, they were limited to one specific phone. A new feature that
was added after 9/11 is that, if and when permission to tap is granted, it encompasses all of the phones the same suspect uses (hence the term “roving”). Roving wiretaps
are still minimally intrusive because they can be used only against those people that
authorities have been able to convince a court are suspects, and information gathered
inadvertently about others who are overheard must be suppressed.
Other new measures that meet the criterion of minimum intrusion and significant contribution to security include improving the cooperation and collaboration
between agencies that deal with suspects once they enter a country (MI-5 and the
Fbi) and those that follow them overseas (MI-6 and the Cia), modernizing the communications and computer systems of agencies involved in national security, hardening the domes of nuclear plants, and protecting our numerous computer systems
from cyber-attacks using various new software and audit trails.
In addition, all new measures should be examined to establish whether one
could find ways to reduce the conflict between rights and security. For instance, security requires that suspects on trial are prevented from finding out the identity of
agents planted in their terrorist cells and those of their own who turned them in, as
well as the specific ways information about them was gathered. However, all suspects should be able to choose from a list of lawyers who have security clearance the
one they wish to join their defense team. This lawyer could establish whether the
claims the government is making are indeed supported by the classified information.
To help ensure that all safety measures will be used legitimately, accountability must be expanded as the power of public authorities is increased. Such heightened oversight should not be limited to members of the executive branch of the government, including the Inspector Generals. The staff and oversight powers of select
committees of members of Parliament or Congress should be expanded. Barriers
that prevent the courts and the fourth estate from doing their job in the name of
national security should be particularly carefully scrutinized. If all these layers of accountability act vigorously, excesses - hard to fully avoid - will come to light quickly and will be countered before they become pervasive.
Some argue that you simply cannot trust the government. Hence, it is best
not to allow the fox into the citizen coop in the first place, rather than try to muzzle it once it is given free range. If one distrusts government that much, one must
rush to act to change it, rather than try to prevent it from adopting necessary safety measures. At the same time, it must be noted that the surest way to pave the
road for demagogues to usher in a totalitarian government is to prevent free soci-
80
Da costo a risorsa - Attività produttive e protezione dei dati personali
eties from taking effective measurements required to provide the people with elementary safety and security.
Ultimately, the question of trading rights for safety cannot be addressed outside time and place, disregarding history and society. Thus, one may strongly object
to extending the power of an oppressive government, such as that of Singapore,
which one reckons is already wildly excessive. At the same time, one may recognize
that before 9/11 the United States did not have many of the safety measures that
the U.K. introduced following its earlier experiences with I.R.A. terrorists. Or, that
after 9/11 the US went way overboard, especially by holding people in detention
for indeterminate periods, without charging them with any crimes or according
them access to attorneys.
Measures that provide what might be called collateral gains are especially welcome. These are measures that make for better government or society-whether or
not they work to prevent future terrorist attacks. Training thousands of volunteers
to act as “first responders” - to assist firefighters, rescuers, and medical personnel will help cope with natural and manmade disasters. Shoring up the public health
system to deal with bioterrorism, developing a more effective public health reporting system, increasing the capacity of emergency rooms, and improving the working conditions of nurses in order to attract more people into the profession are all
salutary improvements, even if no additional terrorist attack ever takes place.
Last but not least, in this area, as in many others, prevention is the best treatment. Terrorism has many complex causes. Hence, to suggest that the West should
work much more to reduce poverty and injustice-forgive the debt of the poorest nations, provide free drugs to those infected with HIV, and quadruple foreign aid - although justified in its own right, will not eliminate terrorism. The same holds for
the suggestion that the West should withdraw its support from authoritarian governments. We must be willing to acknowledge that a major reason strongly religious
people become terrorists is because they view our free way of life as offensively permissive, morally vacuous, and dedicated to goods instead of God.
Nevertheless, an important element of a long term drive to deal with the causes of terrorism must include support by free societies for the forces of reform in nations that breed or support terrorism, for instance in Iran. Engaging nations such as
North Korea in trade and encouraging student exchanges and tourism rather than
hampering it will work better than hostile isolation. Support for the worldwide
movement of women’s rights will appeal to women, especially young ones, in large
parts of the Islamic world. In short, the more we bring liberty and individual rights
to other people, the more we foster the social, economic, and political conditions
in which open, democratic societies may evolve - the less we will have to trade our
rights for enhanced safety.
Amitai Etzioni - Balancing of Interests
81
La tutela dei dati personali in una realtà multinazionale
Umberto Paolucci
(1)
Vorrei usare il mio tempo essenzialmente su tre punti. Il primo è il momento
attuale nel quale il mondo dell’Information Technology si trova. Il secondo è quello
che riguarda la necessità di avere un approccio molto interconnesso e globale fra i
temi della sicurezza e quello della privacy, che non sono così antitetici come spesso
si sente dire. E il terzo è quello della nostra esperienza aziendale. Questi sono i tre
temi nei quali vorrei spendere i minuti a mia disposizione.
Il momento tecnologico. Un momento nel quale noi possiamo davvero essere
molto ottimisti, in ragione della decisione da parte dei grandi fornitori di tecnologia di base di mettersi d’accordo su alcuni standard di rappresentazione dei contenuti della rete, in particolare sull’ uso di Xml e sull’ interoperabilità dei Web services, questi componenti, questi strumenti che permettono al software di lavorare davvero insieme e che permettono ai dati di essere usati in maniera globale, rendendo
internet una risorsa programmabile. Quindi non un insieme di tante isole separate:
il software di una generazione, di un’azienda, pensato per fare un certo lavoro, viene esteso a lavorare anche con altri software di altre aziende pensati con altri obiettivi. Quindi possiamo ora mettere insieme dei mondi che non erano nati per stare
insieme con degli strati di compatibilità che nascono dai Web Services. Questa è una
grande promessa che apre uno spazio applicativo enorme.
L’hardware sottostante, con il quale noi abbiamo a che fare quando lavoriamo
sul software, continua a mantenere la promessa di raddoppio delle prestazioni ogni
18 mesi per quanto riguarda i processori, le memorie. Vi è addirittura un fattore tre
per quando riguarda la larghezza di banda, come la fibra che ci arriva in azienda e
nelle case, e sempre un fattore 3 anche per quanto riguarda la capacità dei dischi,
sempre ogni 18 mesi. Tutta questa gamma raffinata di monitor, di schermi grandissimi che ci avvolgono o piccolissimi che ci portiamo in tasca, con grande capacità
di risoluzione. Tutto questo ci dà delle possibilità di creare dei nuovi livelli di semplicità con il software, e questo vuol dire avere del software che ci potrà capire nel
nostro modo naturale di esprimerci, nel nostro linguaggio naturale, scritto, parlato
un software che ne interpreta le possibili ambiguità e decide il senso più giusto di
ogni frase. Il Tablet PC, che è sul mercato da un mese, è un grande passo avanti in
questa direzione, mette insieme il mondo della scrittura con il mondo formale del
testo, con i caratteri di testo cosi’ come sono gestiti dai computer.
(1) Vice Presidente Microsoft Corporation
82
Da costo a risorsa - Attività produttive e protezione dei dati personali
Il grande tema dell’usabilità, quindi poter parlare, lavorare con queste macchine in una maniera che ci è connaturale, anche risolvendo problemi di coloro che ne
sarebbero esclusi per motivi di handicap, è un obiettivo di cui dobbiamo tenere conto. Gli oggetti che ci portiamo dietro, per esempio questa legge di cui vi parlavo prima di raddoppio delle prestazioni ogni 18 mesi, alla fine fa sì che non ci siano solo
macchine potentissime nella fascia alta, ma anche macchine particolarmente raffinate e poco costose nella fascia bassa con componenti di pochi dollari che ci portiamo dietro. Abbiamo così un assortimento di oggettistica la quale finalmente può
mantenere la promessa di sincronizzarsi da sé, di andar d’accordo con se stessa: il
mio telefono è sincronizzato con il mio pocket pc o con il mio pc e il mio pc è sincronizzato con la rete. Quindi un universo che lavora davvero per noi. Questo è
molto pratico e le aziende stanno utilizzando questo sistema per ridisegnarsi, rendendo dei processi che prima erano analogici, cioè basati su passaggi cartacei o su
interventi manuali anche di basso livello, a processi digitali, ai quali veramente la
tecnologia dà una mano.
Questa maggiore pervasività per la tecnologia è positiva: vuol dire grande opportunità, vuol dire maggiori opportunita’ per le persone, vuol dire però maggiore
vulnerabilità. Vuol dire un grande rischio. Il rischio è che se le persone non si fidano non possono contare veramente sull’affidabilità degli oggetti con cui hanno a che
fare, tutto questo che ho appena finito di descrivere non succede, ci fermiamo per
mancanza di trust, di confidence in questo universo che di fatto è complesso e del
quale dobbiamo nascondere la complessità quando la presentiamo agli utenti finali. La complessità dobbiamo delegarla al software, non alle persone.
I temi di cui vorrei parlare: ho toccato rapidamente lo scenario tecnologico pertinente al nostro lavoro di oggi. Trustworthy computing è l’iniziativa che noi abbiamo definito come grande priorità per noi stessi, noi investiamo quest’anno più di 5
miliardi di dollari nella ricerca e sviluppo, di questi circa il 60% sono dedicati a questi temi, che non sono temi che si possono affrontare alla leggera e sui quali siamo
impegnati.
Il tema della privacy è certamente un tema di grande rilevanza per noi sul quale siamo molto focalizzati. Il tema della sicurezza, cioè avere dei sistemi che resistono
agli attacchi, che sono integri nelle loro componenti, che forniscono i dati solo quando ci devono essere. E l’affidabilità delle tecnologie, dei sistemi, in tutti i loro componenti, perché se una parte è meno affidabile, evidentemente lo è anche il prodotto nel suo insieme. L’affidabilità dei fornitori, quindi di coloro che devono garantire
con la loro reputazione, con le loro regole, con la loro presenza su più teatri operativi, su più paesi. Si deve poter garantire la validità di quello che fanno e quando sbagliano devono essere corretti, aiutati, perché quello che stiamo scrivendo adesso non
è un libro già scritto, è un libro nuovo nel quale noi vogliamo usare in maniera più
Umberto Paolucci - La tutela
dei dati personali in una realtà multinazionale
83
aggressiva, a vantaggio della nostra qualità della vita, della qualità del nostro lavoro,
le tecnologie che ci sono. Il rischio è di correre troppo, fare degli errori, essere più aggressivi, più ambiziosi. E quindi è giusto che ci sia questa rapporto di collaborazione
tra autorità e fornitori di tecnologia, fra industria e istituzioni, per il quale ci si possa reciprocamente dare una mano. Questo è assolutamente benvenuto.
Il tema che volevo toccare è dire quello che facciamo noi al nostro interno per
garantire il rispetto delle regole di privacy. Noi abbiamo creato un Hand book sulla
privacy, che non è un hand book fisico ma è un oggetto che si evolve sulla nostra rete per il nostro personale, per i nostri partner, che definisce i principi non solo ad
alto livello, ma che definisce anche i comportamenti in tutta una serie di scenari reali, concreti che si presentano durante il lavoro di diverse tipologie di persone, quindi agli executive, ai manager, alle persone che devono organizzare una campagna di
marketing, a coloro che devono gestire dei dati o delle campagne in collaborazione
con delle realtà esterne. Quindi definiamo dalle policy, su come i dati vengono gestiti, su quanti devono essere tenuti, su quali sono le regole, anche in rispetto degli
accordi come quello che abbiamo sentito citare prima, di fronte ad una serie di scenari. Questo è uno sforzo partito negli Stati Uniti. Come spesso avviene gli input
delle multinazionali americane partono dalla casa madre, e noi ci sforziamo, e in
parte anche ci riusciamo, di avere davvero una visione più globale fin dall’inizio, tenendo conto di quelle che sono le regole e i principi che valgono in paesi diversi dagli Stati Uniti, dove le regole possono essere diverse dalle nostre. Come voi mi insegnate, sapete che le cose sono molto diverse qui in Europa. Quindi quello che noi
qui cerchiamo di fare è di creare una serie di processi, una serie di regole, una serie
di paletti, noti alle persone e a quelle che lavorano con noi anche all’esterno, in modo che si possa veramente condividere un patrimonio di conoscenza, in modo di
utilizzare al massimo quello che noi possiamo fare e rispettare la responsabilità che
abbiamo.
E naturalmente quando si danno degli obiettivi bisogna dare anche una metrica per misurare in che modo gli obiettivi sono raggiunti, quindi abbiamo messo
sempre sulla nostra rete, a disposizione di tutti, uno strumento che misura la compliance, il grado di rispetto, che è in sostanza un privacy health index, così come abbiamo lo health index per la salute del personale in termine di soddisfazione, di rapporti con i loro capi, di validità degli obiettivi, ne abbiamo uno sugli aspetti della
privacy. E vi dico che è un indicatore che ha effetti importanti sulla carriera delle
persone, sulla loro retribuzione, sui loro bonus, e sulla loro capacità di farsi allocare del denaro, per la quantità di budget nei progetti che via, via si vengono a proporre. Quindi è uno strumento operativo molto agile che naturalmente cresce, si
evolve. Perciò dicevo che non è un book virtuale, che credo debba essere considerato, non voglio dire, una best practice, ma comunque una practice interessante e che
84
Da costo a risorsa - Attività produttive e protezione dei dati personali
aziende strutturate anche geograficamente dovrebbero usare in maniera estesa.
In realtà a ciascuno viene richiesto di identificarsi, nel suo lavoro e negli scopi
che ha per usare l’hand book, quindi identificarsi come posizione, come obiettivi,
come scenario applicativo e in funzione di quello, vengono presentate tutte le alternative, tutti i paletti che servono per guidare queste alternative. E in questo senso è
importante avere una tassonomia, quindi una serie di termini, di definizioni comuni per la quale non ci sia assolutamente ambiguità. E questa tassonomia nel nostro
sforzo per la sicurezza, per l’iniziativa di knowledge transfer di cui parlavo prima,
l’abbiamo fatta ovviamente validare, è nata da un lavoro comune con le società di
auditing più importanti. Quindi i termini significano delle cose condivise, sulle quali siamo veramente d’accordo. Non posso naturalmente permettermi di insegnare
nulla a nessuno in questo contesto. Su questi temi noi abbiamo preso atto delle regole della direttiva del ’95 e per noi è benvenuta e sono benvenuti gli sforzi che vengono fatti nell’evolverla e nell’armonizzarla. L’articolo 29 consigliava la Commissione Europea di creare quelle omogeneità che è importante che ci siano, sia per motivi di principio, che anche per motivi strettamente operativi, legati al lavoro delle
aziende che devono ottimizzare ovviamente la loro presenza e le loro regole su paesi diversi. E abbiamo preso atto con piacere dell’accordo che è stato anche prima citato: siamo stati tra i primi tra le grandi corporation ad aderire e siamo molto sensibili sia a quello che viene dagli Stati Uniti che a quello che mano a mano verrà anche in Europa. Cerchiamo di dare anche il nostro contributo di esperienza. Ecco
quindi in conclusione la nostra iniziativa su il TWC (Trustworthy Computing) e posso con fermezza dire che la priorità più alta che abbiamo non è solo di fare software, non è di implementare più caratteristiche, più funzioni ma è di far si che le persone possano contare più tranquillamente su queste funzioni. Gli obiettivi sono ambiziosi, intendiamo raggiungere lo stesso livello di affidabilità anche nell’immaginario collettivo di reti ben più mature, di reti per le quali evidentemente, in modo intrinseco, la complessità si ritrova ad essere al centro (es.energia, reti idriche, reti telefoniche), mentre quando si parla dei nostri oggetti, la complessità per definizione,
è distribuita alla periferia. Quindi dobbiamo in qualche maniera non delegarla alle
persone ma farla gestire dal software. E questo è un obiettivo molto più complicato
da raggiungere di quanto non si debba fare con altre tecnologie come l’elettricità per
esempio e in qualche misura, anche con il telefono, per lo meno nell’accezione di
telefoni più tradizionali. In realtà i telefoni che noi abbiamo, quello che ho io qui,
uno Smart Phone, è un computer e quindi mi consente di lavorare via Gprs come se
fossi in ufficio.
Nel breve il nostro obiettivo è quello di migliorare il progetto delle cose che
noi facciamo e che fanno quelli che lavorano insieme a noi, le impostazioni di base, quindi le scelte di default. Puntiamo a far mettere in moto da parte delle azien-
Umberto Paolucci - La tutela
dei dati personali in una realtà multinazionale
85
de, dei processi, delle procedure semplici, anche da questo punto di vista. Perché
noi abbiamo visto, questo è un dato che voglio condividere con voi, che quando ci
sono dei guai in una azienda per motivi di virus, per motivi di sicurezza violata in
qualche modo, nel 95% dei casi questo nasce dal fatto che il software che esiste, i
patch che esistono, le ultime configurazioni disponibili non erano state installate,
quindi non c’era bisogno di inventare il prossimo antivirus che non c’era ancora,
sarebbe bastato fare quello che si poteva fare. Purtroppo, nostra colpa, il rimanere
aggiornati non è sempre così facile, il propagare delle soluzioni che curano dei problemi improvvisi, deve essere più veloce di quando non si propaghino i problemi
improvvisi stessi, e quindi dobbiamo fare un lavoro molto significativo dal lato della tecnologia e non possiamo farlo da soli. Nel medio termine, dobbiamo certamente raggiungere questi obiettivi di sistemi che si gestiscono da soli, che si autoconfigurano, si auto-aggiornano sulla rete, che si auto-medicano quando vengono
feriti in qualche maniera. E però questo non è facile e soprattutto non è facile, come dire, avere impegni davvero finalizzati sulla ricerca. Perché lo sforzo non può
essere fatto solamente dal mondo privato, deve essere fatto anche dal pubblico. Sono felicissimo per il sesto programma quadro anche in Europa e mi auguro che
vengano fuori delle acquisizioni concrete. Dobbiamo essere insieme su questa sfida. E il tema, come ho detto, non è quello di fare più cose, ma è quello di farle con
maggiore affidabilità.
Il contesto è questo: il software che esce, deve essere pensato in termini di sicurezza, di privacy fin dall’inizio, quindi non ci deve essere un’aggiunta dopo, perché
qualcosa non funziona come previsto. Testare software, vi segnalo, costa di più che
scriverlo. Quindi se il software nasce con rammendi successivi non sarà mai affidabile come è invece giusto che sia. In termini di default, vi spiego rapidamente, significa dare agli utilizzatori, che non si suppone siano particolarmente esperti, degli assetti di macchina, delle scelte standard di configurazione del software, che siano le
più protette possibile, che disabilitino le funzioni che sono solamente interessanti e
però estendono l’area di vulnerabilità e di attacco. Per coloro che sono più raffinati
e più esperti, quindi le opzioni più belle, più ricche, più aperte all’esterno, quindi
più attaccabili, devono essere attivate esplicitamente, ma solo da chi se lo può permettere. E il tema di installare livelli adeguati di sicurezza e di privacy nelle funzioni deve essere semplice nella sua mantenibilità nel corso del tempo, altrimenti, come dicevo prima, per esperienza del 95% di aziende che non si mettono a posto,
perché è troppo complicato o perché non ci pensano e allora è davvero colpa nostra.
E dobbiamo anche metterci d’accordo su come comunicare le cose. Per esempio ci
possono essere degli approcci per i quali quando ci si rendere conto che c’è un problema di importanza, per molti, globale, una violazione di sicurezza, di privacy e allora bisogna mettersi d’accordo se, al di là dei circoli ristretti degli addetti dei lavo-
86
Da costo a risorsa - Attività produttive e protezione dei dati personali
ri, lo si deve dir subito che c’è questo problema, oppure se lo si deve dire quando si
ha una soluzione. Quindi vanno presi certi rischi oppure no. Su questo ci devono
essere dei codici molto precisi di allineamento di coloro che hanno la responsabilità della quale prima parlavo. E mi permetto anche di accennare al fatto che abbiamo messo, come azienda, a disposizione un “response center” che per problemi di virus, di sicurezza è disponibile gratuitamente per chiunque, per ogni emergenza e
questo è anche un contributo a questo grande obiettivo che penso che tutti quanti
condividiamo.
Umberto Paolucci - La tutela
dei dati personali in una realtà multinazionale
87
Personal Data Protection in a Multinational Framework
Umberto Paolucci
(1)
I would like to use up my time here to deal with three main issues. I would
first like to deal with the world of Information Technology and where it currently
stands. Secondly, with the need to have a much more interconnected and global approach to the themes of security and privacy, which are not so diametrically opposed, as is often said. And thirdly with my corporation’s experience.
A technological era. A time in which we can really be very optimistic in view
of the decision made by the major basic technology providers to agree on some netcontents representation standards, in particular on the use of XML and the interoperability of web services, the components and services that have enabled the software to really work together, the data to be used in a global manner, and internet
to become a programmable resource. Consequently, not a group made up of many
different islands: the software of a generation, of a company, developed to carry out
a given task, shall be extended to work with the software of other companies, developed to carry out other objectives. So now, we can put together worlds that were
built to be apart, their compatibility arising from the Web Services. This is a substantial promise that paves the way to enormous applicative space.
The underlying hardware we deal with when we work on the software, continues to keep its promise of doubling its performance every 18 months with respect
to processors and memories. We even have a three factor in respect of the band
width, like the fibre we get in our corporations and homes, and a three factor also
in respect of disk capacity, always every 18 months. The whole refined range of
monitors, the very large screens surrounding us, or the very small ones we carry in
our pockets, all have a very high resolution. All this gives us the chance of creating more simple software capable of understanding our natural way of expressing
ourselves, our natural language, whether written or oral: a software capable of interpreting possible ambiguities and deciding the more correct meaning of each sentence. Tablet PCs, which have been on the market for one month, are a huge step
forward in this direction; they combine the world of writing with the formal world
of a text, with text characters as they are handled by computers.
As to the major theme of usability, to be able to talk and work with these
machines in a way that is natural for us, as well as to solve the problems of those
persons who would be excluded in view of their handicaps, are objectives we have
to keep account of. As to the handsets we carry along, well, for example the law I
(1) Vice President Microsoft Corporation
88
Da costo a risorsa - Attività produttive e protezione dei dati personali
was mentioning before on doubling performances every 18 months, in the end has
generated a situation in which we both have very powerful high-range sets and especially refined, but rather cheap, low-range sets. The range of machines is so large
that it can finally keep its promise of self-synchronisation, of getting along with itself: my phone is synchronised with my PC and my PC is synchronised with the
net. So we have a universe that really works for us. It is very practical, and corporations are using this system to reorganise themselves, to replace their analogical
procedures - also based on paper or low-level manual work - with digital ones, with
the help of technology.
This greater pervasiveness is good for technology: it means big opportunities,
greater opportunities for people, but also greater vulnerability. It means running a
big risk. The risk is that if people do not trust, or cannot really count on, the reliability of the devices they are dealing with, then everything I have just said will not
take place; we will come to a standstill for lack of trust and confidence in this actually complex universe; in fact, we have to hide its complexity when we present
it to its end users by delegating it to the software instead of the people.
So I have quickly dealt with the technological milieu we work in today. Trustworthy computing is an initiative we have been giving great priority to. This year
more than 5 billions dollars have been invested in research and development. About
60% of these funds have been dedicated to these themes, which cannot be dealt
with light heartedly.
I would now like to deal with the theme of “Privacy”, which is of extreme importance to us, and on which we have focused great attention. A system is safe when
it can resist attacks, features sound components, and is capable of providing data only when it is supposed to. It implies a trustworthiness in the technologies, the systems and all its components; this is because if just one part is less reliable, then the
whole system is too. The trustworthiness of the providers of security is given by their
reputation, their rules, their presence in several operative theatres, in several countries.
The validity of what they do has to be guaranteed, and when they make a mistake,
they have to be corrected, helped, because what we are writing now has not been
written before, it’s a new book, where existing technologies can be used in a more aggressive way to improve the quality of life, and work. We run the risk of going too
quickly, of making mistakes, of being more too aggressive and ambitious. And so the
authorities and the technology providers, the industries and the institutions should
co-operate, mutually help each other. This would be absolutely welcome.
And now, I would like to deal with the steps taken by my company to ensure
compliance with privacy rules. We have developed a privacy handbook, which is
not a physical handbook but one developed on the net for our personnel and partners, setting forth both our high-level principles and our approach vis à vis a whole
Umberto Paolucci - Personal Data Protection in a Multinational Framework
89
series of real and concrete scenarios we face while working; by “we”, I mean our
executives, managers, the staff organising the marketing campaigns or handling
data or campaigns in co-operation with external entities. So through our corporate
policies, we decide how data is handled, if it is stored, and how to deal with different milieu. This effort was launched in the United States. As is often the case,
the inputs of American multinationals come from their parent company, and we
try, and in part succeed, to have a global view from the start, keeping account of
the rules and principles that apply to countries other than the U.S., where rules
can be different from ours. As you know, things are very different here in Europe.
So what we are trying to do here is to develop a set of procedures, rules and restraints, to be disseminated to our external workers and the people, with a view to
mutually share a heritage of knowledge, and to implement our objectives while
complying with our commitments.
And, naturally, when you set objectives, you also have to develop a tool capable of gauging their success. For this reason, we have introduced on the net a tool
for gauging compliance, i.e. a privacy health index, which is similar to our personnel health index, developed to measure personnel satisfaction, workers’ relations
with their bosses, and the validity of objectives. So now we have one on the various
aspects of privacy. A personnel health index is an indicator which deeply affects careers, remuneration and bonuses. It also shows personnel capacity to be allotted
money for the various projects. Thus it is an agile operational tool, which naturally grows and develops. It is not a virtual book; it should not be considered so much
a good practice, as an interesting practice, which world-wide corporations should
thoroughly use.
Each person has to identify himself, his job, objectives and the reason for using the handbook. Each person then is presented with alternatives and instructions
to implement them. In this respect, it is important to have a taxonomy, a number
of words or common definitions to do away with ambiguity. Obviously we had this
taxonomy validated, in our effort towards security and the knowledge transfer I
mentioned before. It was generated by a common effort made together with the
more important auditing companies. So the words mean something that is shared
by the others, and we really agree on its meaning. Naturally, I cannot afford to
teach anything to anyone here. In this respect, we have abided by the rules set forth
in the ’95 Directive, and we support them. We also appreciate all the efforts made
to develop and harmonise said directive. In Article 29, the European Commission
suggests implementing the required approximations both as a matter of principle
and for strictly operational reasons linked to the work carried out by corporations
to optimise their production and rules in the different countries. We were also happy to acknowledge the agreement mentioned before: we were one of the first major
90
Da costo a risorsa - Attività produttive e protezione dei dati personali
corporations to sign such an agreement and we are very sensitive both to what
comes form the United States of America and what will gradually also come to Europe. We have also tried to contribute with our expertise. Here then our initiative
on Trustworthy Computing, and I can definitely say that our first priority is not only to make software and implement more characteristics and functions, but also to
make sure that people can safely count on these functions. Our objectives are ambitious, we want to reach the same level of trustworthiness in the public imagination than far more developed nets have, and in respect of which, evidently, in an
intrinsic way, the complexity is at the centre (e.g. electricity, water systems, telephone systems). When dealing with our products, instead, the complexity by definition, is distributed over the periphery. So, in some way we must not delegate it to
the people but we have to get the software to deal with it. And it is far more complicated to reach this objective in our field than it is when dealing with other technologies like electricity, for example, and to a certain extent, also the telephone, at
least the more traditional one. In fact, the phones we have now, the one I have here
today, is a Smart Phone. It is a computer that allows me to work via GPRS as if I
were at the office.
In short, our objective is to improve the project of the things that we and
those working with us make, the basis procedures and default choices. So as to simplify the processes and procedures used by the corporations. We have seen that
when a company is in trouble because of a virus and their security has been
breached in some way, in 95% of the cases this is due to the fact that the last available configurations have not been installed in the existing software and patch. If
they had been installed it would not have been necessary to invent a new anti-virus.
It would have been enough for the company to do what could be done. Unfortunately, nostra culpa, it is not always simple to stay updated. The dissemination of
the solutions for sudden problems has to be quicker than the dissemination of the
sudden problems themselves. Consequently, we have a lot of work ahead of us, and
we cannot do it alone. In the average term, we certainly have to reach the objective
of self-managing systems, self-configurating, self-updating on the net, and selftreating when they get wounded in some way. However, this is not easy and, in particular, it is not easy to undertake commitments in the field of research. Efforts cannot only be made by the private companies, they also have to be made by the public entities. I am very happy about the sixth draft programme developed in Europe
and I hope that something practical will come out of it. We have to meet the challenge together. It is not a question of doing more things, but of making them more
trustworthy.
In the future, when software is developed, it shall have to be secure and consistent with the privacy rules as from the start. It must not be set right later on, be-
Umberto Paolucci - Personal Data Protection in a Multinational Framework
91
cause something has not worked as expected. Please note that it is more expensive
to test software than to develop it. Then, if the software comes out to be subsequently improved, it will never be as reliable as it should be. As to default, in short
it means giving not especially expert users the information required to prepare their
computer, i.e. standard choices to configurate the software in such a way as to protect it as much as possible, and to disable the functions that although interesting increase their set’s vulnerability and attack area. There are nicer and more interesting
versions too, but they are for those who are more skilled and knowledgeable. However, these versions are not as protected from the outside world and can be attacked
more easily. They have to be activated explicitly only by those who have the skills
to do so. Adequate levels of security and privacy should be simple to install, and
simple to maintain over time. Otherwise, as I was saying before, like 95% of the
corporations, the software is not updated because it is too complicated or because
no one thinks about it, and then this is really our fault. And we also have to decide
how to get this information across. What approach should be followed. For example, if one realises that there is an important problem affecting many persons, a
global problem, a breach in the security or privacy, then should the people other
than the experts be told immediately, or only when a solutions has been found?
Should certain risks be run or not? Very specific codes have to be developed for the
decision makers. And allow me to mention that my corporation has started a response centre which is available for problems concerning viruses and security. It is
free of charge, for anyone, for any emergency. And this is our contribution to this
major objective, which we all share.
92
Da costo a risorsa - Attività produttive e protezione dei dati personali
New Privacy-Oriented Markets
Alejandra Gils Carbò
(1)
Contents: 1. Data protection in Latin America – 2. Argentinean Law has an adequate
level of protection – 3. International data transfer – 4. Privacy and economic crisis –
5. The costs of controlling compliance – 6. The credit reports -
1. Data protection in Latin America
In Latin America, the need to protect individual privacy from computerised
proccessing of information is an important subject. This is clear when you see that
the National Constitutions of Colombia, Perú, Guatemala, Venezuela, Ecuador,
Brazil, Paraguay and Argentina have upgraded the habeas data and the access to the
own data as a constitutional right. Besides, Argentina and Chile have passed special
laws for data protection, while Perú, Paraguay and Panamá have regulated the use
of credit reports.
When you think about Latin América, you must take into account that the interest in data protection is in direct relation to the educational level and the purchasing power of the population. People are unlikely to worry if the employer
checks how the employees use their computers, when unemployment rates are high
and there is more concern about finding a job or keeping it. On the other hand, the
poorer the technological development of a country is, the lower the interest to legislate on this subject.
Despite this, several Latin American states are working on bills of privacy.
However, in our view this effort will be worthless unless there is an agreement to set
forth uniform principles. In fact, the laws enacted by Chile, Paraguay, Perú and
Panamá so far, do not include a general framework about data protection rules
which can be considered as an adequate level of protection according to the standards of Directive 95/46, and for the Argentinean law, either.
2. Argentinean Law has an adequate level of protection
Recently, on October the third, this year, the Working Party of the European
Commission came to the conclusion that Argentina provides an adequate level of
protection for the international transfer of data. We were likely to be granted this
status because our data protection act follows closely follow the contents of the
(1) Procuraciòn general de la naciòn-Argentina
Alejandra Gils Carbò - New Privacy-Oriented Markets
93
Spanish law. This was a wise move of the legislators that fostered the bill, as they
had to bear during the five years of the parliamentary procedure, the pressure from
companies and public agencies that were relunctant to accept it, as the automated
data treatment had always been a free activity.
The opponents used to say that it was inconvenient in our environment to
rule a topic in full development; that a data protection act will increase costs and
hinder the growth of industries or services which are decisive for progress; that it
was an excess of rules and regulations. United States have not done it, why us?
Finally, other pressing reasons have prevailed.
1. Firstly, the purpose to protect people´s rights. The lack of rules has brought
about abuses that claimed action.
The amendment of the National Constitution in 1994 that introduced the
habeas data action as a fundamental right was not enough to protect people´s
rights due to the lack of provisions about the obligations of the controller and the
data subject´s rights.
2. The second reason to pass the law, was the prohibition to transfer personal data to countries which do not provide an adequate level of protection set forth
by the European Union. It provoked the concern about future conflicts in international business due the lack of regulation. That situation would be an obstacle to
our position in overseas markets.
3. International data transfer
One of the main problems that causes the enforcement of the Data Protection Act was the prohibition to transfer personal data to countries without an adequate legal protection. This prohibition we have included in our law plays an essential role to support the aim of the system because it is useless to state restrictions for the data treatment which can be broken by processing data in a neighbouring country.
Imagine, how this prohibition works in a country situated in a continent
where other countries – except Canada – have not passed data protection laws according to the European standards. What would happen in Mercosur? United
States companies in Argentina and the United States Embassy objected to this rule
from the beginning.
Finally, we have come to a solution set forth in the regulatory decree that was
considered appropriate to all actors. We introduced exceptions mentioned in Directive 95/46 of the European Commission, because the Argentinean law was excessively strict and did not admit any exceptions.
I am referring to the possibility of requesting the consent of the data subject
94
Da costo a risorsa - Attività produttive e protezione dei dati personali
for international transfer; and to the guidelines to assess what an adequate level of
protection means, including the option to consider codes of conduct and self regulation systems.
Besides, the international transfer of personal data does not require the previous authorization of the controlling body, because this would be hindering commercial relationship among Latin American countries. Instead of that, we emphasize the accountability of the controller who makes the communication of the data.
The responsible for the data file must examine the level of protection of the recipient country, and in case it is not adequate, he must ask for the data subject´s consent, or state contractual clauses which introduce the adequate protection not provided in the law. Contractual clauses must establish the responsibility of the recipient for the unlawful use of the communicated data.
4. Privacy and economic crisis
I have been asked about what happens to privacy in a country like Argentina
undergoing its worst economic crisis.
Is privacy an essential cost for business? or when it comes to spending cuts privacy policies are sacrificed to improve benefits?
We can approach this issue in this way. Many people wonder: Was there any
human life before the mobile phone?
I mean, when people have introduced a device of comfort, they are unlikely to
accept to do without it.
Therefore, the demand of consumers in relation to privacy has not fallen
down. Otherwise it has increased as well as the invasive power of technology, even
during an economic crisis.
Recession encourages competition and creativity. Companies have no choice
but to turn the problem into an opportunity.
The opportunity to provide a better service:
- offering a new product: the respect for privacy as a quality feature;
- taking into account that the customer´s protection is cheaper than the bad
image;
- besides, privacy policies reduce “litigation risk” and prevent fines.
The companies were the first to adopt the new regulation: who dare to sign a
contract with somebody that breaks the law?
5. The cost of controlling compliance
Another important subject is to determine the public cost for controlling the
Alejandra Gils Carbò - New Privacy-Oriented Markets
95
compliance with data protection provisions. Countries with budget restrictions
must make the most of their infrastructure.
We have to resort to several options:
The prosecution of crimes established in the data protection act, carried out
by prosecutors, has made a great dissuasive impact and it enables to take advantage
of the judicial system and the aid of cybercrime investigation office of the police
division.
In the Argentina the unlawful access to databases and the violations to confidentiality and security of personal data are punished by criminal law. Thus, we prosecute the “insiders”: the unfaithful employee, the civil servant that sells information
of public files.
Many times, paying a fine – which is not significant in case of insolvency – is
not the same as seeing the police car parked in front of your house.
On some occasions, we solve the limited resources by notifying the Internet
service provider that someone is making an illegal activity on a website. Provider has
solvency, and respond jointly for the violation of the law when he has taken knowledge of it. The provider´s decision to close the service turns out to be more effective than a court order.
We have the habeas data, a typical Latin American judicial action, brief and
simple, to guarantee all the rights recognized in the Data Protection Act. Since the
law was passed there have been thousand of claims.
There exists an administrative controlling body, called la Dirección Nacional
de Protección de Datos Personales, which consists of the existing technical and human resources in the administration.
The controlling body collects taxes for the registration of databases, with the
exceptions provided for in favor of sectors which have passed codes of self-regulation, as an incentive.
The control of compliance with the codes of conduct is shared between the
controlling body and marketing associations.
6. The credit reports
Another point of concern for many consumers in Latin America is the credit
reports. In this framework, we have to admit that transparency for the banking and
financial system takes priority over privacy.
The basic problem is the low average of the population which is inserted in the
banking system. So, to make credit reports useful, we include information about trials, which is difficult to keep update. This happens because courts register the beggining of the judicial procedure, but not the conclusion.
96
Da costo a risorsa - Attività produttive e protezione dei dati personali
Therefore the debtor must be in charge of updating data, by notifying the
provider of credit information services of the payments or the sentence rejecting the
action, so as to remove his name form the defaulter list.
The provision of credit reports is considered of public interest by the State authorities because.
They compel the payment of obligations;
They eveal the defaulters who used to protect themselves behind anonymity;
They enable insecured credits.
And, as the bankers say, though I do not believe them, they reduce the interest rates.
In conclusion, I want to point out that this is the opportunity to advance conversations with Latin American states, because there is concern about the increasing
collection of information for the sake of security and market´s interest.
The myth of a dream society that inspired the utopias of Platon and Saint
Thomas More was set aside by the antiutopias of Orwell and Huxley, who have
changed those optimist versions to show that the quest for perfection in social control destroys self-determination and freedom.
If humanity forget about its writers, it will have forgotten itself.
Alejandra Gils Carbò - New Privacy-Oriented Markets
97
New Privacy-Oriented Markets. Direct Marketing in Hungary
Attila Péterfalvi(1)
Contents: 1. Mail Marketing – 2. Telemarketing - 3. E-mail marketing
1. Mail Marketing
In the beginning of the nineties, the direct marketing companies were new actors in the Hungarian economic life. After the Hungarian Parliament adopted the
Act on Data Protection and Freedom of Information (hereinafter: Data Protection
Act) their activity - processing personal data and using it for marketing purposes
without the consent of the data subject - became illegal. Of course the direct marketing lobby tried to create the legal background of their data processing, but till
1995 there was not legal way to collect and use personal data for marketing purposes except with the expressed consent of the data subject.
In 1995 the Parliament adopted the Act On the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing - the law which
laid the groundwork for the practice of direct marketing (hereinafter: Direct Marketing Act). According to this Act, direct marketing companies (and research companies which are also under of this Act’s operation) may use only the name and address information and information concerning the interest of their customers. It follows from this disposition that under the Direct Marketing Act only the “traditional” mail marketing is legal and the rules of this Act do not apply to other ways of
direct marketing.
According to the Act companies can use the data of their former customers
(those who get in contact with the company on their own for example answering
for a promotion campaign), and they can collect name and address information
from public registers (for example phone book). It is also allowed to forward data
from one company to another if the data subject did not forbid it after being informed. That means that the direct marketing companies do not need the expressed
consent of the data subject; as a Hungarian proverb says: in this case silence gives
consent. The fourth legal source of names and addresses for direct marketing purposes is the Central Data Processing, Records and Electoral Office which is the
largest state register in Hungary containing every citizen’s data. The companies can
not ask for individual data, they can ask for arranged lists. According to the relevant
ministerial decree the price per data is between two and twenty five Eurocents - de(1) Data protection and Freedom of Information Commissioner-Hungary
98
Da costo a risorsa - Attività produttive e protezione dei dati personali
pending on the amount of the required data.
Many citizens complain about this kind of data processing. The Act on the
Name and Address Records of Citizens (hereinafter: Records Act) makes it possible
for citizens to block their data with the Central Office, preventing the Office from
further disclosure of the information except to authorised bodies and in cases and
for purposes expressly required by law. But citizens are not informed of this option
and although many of them complain about forwarding their data to direct marketing companies only a few of them - less than one percent - blocked their data.
In case of infants this rights accrues to the parents, but the block was not effective unless the parents were quicker than the direct marketing companies. This situation was often criticised by the former Data Protection Commissioner and in 1999
the Records Act was amended. Now the request for data by direct marketing companies is declined for ninety days after the baby’s data were filed with the Registrar.
The Direct Marketing Act contains many regulation to protect the right to the
protection of personal data. The citizens has the right to ask to erase their data and
also has the right to require information about the way of data processing. As companies may collect data without the knowledge of citizens it is essential to inform
them at the first time when the company gets in contact with its prospective customers. So the Act obliges the companies to inform the data subject about the
source of the data, the purpose, way and duration of the data processing, the name
and address of data processor. The data subject also has to be informed about the
right to ask for erasing the data (actually, the information is not erased but switched
to a so-called blocked list or Robinson list, which helps to screen the names of persons who have blocked data out of any new lists). The mails of direct marketing
companies not always contain this information - and it is also, apart from the fact
that it violates the law, a source of complaints.
The other question about erasing concerns technical data processing. The
biggest Hungarian direct marketing company - actually, one of the biggest International direct marketing companies - used to send more than two hundred thousands
letters at each campaign. The technical data processing - printing the letters, envelopes, posting them - takes several weeks. Many citizens complained that after
they asked the company to erase their records they got materials for weeks - sometimes for months. At this case I called the company’s attention to the strict rules:
according to the Data Protection Act after the citizen asked for erasing it is illegal if
the data processor or the technical data processor process the data. However, it must
be understood that it is impossible to follow the rules in such cases so three or four
weeks for erasing the data is acceptable.
Attila Péterfalvi - New Privacy-Oriented Markets. Direct Marketing in Hungary
99
2. Telemarketing
The Direct Marketing Act can not be used for telemarketing as it allows to use
phone books only to collect name and address information and not for calling the
citizens. So strictly speaking telemarketing was illegal without the consent of the data subject. Due to the fact that after the Direct Marketing Act was adopted telemarketing was a very common business in Hungary the Data Protection Commissioner did not consider it as illegal but asked the companies to apply the rules of the Direct Marketing Act as appropriate.
The direct marketing companies had to wait three years after the Data Protection Act was adopted - for the legal groundwork of telemarketing they had to wait
nine years. The Hungarian parliament adopted the Act on Communications in
2001, and this Act contains three rules for telemarketing.
First of all the Act says that each telephone subscriber shall have the right to
require the service provider to state in the telephone books that his/her personal data may not be used for the purposes of direct marketing. So mail marketing and
telemarketing companies must not use the data of those who has this kind of statement in the telephone book. All the other names and addresses can be used for mail
marketing and also for telemarketing - with two exceptions.
Automated calling system free of any human intervention can be used for direct marketing purposes only with the consent of the subscriber, so the telemarketer
must have the expressed consent before using such kind of calling system - but the
preliminary consent is needed only for using automated calling system. On the other hand no announcement serving the purposes of direct marketing may be forwarded to a subscriber, by telephone or through other telecommunications method,
who has declared that he/she does not wish to receive any publicity matter.
The problem with this Act is its conciseness. The telemarketing companies
work with public telephone books and if they want to keep the Act they have to
keep a record of those who made the above mentioned declaration - this is similar
to or the same as the blocked list or Robinson list in the Direct Marketing Act. This
kind of list is also a data processing so the data processor - in this case the telemarketing company - must have a permission by law to keep this register. But the Communications Act does not contain any rule concerning this question. But as keeping the blocked list or Robinson list is the only way to keep the law, the Telemarketing companies must have it.
3. E-mail marketing
The problem with the e-mail marketing was the same as with the telemarketing: there were not any regulations concerning this way of direct marketing. In 2001
100
Da costo a risorsa - Attività produttive e protezione dei dati personali
- after the Communications Act - the Parliament adopted the Act on the Issues of
Electronic Commercial Services and Services Connected with the Information Society. This Act clarifies that the addressee’s consent is needed to send advertisement or
any marketing matter using electronic mails. The marketer has to keep a register of
those who gave their consent and only this register can be used for marketing purposes. It must be written in every mail that the addressee has the right to forbid to
use his/her mailing address for direct marketing purposes. So in contrast to the Communications Act this Act requires the preliminary consent of data subject.
Mention must be made of the circumstance that the Communications Act applies to direct (commercial) marketing, the Electronic Commercial Act to every
kind of marketing. That’s why it was a violation of this Act that political parties sent
campaign materials via e-mail without the addressee’s consent during the Electoral
Campaign before the Parliamentary Elections this April. Political marketing is also
a marketing so parties must keep the rules of the Electronic Commercial Act.
Finally, it must be underlined that the Direct Marketing Act only applies to the
use of the name address of persons. So the names and addresses of companies, offices, etc. can be used for direct marketing almost without limits. On the other hand
the Communications Act applies to every subscriber and also the Electronic Commercial Act applies to every addressee – so everyone, not only private individuals.
Attila Péterfalvi - New Privacy-Oriented Markets. Direct Marketing in Hungary
101
Contributi
S ESSIONE II
P RIVAC Y E I MPRESA
Sessione II – Privacy e Impresa
Quale privacy?
Mauro Paissan (1)
Sommario: 1. La globalizzazione dei diritti – 2. Codici di condotta, nuove tecnologie e
regole multinazionali – 3. La tutela dei dati personali all’interno dell’impresa: in particolare i dati dei lavoratori
1. La globalizzazione dei diritti
La sessione che sono chiamato a coordinare, caratterizzata da una pluralità eterogenea di sollecitazioni sull’uso delle informazioni personali nell’attività di impresa, muove da un interrogativo: “quale privacy?”.
La nostra attenzione viene dunque indirizzata verso le modalità con le quali
può trovare compiuta tutela il diritto alla protezione dei dati personali. Si riconosce, così, se non altro implicitamente, non voglio dire la non effettività ma almeno
la non esaustività del ricorso ai tradizionali strumenti di protezione dei dati riconosciuti in capo all’interessato (accesso, rettifica, cancellazione etc.), che si sono aggiunti ai rimedi classici – a presidio dei diritti della personalità – rappresentati dal
risarcimento del danno e dall’inibitoria.
In questa cornice si giustificano gli interventi successivi aventi ad oggetto da un
lato i codici di condotta e, dall’altro, le così dette privacy enhancing technologies
(PETs), ovvero le tecnologie informatiche in grado di incrementare la privacy, come
i sistemi crittografici per la posta elettronica o i sistemi per navigare in rete in modo anonimo.
Da questo punto di vista, allora, il nostro dibattito presenta una connessione
diretta con talune delle conclusioni della conferenza internazionale sullo stato di attuazione della Direttiva 95/46/CE svoltasi presso la Commissione europea a Bruxelles circa due mesi fa(2).
Ma questa linea di ideale continuità che ho voluto tracciare per dare ragione
della natura internazionale della nostra Conferenza (i problemi sono ormai tutti so(1) Componente Garante per la protezione dei dati personali - Italia
(2) V. i diversi contributi alla Conferenza di Bruxelles resi pubblici in http://europa.eu.int/comm/internal_market/en/dataprot/lawreport/index.htm.
Mauro Paissan - Quale privacy?
105
pranazionali), ha radici più profonde: essa intende rappresentare l’ulteriore svolgimento del messaggio che il Garante volle condensare nel titolo della Conferenza di
Venezia del 2000: One World, One Privacy. Si tratta di uno slogan ancora attuale nel
reclamare, a fianco della libera circolazione delle informazioni nell’economia globalizzata, la non separabile globalizzazione dei diritti: per quanto ci riguarda, della dignità della persona attraverso il trattamento dei dati personali che ad essa si riferiscono. Intenti non diversi, del resto, erano presenti nel convegno organizzato nel
settembre 2001 a Kiel dal Garante dello Schleswig-Holstein, nel contesto della Sommerakademie, con il titolo Datenschutz als Wettbewerbsvorteil (3).
Queste giornate di studio romane si inseriscono, stavolta guardando al futuro,
nell’itinerario verso l’imminente World Summit sulla società dell’informazione previsto per l’anno prossimo(4), rispetto al quale le conclusioni dei vertici regionali, ed
in particolare di quello paneuropeo di Bucharest(5), sembrano non aver tenuto in debito conto le fondate preoccupazioni dei cittadini e le loro legittime aspettative a
non divenire puro strumento dell’evoluzione tecnologica o merce del processo produttivo che la incorpora.
In questo senso, va allora rettamente posto, in termini di auspicabile alleanza,
il rapporto intercorrente tra iniziativa economica e diritti fondamentali. Se parlassimo invece di funzionalizzazione di questi ultimi alla prima, ci collocheremmo, per
quanto attiene all’ordinamento italiano, in linea di rottura rispetto alla cornice definita dalla nostra Carta costituzionale agli articoli 2 (“La Repubblica riconosce e garantisce i diritti inviolabili dell’uomo…”) e 41 (“L’iniziativa economica privata è libera. Non può svolgersi in contrasto con l’utilità sociale o in modo da recare danno alla sicurezza, alla libertà, alla dignità umana”).
2. Codici di condotta, nuove tecnologie e regole multinazionali
La ricordata Conferenza di Bruxelles ha affermato l’inopportunità di una revisione del testo della direttiva del 95 sulla privacy. Non sono dunque messi in dubbio i principi cardine della protezione dei dati, che risalgono alle linee guida dell’Ocse(6) e alla Convenzione del Consiglio d’Europa del 1981, e che potranno tro(3) Gli atti del Convegno possono essere letti in H. Bäumler – A.v. Mutius (a cura di), Datenschutz als Wettbewerbsvorteil –
Privacy sells: Mit modernen Datenschutzkomponenten Erfolg beim Kunden, Braunschweig – Wiesbaden, 2002.
(4) Un’agenda completa delle attività preparatorie si può trovare in http://www.itu.int/wsis/index.html.
(5) “The Bucharest Declaration” può essere consultata in http://www.itu.int/wsis/events/bucharest.html; v. pure la “Declaration of the Bishkek-Moscow Conference on the Information Society”, in http://www.itu.int/wsis/events/bishkek.html.
(6) Oecd, Recommendation Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data,
adottato dall’Ocse il 23 settembre 1980 (Oecd Privacy Guidelines), Doc. C 58 final del 1° ottobre 1981; l’attuale validità dei
principi contenuti nelle Guidelines è stata ribadita, anche con riguardo alle reti telematiche, dall’Ocse: cfr. Ministerial Declaration on the Protection of Privacy on Global Networks, Ottawa, 7-9 October 1998, p. 4 (DSTI/ICCP/REG(98)10/FINAL).
106
Da costo a risorsa - Attività produttive e protezione dei dati personali
vare più alto ed esplicito riconoscimento una volta definito il ruolo della Carta dei
diritti fondamentali dell’Unione europea (art. 8)(7).
Si sono registrate, tuttavia, istanze volte all’individuazione di modalità dirette
a migliorare l’uniforme applicazione dei principi della Direttiva nei singoli Paesi
membri dell’Ue, anche attraverso la ricerca di approcci più pragmatici e con la semplificazione del quadro normativo, garantendo comunque le libertà dei cittadini,
dei quali ancora basso è il livello di consapevolezza dei diritti loro attribuiti e delle
modalità di esercizio degli stessi.
Tra le misure volte ad incrementare l’effettività delle discipline di protezione dei
dati, come anticipato, si sono menzionati sia i codici deontologici sia le PETs. A proposito di queste ultime va tuttavia rilevato che, al di là della precisa individuazione
del loro contenuto e della loro effettiva idoneità a ridurre l’impatto sulla privacy, se
ne è denunciata la modesta diffusione e la difficoltosa introduzione nel mercato.
Si tratta di elementi dei quali occorre farsi carico se non si vuol perdere il contatto con la realtà, specie in presenza della crescente diffusione di tecnologie che – procedendo in senso opposto – consentono ad esempio il datamining, ovvero l’estrazione
e la successiva elaborazione di dati personali reperiti in diversi database o in rete.
Ulteriore strumento per rendere più “appetibile” o, rimanendo in contesto, più
“digeribile” le discipline di protezione dei dati sono i codici di deontologia e di buona condotta(8): anche nell’ordinamento italiano, e segnatamente nel settore della
protezione dei dati, essi stanno trovando progressiva accettazione(9).
Tutti ne conosciamo i vantaggi, in termini di maggiore prossimità rispetto alle
specifiche problematiche delle categorie interessate. Ma non possiamo sottacere le difficoltà che talora si presentano, anzitutto nell’individuazione dei soggetti effettivamente rappresentativi degli interessi in gioco; compito pressoché impossibile quando
le ricadute sono su una platea indistinta di soggetti o quando gli interessi implicati richiedono un’attività che oltrepassa la mera competenza tecnica per debordare in valutazioni di politica del diritto che non possono che essere rimesse al Parlamento.
Ma di regole frutto dell’autonomia privata, ed in questo senso assimilabili ai
codici di buona condotta, sempre più si va parlando quale tecnica ulteriore per superare uno dei problemi maggiormente avvertiti dall’impresa che, nel mercato globalizzato, si articola in più sedi dislocate nelle parti più disparate della terra: si trat(7) V. http://www.europarl.eu.int/charter/default_en.htm.
(8) Un’utile trattazione è stata offerta da C.D. Raab, Effective self regulation – genuine protection or a contradiction in terms?,
Paper prepared for the 24th International Conference of Data Protection and Privacy Commissioners, Cardiff, 9-11 September 2002.
(9) Codice di deontologia relativo al trattamento dei dati personali nell’esercizio dell’attività giornalistica ai sensi dell’art. 25 della legge 31 dicembre 1996, n. 675, adottato con provvedimento del 29 luglio 1998; Codice di deontologia e di buona condotta
per i trattamenti di dati personali per scopi storici, adottato con provvedimento del 14 marzo 2001. Codice di deontologia e di
buona condotta per i trattamenti di dati personali a scopi statistici e di ricerca scientifica effettuati nell’ambito del sistema statistico nazionale, adottato con provvedimento del 31 luglio 2002 .
Mauro Paissan - Quale privacy?
107
ta della disciplina volta a regolare il flusso transfrontaliero di dati personali dall’Europa verso Paesi terzi che non offrano un livello adeguato di protezione dei dati personali. E’ un tema che lascio agli ospiti stranieri. Mi limito a ricordare che la Commissione europea e le Autorità nazionali di garanzia, anche operando in modo cooperativo all’interno del “Gruppo articolo 29”, hanno realizzato sforzi rilevantissimi per coniugare le esigenze del mercato, consentendo la libera circolazione dei dati personali attraverso gli strumenti, pur diversi, del Safe Harbor (10) e delle “clausole contrattuali standard”(11); strumenti che, pur attenuando le possibilità di controllo sulle modalità di trattamento dei dati al di fuori dell’Europa, non le elidono.
Questa preoccupazione è, invece, più difficile da dissipare rispetto a tecniche contrattuali diverse che consentano una libera circolazione, all’interno delle multinazionali, di dati personali provenienti dall’Unione europea.
3. La tutela dei dati personali all’interno dell’impresa: in particolare i dati
dei lavoratori
Se quanto appena descritto attiene allo svolgersi dell’attività economica dell’impresa verso l’esterno, non possiamo dimenticare gli aspetti, altrettanto rilevanti,
della definizione delle regole di circolazione delle informazioni all’interno dell’impresa. Pensiamo al flusso informativo nei processi gestionali e organizzativi, ai problemi posti dalle reti Intranet e, segnatamente, al tema dei dati nel contesto del rapporto di lavoro. Qualche osservazione su quest’ultimo aspetto. Non si tratta di tema nuovo e, con riguardo all’ordinamento italiano, è stato affrontato ormai molto
tempo fa con lo Statuto dei lavoratori(12), che riconosce garanzie per il lavoratore e
per la vita privata dello stesso.
Ma l’introduzione massiva delle tecnologie dell’informazione nel processo produttivo e nell’organizzazione aziendale ha modificato il quadro: la materia dei controlli della posta elettronica e della navigazione in Internet è, da questo punto di vista, solo la punta di un iceberg. Ad esse bisogna associare altre problematiche, non
meno rilevanti, che abbracciano un arco temporale assai ampio, che parte fin dalla
fase precedente all’instaurazione del rapporto di lavoro, con l’assunzione di informazioni personali sul candidato-lavoratore; si aggiungano poi le informazioni raccolte
nel corso del rapporto lavorativo, con le metodologie più varie (anche ricorrendo al(10) Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions
issued by the US Department of Commerce; v. anche il sito dedicato dall’US Department of Commerce al Safe Harbor in
http://www.export.gov/safeharbor/.
(11) Vedi le decisioni della Commissione europea in: http://www.europa.eu.int/comm/internal_market/en/dataprot/modelcontracts/index.htm .
(12) L. 20 maggio 1970, n. 300.
108
Da costo a risorsa - Attività produttive e protezione dei dati personali
l’uso di test), e il problema della loro tipologia. Si pensi, solo per fare qualche esempio, ai cosiddetti dati valutativi, ai dati genetici (la cui raccolta può tradursi in fonte
di grave discriminazione), ai test antidroga, antialcool e antifumo, ai badge attivi che
consentono l’individuazione della collocazione geografica del dipendente, al controllo delle voice-mail e dei computer. Per non parlare della videosorveglianza.
È un tema caldo in molti paesi. Le Autorità di garanzia sono intervenute a più
riprese e le stesse tematiche hanno formato oggetto di riflessione da parte del
“Gruppo art. 29”(13).
Le autorità di garanzia europee vengono sollecitate a pronunciarsi in materia.
Le preoccupazioni al riguardo sono reali e non riducibili ad un “chiodo fisso” degli
esperti di protezione dei dati: chi ne volesse conferma non avrebbe che da scorrere
le pagine della recentissima Comunicazione della Commissione europea intitolata
Second stage consultation of social partners on the protection of workers’ personal data,
nella quale si prefigura l’emanazione di una Direttiva in materia(14).
Il tema è spinoso e non sono praticabili soluzioni semplicistiche. Riguardo, ad
esempio, alle e-mail inviate e ricevute da un lavoratore sul computer aziendale, è in
gioco il diritto inalienabile alla segretezza della corrispondenza al quale viene talvolta contrapposto il diritto di proprietà dell’imprenditore sugli strumenti di lavoro aziendali. Ma la difficoltà del tema non ci esime dalla necessità e dall’urgenza di
un dibattito aperto tra i soggetti sociali coinvolti e la cultura giuridica e scientifica.
Una necessità che segnalo al mondo delle imprese, che troppo spesso preferiscono
rimuovere il problema e operare per vie di fatto; al mondo sindacale, incomprensibilmente disattento, forse anche perché i lavoratori maggiormente coinvolti sono
meno rappresentati dalle organizzazioni sindacali; e al mondo del diritto, la cui elaborazione al riguardo è ancora lontana dalle attese.
Una maggiore attenzione e sensibilità su questo tema da parte dei soggetti sociali e della cultura giuridica e scientifica renderebbe più agevole anche la nostra attività istituzionale.
(13) V. Working document on the surveillance of electronic communications in the workplace, 29 May 2002, DG
MARKT/5401/01, WP 55; Opinion 8/2001 on the processing of personal data in the employment context, 13 September
2001, DG MARKT 5062/01, WP 48; Recommendation 1/2001 on Employee Evaluation Data, 22 March 2001, DG
MARKT 5008/01, WP 42.
(14) La comunicazione, dell’ottobre 2002, è consultabile in: http://europa.eu.int/comm/employment_social/soc-dial/labour/dataprot_en.pdf
Mauro Paissan - Quale privacy?
109
What Privacy?
Mauro Paissan (1)
Contents: 1. Globalising Rights – 2. Codes of Conduct New Technologies and Multinational Rules – 3. Personal Data Protection inside Businesses, with Particular Regard to
Employee Data
I. Globalising Rights
The Session I have the task of coordinating includes multifarious issues related to the use of personal information in connection with business activities; its
starting point appears to be a question, i.e. what privacy?
Our attention must therefore focus on the manner in which the right to personal data protection can be fully safeguarded. This means that it is acknowledged
– at least implicitly – that the traditional data protection tools made available to data subjects (access, rectification, cancellation, etc.) in addition to time-honoured
remedies to safeguard individual rights (compensatory damages, prohibition orders)
are, though not ineffective, at least non-exhaustive ineffective.
The presentations we will shortly be listening to should be considered against
this background. They will address, on the one hand, codes of conduct and, on the
other hand, the so-called Privacy Enhancing Technologies (PETs), that is to say the
computer-based techniques capable to enhance privacy - such as cryptography systems for e-mail or anonymous browsing systems.
From this viewpoint, our meeting is directly related to some of the conclusions
drawn on the occasion of the international conference on implementation of Directive 95/46/EC, which took place at the European Commission in Brussels about
two months ago.(2)
However, this continuity I pointed to in order to account for the international character of our conference – indeed, nowadays all issues are supranational in nature – has deeper roots. It is meant to be the furtherance of the message summarised
by the Italian data protection authority in the title of the Venice Conference in
2000 – i.e. One World, One Privacy. This motto retains its validity as it calls for, on
the one hand, the free flow of information in the globalised economy and, on the
other hand, the ineliminable globalisation of rights – which means, as far as we are
concerned, globalising the dignity of individuals by means of the processing of the
(1) Member. Italian Data Protection Authority
(2) See the various contributions published at http://europa.eu.int/comm/internal_market/en/dataprot/lawreport/index.htm .
110
Da costo a risorsa - Attività produttive e protezione dei dati personali
personal data concerning them. No different targets were actually envisaged in connection with the conference organised by the Schleswig-Holstein supervisory authority in Kiel, in September 2001, within the framework of the Sommerakademie
– its title being Datenschutz als Wettbewerbsvorteil.(3)
This Roman workshop is a station on the road leading to the forthcoming
World Summit of the Information Society, which is scheduled for the next year(4);
in this regard, the conclusions reached by regional meetings, in particular the panEuropean meeting of Bucharest(5), would appear not to have taken duly into account
the well-grounded concerns expressed by citizens and their legitimate expectation
not to become merely tools of technological development or else commodities in
the production process incorporating that development.
In this context, establishment of a relationship between economic enterprise
and fundamental rights is definitely desirable to the extent that it can become an alliance. However, should we regard fundamental rights as instrumental to economic enterprise, we would go against the grain of our Constitution – whose Article 2
states that “The Republic recognises and guarantees the inviolable rights of
man…”, whilst under Article 41 “Private economic enterprise shall be free. It shall
not be carried out against the common good, or in a way that may harm security,
freedom and human dignity”.
2. Codes of Conduct, New Technologies and Multinational Rules
During the abovementioned Brussels Conference, revision of the 1995 directive on privacy was found to be inappropriate. Therefore, the basic data protection
principles have not been questioned so far – such principles dating back to the
OECD Guidelines(6) as well as to the Council of Europe Convention of 1981; it is
expected that they will be recognised at the highest level once the role of the Charter of Fundamental Rights of the EU (Article 8) is clarified.(7)
However, the request was made to identify approaches that could enhance harmonised application of the principles laid down in the Directive in the individual
(3) The Conference proceedings are available in H. Bäumler – A.v. Mutius (eds.), Datenschutz als Wettbewerbsvorteil – Privacy sells: Mit modernen Datenschutzkomponenten Erfolg beim Kunden, Braunschweig – Wiesbaden, 2002.
(4) A full agenda of the preparatory activities can be found at http://www.itu.int/wsis/index.html.
(5) “The Bucharest Declaration” is available at http://www.itu.int/wsis/events/bucharest.html; see also the “Declaration of the
Bishkek-Moscow Conference on the Information Society”, at http://www.itu.int/wsis/events/bishkek.html.
(6) OECD, Recommendation Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, adopted by OECD on 23 September 1980 (OECD Privacy Guidelines), Doc. C 58 final of 1 October 1981; validity of
the principles set forth in the Guidelines was recently re-affirmed by OECD also with regard to computerised networks: see
Ministerial Declaration on the Protection of Privacy on Global Networks, Ottawa, 7-9 October 1998, p. 4
(DSTI/ICCP/REG(98)10/FINAL).
(7) See http://www.europarl.eu.int/charter/default_en.htm.
Mauro Paissan - What Privacy?
111
EU Member States – also by developing more pragmatic approaches and simplifying the regulatory framework, without prejudice to citizens’ freedoms. Indeed, citizens are often poorly aware of the rights they are entitled to as well as of the ways
in which they can exercise such rights.
Among the measures aimed at enhancing effectiveness of data protection provisions, reference was made both to codes of conduct and to PETs. As to the latter,
it should be stressed that, apart from precisely identifying their contents and establishing whether they may be suitable to soften the impact on privacy, the limited
implementation experience and difficult marketability were highlighted.
These issues should be taken into account in order not to lose contact with reality, especially in connection with the growing use of technologies that allow, for
instance, data mining and/or extraction and processing of personal data from different databases and the network.
Additional tools to make data protection provisions more appealing – or
rather, more acceptable – are provided by codes of conduct and professional practice(8); they are being increasingly favoured in Italy’s legal system as well, with particular regard to data protection matters.(9)
We all are aware of their advantages in terms of their being closer to the specific issues that are to be coped with by the relevant categories. However, one should
not overlook the difficulties that sometimes arise – especially as regards identifying
the entities that actually represent the interests at stake. This task is as good as impossible if the effects of such instruments concern undifferentiated groups of entities, as well as whenever the interests at stake require activities that go beyond technical know-how and border on law policy issues that cannot but be left to Parliamentary discretion.
Still, applying rules that have been developed autonomously by private entities
– being similar, from this viewpoint, to codes of conduct – is increasingly being regarded as an additional tool to overcome one of the main sources of concern for
businesses, which nowadays are often established in several countries worldwide given the globalisation of markets. I am referring here to the provisions aimed at regulating transborder data flows from Europe to third countries, in which no adequate level of protection is available. I will leave this issue to our guest speakers. Let
(8) This issue was dealt effectively by C.D. Raab, Effective self regulation – genuine protection or a contradiction in terms?, Paper prepared for the 24th International Conference of Data Protection and Privacy Commissioners, Cardiff, 9-11 September 2002.
(9) Codice di deontologia relativo al trattamento dei dati personali nell’esercizio dell’attività giornalistica ai sensi dell’art. 25 della legge 31 dicembre 1996, n. 675, adottato con provvedimento del 29 luglio 1998; Codice di deontologia e di buona condotta per i trattamenti di dati personali per scopi storici, adottato con provvedimento del 14 marzo 2001. Codice di deontologia e
di buona condotta per i trattamenti di dati personali a scopi statistici e di ricerca scientifica effettuati nell’ambito del sistema statistico nazionale, adottato con provvedimento del 31 luglio 2002 .
112
Da costo a risorsa - Attività produttive e protezione dei dati personali
me only point out that the European Commission and the national supervisory authorities, also within the framework of the cooperation activities carried out by the
Article 29 Working Party, have made considerable efforts in order to meet market
requirements by allowing free movement of personal data through different tools
such as the Safe Harbor Agreement(10) and Standard Contractual Clauses(11). Although these tools reduce the opportunities for controlling data processing arrangements outside Europe, they do not eliminate such controls. Conversely, the latter
type of concern is more difficult to assuage as regards other contractual instruments
that might allow personal data originating from the EU to circulate freely inside
multinational companies.
3. Personal Data Protection inside Businesses, with Particular Regard to
Employee Data
Whilst the above considerations apply to businesses’ outward economic activities, reference should also be made to the equally important issues related to setting
out data circulation rules inside businesses. Only think of the information flows in
management and organisational processes, the issues related to Intranets and, in
particular, the processing of personal data in the employment context. The latter requires some additional considerations. It is no new topic, and it was addressed many
years ago as regards Italy – where the so-called workers’ statute was passed(12), an Act
setting forth safeguards for employees and their private life.
However, the massive introduction of information technologies into production processes and business organisation has changed the overall pattern. From this
viewpoint, e-mail and Internet access monitoring is merely the tip of an iceberg. To
this, other issues should be added that are of no smaller moment and relate to a
wide time span – starting from the recruitment phase, when personal information
on applicants is collected. Information is subsequently collected in the course of the
employment relationship by using the most different methods – including tests –
and with regard to many different categories of data. Only think, for instance, of
the so-called evaluation data, of genetic data – whose collection may entail serious
discrimination -, drug, alcohol and smoking tests, the active badges allowing employee geographic location and the monitoring of voice-mails and computers.
(10) Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions
issued by the US Department of Commerce; see also the web site of the US Department of Commerce at http://www.export.gov/safeharbor/.
(11) See the European Commission’s decisions at http://www.europa.eu.int/comm/internal_market/en/dataprot/modelcontracts/index.htm
(12) Act no. 300 of 20.05.1970.
Mauro Paissan - What Privacy?
113
Video surveillance should also be mentioned in this context.
These are hot issues in many countries. Supervisory authorities have repeatedly taken steps in this regard, and the same issues were addressed by the Article 29
Working Party.(13)
European data protection authorities have been urged to take stance in respect
of this subject matter. The underlying concerns are real and should not be dismissed
as the “obsession” of data protection experts. To confirm this, it would be enough
to leaf through the recent European Commission’s Communication on the “Second
Stage Consultation of Social Partners on the Protection of Workers’ Personal Data”,
where issuing of a Directive in this sector is envisaged.(14)
It is a thorny issue that is not amenable to simplistic solutions. For instance, as
regards e-mails sent and received by an employee via his/her office PC, the inalienable right to confidentiality of correspondence is at stake – which is sometimes opposed to the entrepreneur’s ownership right in respect of business worktools. Complexity of these issues does not make it less urgent and necessary to start an open
discussion between all the social partners and legal and scientific scholars. I would
like to highlight this requirement to businesses, which too often prefer to ignore
problems and make recourse to practical measures, trade unions, which are unaccountably paying little attention to these issues - partly perhaps because of the fact
that the employees that are most affected are those that are least represented in trade
unions - and to law scholars, who have not yet come up with suggestions that are
equal to the expectations.
Increased attention to and awareness of this issue by both social partners and
the legal and scientific world would also facilitate our institutional activities.,
(13) See Working document on the surveillance of electronic communications in the workplace, 29 May 2002, DG
MARKT/5401/01, WP 55; Opinion 8/2001 on the processing of personal data in the employment context, 13 September
2001, DG MARKT 5062/01, WP 48; Recommendation 1/2001 on Employee Evaluation Data, 22 March 2001, DG
MARKT 5008/01, WP 42.
(14) The Communication, published in October 2002, is available at http://europa.eu.int/comm/employment_social/socdial/labour/dataprot_en.pdf
114
Da costo a risorsa - Attività produttive e protezione dei dati personali
Mercato: trasparenza e privacy
Luigi Spaventa (1)
In linea di principio si potrebbe argomentare che io sono una controparte del
Garante per la privacy. Il motto dei regolatori dei mercati è infatti, o dovrebbe essere, quello del giudice Brandeis: sunlight is the best disinfectant. Se le informazioni
non vengono alla luce e non sono rese pubbliche il regolatore dei mercati finanziari si preoccupa e viene preso da pruriti sanzionatori. Cercherò di argomentare che
così non è e così non deve essere, cominciando da qualche constatazione di base.
Il regolatore dei mercati finanziari e degli emittenti parte dalla premessa che
l’investitore si trova in una posizione di endemica inferiorità: in gergo economico,
diciamo che si manifesta un problema di agency cost, di costo di agenzia: vi è un
principal, l’investitore, che affida i suoi soldi a soggetti che non conosce e non conoscerà mai; vi è un gestore, l’agent, i cui interessi non necessariamente (o se vogliamo essere pessimisti, raramente) coincidono con quelli dell’investitore. L’inferiorità dell’investitore a motivo di alcune cause che sono richiamate nella teoria economica: asimmetrie informative, perché ne sa molto meno del gestore del fondo, del
manager, dell’executive officer; incompletezza dei contratti che non possono prevedere tutte le possibilità da cui cautelarsi.
Il problema della protezione del risparmiatore si è posto, come tutti sanno, da
tanto tempo, e fu affrontato per la prima volta negli Stati Uniti con la legge del
1934. La protezione degli investitori, soprattutto sul versante societario, opera con
due strumenti. Anzitutto si devono offrire all’investitore rimedi legali e rimedi “di
voce”. I rimedi legali consistono nella possibilità di ottenere la protezione dei tribunali, contro i manager e gli amministratori sia per vere e proprie frodi o, nel caso
della giurisprudenza americana, per violazione del fiduciary duty o del duty of care.
I rimedi di voce mirano a dare ogni possibilità all’azionista di partecipare all’assemblea, di esprimersi, di votare. Non meno importante, o forse più importante, è consentire all’investitore di votare con il portafoglio, favorendo la sua possibilità di exit
dall’investimento. Per esercitare il diritto di exit (o di entry se vogliamo) è essenziale che il risparmiatore abbia ogni informazione possibile. Quindi l’informazione
piena e trasparente è una condizione necessaria per un funzionamento dei mercati
in cui si formino prezzi significativi e l’investitore non sia esposto a sorprese per circostanze che egli non conosce.
Naturalmente le società, gli emittenti tengono molto alla loro privacy. E ancor
più l’amano i manager delle società. E quindi le autorità di vigilanza sono in rotta
(1) Presidente Consob
Luigi Spaventa - Mercato: trasparenza e privacy
115
di collisione con questo comprensibile ma non ammissibile desiderio di privacy.
Quali informazioni non collidono con le regole di cui parlo e quali altre rischiano
di collidere? Certamente non si può ritenere che le informazioni che riguardano la
persona giuridica società possano collidere con esigenze di privacy. Quindi vi sono
ovunque delle regole molto precise riguardanti sia gli obblighi di informazione periodica nei financial reports che devono essere presentati a cadenze trimestrali, semestrali e annuali, sia l’informazione continua. Recentemente anche sull’informazione periodica si sono avuti degli sviluppi interessanti. Svegliandosi, il nuovo (e
già vecchio, perché se ne è già andato), chairman della Security Exchange della Commission, ha detto che un bilancio o le relazioni trimestrali o semestrali dovrebbero
consentire agli investitori di vedere la società “attraverso gli occhi del management”,
con ciò mettendo in dubbio che il gergo contabilese o giuridichese impiegati nei bilanci riescano a dare le informazioni richiesta dal risparmiatore. Per quanto riguarda l’informazione continua, vi sono delle differenze di definizione ordinamentale:
negli Stati Uniti si parla di material information, in Europa, a norma di direttiva, si
parla di price-sensitive information – ovvero di ogni informazione che possa avere influenza sui prezzi.
Vi sono almeno due punti per i quali possono cominciare a porsi dei problemi
di collisione con le regole di privacy. Il primo è l’imposizione di un obbligo agli amministratori di denunciare nei documenti di bilancio le remunerazioni che essi percepiscono e i benefici che essi ricevono dalla società. Perché questa richiesta da parte delle autorità di controllo? Perché si ritiene che gli azionisti debbano poter valutare se quanto (e solitamente non poco) essi pagano al manager e agli amministratori sia bene speso e al fine di dar conto di tutti altri meccanismi di remunerazione,
che non sono per così dire in busta paga, fra cui soprattutto le stock options. La seconda informazione, forse ancora più delicata, riguarda le negoziazioni che un amministratore di società compie sui titoli della società medesima. Tale informazione
è importante, perché l’amministratore possiede conoscenze sulla società che l’azionista non possiede. Da un lato occorre verificare che non vi siano episodi di insider
trading. Dall’altro quelle transazioni danno un’indicazione dell’atteggiamento del
management nei confronti della sua società. Rammento che, con il caso Enron si è
constatato che gli amministratori della settima società americana, alla vigilia del fallimento della medesima, avevano avuto utili per 600 milioni di dollari, vendendo le
azioni della propria società quando le quotazioni erano ancora alte: il che non ha
fatto una buona impressione. Né ha fatto una buona impressione aver scoperto che
l’amministratore di un’altra società, anch’essa ora in fallimento, si era arricchito o
aveva migliorato la sua vita comprando quadri da collezione a spese dell’azienda.
Questi sono i due punti di potenziale collisione con il Garante della privacy ma
solo potenziale. In attuazione del decreto legislativo 58/98 la Consob dispose l’ob-
116
Da costo a risorsa - Attività produttive e protezione dei dati personali
bligo di pubblicità dei compensi degli amministratori. Personaggi eminenti mi onorarono della loro visita per rappresentarmi che, ove avessero detto quanto guadagnavano, vi sarebbero stati pericoli di rapimento; o che la pubblicazione dei compensi avrebbe reso difficile le trattative sindacali. Fu eccepita la violazione della privacy, e, comunque, la illegittimità della disposizione. Queste istanze non hanno
avuto esito. Il Garante, infatti non ritenne che la pubblicazione dei compensi fosse
in violazione del diritto alla riservatezza. E anche il Tar, decise, che la Consob poteva imporre questo obbligo. Siamo grati al Garante per la sua decisione: grazie ad essa ora quei dati vengono correntemente pubblicati.
Il problema del insider dealing, ossia della negoziazione dei titoli della società
da parte di amministratori, è più complicato. La Consob non ha base legislativa per
imporne l’immediata comunicazione. Recentemente in un sussulto di innovazione,
il gestore del mercato, ossia la borsa, decise di imporre un obbligo di disclosure, inizialmente mensile e diventato poi trimestrale. Borsa chiese al Garante se era ad essa
consentito richiedere quelle informazioni. Ancora una volta il parere fu favorevole.
Mi pare dunque che mai vi è stata collisione fra gli interessi protetti dalla Consob e quelli protetti dal Garante. Il Garante, nei due casi che ho citato, ha ben compreso dove debba essere stabilito il limite della protezione dei dati personali, al fine
di non sacrificare altre esigenze.
In alcuni casi avviene che gli interessi siano perfettamente coincidenti: come
quando si viola la privacy per trarre profitti. Faccio un esempio frequente che riguarda la grande categoria dell’insider trading (abuso di informazioni privilegiate
previsto dall’articolo 180 del testo unico sull’intermediazione finanziaria). Entro
questa categoria il front running è una pratica temo molto diffusa: l’operatore che
ha notizie di un grosso ordine di un cliente, che può far salire o scendere il prezzo,
inserisce in anticipo un proprio ordine, per trarre beneficio della prevedibile variazione di prezzo. In questo caso l’operatore al tempo stesso viola in qualche modo gli
obblighi di riservatezza verso il cliente, viola norme di correttezza e commette il reato di abuso di informazioni privilegiate.
Né mi pare che vi sia violazione della privacy se, nel corso di indagini preliminari per l’insider trading o per manipolazione, si acquisiscono le registrazioni dei
traders (sovente molto divertenti, per l’uso libero, diciamo così, della lingua italiana
e per la franchezza di espressione).
Per finire, vi sono dei problemi che invece non sono di agevole soluzione. Una
delle più efficaci sanzioni in un mercato che funzioni è quella definita reputazionale: il mercato dovrebbe essere messo a conoscenza dei comportamenti scorretti o illegittimi di un soggetto, per trarne le conseguenze sull’affidabilità del soggetto medesimo. In Italia questa sanzione di mercato funziona poco. Ad esempio il volontario pagamento, dopo la contestazione, di una sanzione pecuniaria inferiore al mas-
Luigi Spaventa - Mercato: trasparenza e privacy
117
simo (l’oblazione, come dicono i giuristi) non solo estingue il procedimento sanzionatorio, ma impedisce anche la pubblicità, poichè solo l’irrogazione della sanzione può essere resa pubblica. Il mercato non ne saprà mai nulla; il soggetto ha la
possibilità di acquistare questo silenzio con il pagamento di una somma relativamente esigua. Non mi sembra un risultato ottimo.
Con questa notazione concludo e ringrazio per l’attenzione.
118
Da costo a risorsa - Attività produttive e protezione dei dati personali
Marketplace: Openness and Privacy
Luigi Spaventa (1)
In principle, one might argue that actually I am a counterpart of the Italian data protection authority. Indeed, the motto of market regulators is – or should be –
the one referred to by Justice Brandeis – i.e. sunlight is the best disinfectant. If the
information is not brought to light and made public, the regulator of financial markets gets worried and starts itching for punishments. I will try and show that this is
not and should not be the way things are, beginning from a few basic considerations.
Regulators of financial markets and issuers start from the assumption that investors are in an intrinsically inferior position; to use the economics jargon, one
might say that there is an agency cost issue: there is a principal, i.e. the investor,
committing his money to entities he does not and never will know; then there is a
manager, the agent, whose interests do not necessarily coincide – one might argue
pessimistically that they rarely do – with the investor’s ones. The investor’s inferiority is due to reasons that are referred to in economics theories, such as information
asymmetry – since he is definitely less familiar with these matters than the manager and/or the executive officer – and contractual gaps, since not all the dangers to
be averted can be envisaged.
The issue of protecting investors was raised long ago, as all of you know; indeed it was addressed for the first time in the Usa with the 1934 Act. Protection of
investors is based on two main tools, especially as regards companies. Firstly legal
and “voice” remedies should be made available to investors. Legal remedies consist
in the possibility to seek judicial protection against managers and directors both in
case of fraud and – as regards US case law – on account of breach of fiduciary duty or the so-called duty of care. Voice remedies are aimed at enabling shareholders
to the greatest possible extent to participate in the assembly, express their opinions
and cast their votes. Of no less importance, perhaps even more important, is providing investors with the possibility to vote with their wallets – by facilitating their
exiting from the investment. In order to exercise their exit rights – or their entry
rights, as the case may be -, it is fundamental for investors to be provided with all
possible information. Full, transparent information is therefore a prerequisite to ensure operation of markets in a way allowing significant prices to be generated and
preventing investors from being exposed to unexpected events on account of circumstances they are not aware of.
Obviously companies/issuers are quite keen on their privacy. Company man(1) President of CONSOB [Italian Authority Regulating the Securities Market]
Luigi Spaventa - Marketplace: Openness and Privacy
119
agers are actually even keener on this issue. Therefore, supervisory authorities are
bound to be on a collision course with this understandable, though not admissible,
desire for privacy. What information is not in conflict with the rules I have been
referring to, and what other information is in danger of being in conflict with
them? Certainly the information concerning companies as legal persons may not be
considered to be in conflict with privacy requirements. Therefore, there are everywhere quite detailed rules in place concerning the obligation both to regularly provide information via financial reports to be submitted at quarterly, six-month and
yearly intervals, and to provide continuous information. Interesting developments
took place recently also with regard to the provision of regular information. Waking up from his slumber, the new chairman of the Securities Exchange Commission – indeed, he should be referred to as the past chairman, since he has already
left his position – said that a balance sheet as well as quarterly or six-month reports
should allow investors to see a company “through management eyes”, which would
appear to question the capability of the accounting and legal jargon used in balance
sheets to supply the information requested by investors. As for the continuous information, there are differences related to the individual legal systems. In the Usa
reference is made to material information, whereas in Europe this should be – as
per the Directive – price-sensitive information, i.e. any kind of information possibly influencing prices.
There are at least two areas where there may arise a conflict with privacy regulations. A first one has to do with the obligation imposed on directors to disclose,
in accounting reports, their salaries and the benefits granted to them by their companies. Why has this been requested by supervisory authorities? Because it is considered that shareholders should be in a position to assess if what they pay to managers and directors – which is usually not negligible – is money well spent, as well
as in order to account for all other remuneration mechanisms that are not included
in pay-slips – including, above all, stock options. A second set of information,
which is perhaps even more sensitive, is related to the negotiations made by directors in respect of a company’s securities. This information is important because directors are in the possession of data that are not known to shareholders. On the one
hand it is necessary to check that no insider trading takes place. On the other hand,
those transactions provide clues to the stance taken by managers in respect of their
companies. Let me only remind you that, in connection with the Enron case, it was
found that the directors of the seventh-largest US company had managed to get 600
million dollars on the eve of the company’s winding up by selling their shares when
the quotations were still high – which definitely did not make a good impression.
Nor did it make a good impression when it was found that the director of another
company, currently wound up, had got richer – perhaps one should say that he had
120
Da costo a risorsa - Attività produttive e protezione dei dati personali
improved the quality of his life – by purchasing pictures at the company’s expense.
These are the two areas in which we are potentially on a collision course with
the Italian data protection authority – however, this is only a potentiality. In implementing legislative decree no. 58/98, Consob required that directors’ salaries
should be made public. Distinguished personages obliged me with their visit to explain that, by disclosing their salaries, they would run the risk of being kidnapped,
or that publishing their salaries would hinder negotiations with trade unions’ representatives. It was claimed that these provisions would be in breach of their privacy – at all events, that they were unlawful. These claims have had no consequences.
Indeed, the Italian data protection authority did not consider that disclosing directors’ salaries was against the right to privacy. The administrative court competent
for this subject matter also ruled that Consob was empowered to impose this obligation. We are grateful to the Italian Garante for its decision, which allowed those
data to be regularly published.
The insider dealing issue, i.e. the negotiation by directors of a company’s securities, is more complex. There is no legal basis allowing Consob to require this information to be immediately notified. Recently, the Stock Exchange authorities decided, in a sudden rush of innovation, to impose mandatory disclosure of this information firstly on a monthly, and thereafter on a quarterly basis. The Stock Exchange asked the Garante whether they were allowed to request such information;
once again, the Garante ruled that this was to be permitted.
Therefore, it seems to me that there has never been any collision between the
interests safeguarded by Consob and those protected by the Italian Garante. In both
cases I mentioned, the Garante clearly appreciated where the boundaries of personal data protection should be set in order not to jeopardise other requirements.
In other cases our interests happen to be the same – for instance, whenever privacy rules are infringed with a view to gain. Let me give you an example that has to
do with insider trading activities – what is termed “misuse of privileged information” under Section 180 of the Consolidated Statute on Financial Intermediation
Activities. In this context, the so-called front running is unfortunately quite common a practice. A broker knowing that a customer is going to place a major order,
which will cause prices to increase or decrease, enters his own order first to profit
from the expected price variation. In this case, the broker acts both in breach of his
confidentiality duties with regard to his customer and in breach of fairness rules,
and is also liable for the offence of misusing privileged information.
Nor do I believe that privacy is infringed if, during preliminary inquiries into
insider trading activities and/or manipulation, tapes of the traders’ conversations are
acquired – which are often quite amusing, given their – so to say – unconventional usage of the Italian language.
Luigi Spaventa - Marketplace: Openness and Privacy
121
To conclude, there are issues that cannot be solved that easily. One of the most
effective penalties in a functioning market is the reputational one – that is to say,
the market should be informed of any instance of unfair and/or unlawful conduct
by a given entity so as to draw the relevant conclusions as for that entity’s reliability. In Italy, this market-based punitive mechanism does not work properly. For instance, paying a fine voluntarily to an extent lower than the maximum amount not
only results into extinguishing the proceeding involving punitive sanctions, but also prevents disclosing the relevant circumstances - since only imposition of a punishment may be disclosed. Therefore, the market will never be informed of this occurrence. The entity concerned is enabled to purchase this silence by paying a comparatively small sum. I would not regard this as an excellent achievement.
This was my last remark. Many thanks for your attention.
122
Da costo a risorsa - Attività produttive e protezione dei dati personali
The Impact of Privacy Policies on Business Processes
Martin Abrams (1)
(1) Center for Information Policy Leadership - Usa
Martin Abrams - The Impact of Privacy Policies on Business Processes
123
124
Da costo a risorsa - Attività produttive e protezione dei dati personali
Martin Abrams - The Impact of Privacy Policies on Business Processes
125
126
Da costo a risorsa - Attività produttive e protezione dei dati personali
Martin Abrams - The Impact of Privacy Policies on Business Processes
127
128
Da costo a risorsa - Attività produttive e protezione dei dati personali
Martin Abrams - The Impact of Privacy Policies on Business Processes
129
130
Da costo a risorsa - Attività produttive e protezione dei dati personali
Does Business Need In-House Self-Regulation?
A self-regulatory approach taking as an example
the data protection policy of the DaimlerChrysler AG
Alfred Büllesbach(1)
I. Introduction
The continuing development of our information society changes the way of doing business. Computer networks have been developed from proprietary and regional systems to open and global infrastructures, services that were separated until
now have been developed into multimedia applications(2) and information technology allows interaction between software components based on various platforms. This
development promotes a worldwide exchange of goods and services which leads to
the consequence that competition becomes more and more a global challenge.
The more modern information and communication technologies are used for
various purposes, the more data are accumulated which increases the possibilities of
matching and processing personal data collected in different connections. This development leads simultaneously to a raise of the potential risks of fraudulent use of
data which might adversely affect the privacy rights of data subjects. The classic
risks of unauthorized access, data loss, data manipulation, data theft and computer
crime are omnipresent, especially within the framework of global networking, cooperation and diverse use of public networks.
These potential risks for the privacy rights of data subjects become more and
more subject of public discussions which leads at the same time to a raise of the concerns of consumers and contracting partners regarding the collection and use of their
personal data by companies. Due to this increased sensitivity the handling of personal data becomes an important aspect in the course of choosing one’s business partner.
Therefore, the development and integration of appropriate data security and
data protection concepts in products and services is crucial for companies acting in
global markets. In designing data protection and security concepts, companies have
to consider legal as well as technological methods and instruments.
II. Tendencies of the worldwide privacy legislation
Overall, increasing activities in enacting data protection laws can be observed.
(1) Chief Officer Corporate Data Protection Daimler Crysler - Germany
(2) Büllesbach, Konvergenz durch Standardisierung und Selbstregulierung, in DGRI Jahrestagung 2001, forthcoming; Holznagel, Konvergenz der Medien, in DGRI Jahrestagung 2001, forthcoming.
Alfred Büllesbach - Does Business need In-House Self-Regulation?
131
Due to the lack of a globally competent legislator, worldwide acting companies have
to cope with different legal requirements laid down by national lawmakers.
Especially, in Asian countries there is a wide-spread tendency of incorporating data protection and privacy issues in laws governing electronic commerce. On
the one hand, by addressing privacy concerns of data subjects by means of legal
regulations it is intended to overcome resistance to online transactions. On the
other hand, these countries want to ensure that the power of law enforcement authorities will not be undermined by using modern information and communication technologies.
Another important influence on international data protection legislation has to
be attributed to regulations restricting the transfer of personal data to third countries that are not considered as countries providing an adequate level of data protection. These requirements result for instance from art. 25 of the EC-Directive,(3)
or from Principle 9 of the National Privacy Principles of the Privacy Amendment
(Private Sector) Act of Australia,(4) or from Sec. 33 of the Personal Data (Privacy)
Ordinance of Hong Kong,(5) or from art. 24 of the Computer-Processed Personal
Data Protection Law of Taiwan(6) as well as from Sec. 12 of the Personal Data Protection Act of Argentina,(7) or from art. 10 of the Draft of the Senate Bill No. 61 of
Brazil.(8) In order to avoid a hindrance of transborder data flow, national legislators
are forced to take actions.
The attacks of September 11, 2001 have led to remarkable changes in the legislative framework of almost all industrialized societies worldwide. Broadly speaking,
these changes have led to increased powers for “public authorities” all around the
world sometimes with direct or indirect impact on the protection of personal data.
In spite of the diversity of national data protection laws, it is ascertainable that
the data protection and privacy legislation is on the way to an international law convergence.(9)
Worldwide it could be generally differentiated between the following three
models taken by legislators in order to address privacy issues:
- a comprehensive regulatory approach,
- a sector specific approach,
- a self-regulatory approach.
(3) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L 281, 23/11/1995.
(4) Privacy Amendment (Private Sector) Act of 2000, http://www.privacy.gov.au/act/index.html.
(5) Personal Data (Privacy) Ordinance of 1995, http://www.pco.org.hk/english/ordinance/ordglance.html.
(6) Computer-Processed Personal Data Protection Law of 1995, http://www.virtualasia.com/taiwan/bizpack/legalcodes/cpdpl.htm.
(7) The Personal Data Protection Act of Argentinia of 2000, http://www.privacyexchange.org.
(8) Draft of the Federal Senate Bill No. 61, 1996, http://www.privacyexchange.org.
(9) Büllesbach, Datenschutz in einem globalen Unternehmen, RDV 2000, 1, p. 2.
132
Da costo a risorsa - Attività produttive e protezione dei dati personali
These approaches do not exclude each other. On the contrary, often legislators
make use of a combination of two or even three of these models in order to provide
an appropriate regulatory data protection scheme.
1. Comprehensive approach
Characteristically, acts following the comprehensive approach stipulate requirements for the collection, processing and use of personal data by public as well
as by private sector entities,(10) regardless of the application and the purpose for
which the data is collected. These acts grant data subjects access and correction
rights in respect to their personal data and provide for sanctions in case of a violation of data protection regulations, like compensation for damages or criminal offenses. The observance of these legal requirements is ensured by external governmental controlling bodies, which have the power to investigate actions that might
contravene privacy regulations.
The EC-Directive and consequently all member states follow the comprehensive regulatory approach. A lot of European states which are not member of the EC
have Privacy Acts that are leaned on the EC-Directive.
Some countries of the Asia/Pacific region like Australia, Hong Kong, New
Zealand and Taiwan have implemented this regulatory model as well. The Privacy
Act of New Zealand provides for the appointment of an internal data protection officer whose responsibilities include the encouragement of the compliance with the
act by the respective entity.(11) Under the Australian Privacy Amendment (Private Sector) Act private sector entities may develop their own rules for the protection of privacy which might substitute the National Privacy Principles and which are enforced
by the private sector entity itself and overseen by governmental control institutions.
In North America, only Canada has adopted a privacy system according to the
comprehensive regulatory approach.
The new privacy protection legislation in Chile and Argentina also reflects the
European Data Protection Directive
2. Sector-specific approach
Countries which have followed this approach have not enacted a general data
(10) Concerning the Computer-Processed Personal Data Protection Law of Taiwan it has to be noticed that this act applies
only to any credit investigation business or organization or individual whose principal business is to make the collection of
computerized processing or personal data any hospital, school, telecommunication business, financial business, securities
business, insurance business, and mass media and other enterprises, organizations, or individuals designated by the Ministry
of Justice and the central government authorities in charge of concerned end enterprises (see art. 3 no. 7 of the ComputerProcessed Personal Data Protection Law of Taiwan).
(11) See Sec. 23 of the Privacy Act of New Zealand.
Alfred Büllesbach - Does Business need In-House Self-Regulation?
133
protection law, but have issued regulations governing data protection issues for particular applications, e.g. the financial sector, the telecommunications sector or electronic commerce.
According to US legal tradition, law is primarily intended to protect the citizen from encroachments by the government. The regulation of the relationships between private (individuals and/or corporations) is to be avoided where possible.
Consequently, the US-private sector is in regard to privacy issues only affected by
several area-specific regulations
In the Asia/Pacific region, the Philippines(12) as well as South Korea(13) and China have enacted specific regulations of different kinds. Apart from the efforts to enact comprehensive data protection laws, up to now there are only sector-specific
regulations in Singapore(14), India(15), Malaysia(16) and Thailand(17).
3. Self-regulatory approach
The self-regulatory approach is based on the idea that data protection can be
achieved through various forms of self-regulation, in which companies and industry bodies establish codes of practice and engage in self-policing.
Global acting companies have to ensure the compliance with a diversity of national regulations. Self-regulatory mechanisms might be very helpful to cope with
the heterogeneity of the data protection legislation.
To ensure the variety of legislation a permanent analysis of the different national legislative activities is necessary. An effective internal enforcement infrastructure is also needed. These activities can conduct to a global strategy which is especially needed for transborder data flow and electronic commerce.
The increasing customer awareness is also an important fact that should be taken into consideration by a global data protection strategy being based on self-regulatory mechanisms. The loss of revenue in the e-commerce-sector because of priva(12) E.g. Bank Secrecy Act (Republic Act 7653); Secrecy of Banks Deposits Act (Republic Act No 1405); E-Commerce Act
of 2000 (Republic Act No 8972 of 2000, http://www.chanrobles.com/republicactno8792.htm)
(13) E.g. Law on the Protection of Personal Information managed by Public Agencies of 1994; Act on the Disclosure of Information by Public Agencies of 1996; Basic Act on Electronic Commerce 1999; Law on the Protection of Communications
Secrecy Act of 1993; Telecommunications Business Act of 1991; Act Relating to Use and Protection of Credit Information
of 1995; Postal Services Act of 1982
(14) E.g. Banking Act, last amended 2001; Computer Misuse (Amendment) Act of 1998; Electronic Transactions Act 1998;
for further information see http://www.lawnet.com.sg/.
(15) E.g. Information Technology Act; for further information see http://www.mbc.com and Electronic Privacy Information
Center, Privacy & Human Rights 2001 An International Survey of Privacy Laws and Developments, USA 2001, p. 173
(16) E.g. Communications and Multimedia Act of 1998, http://www.cmc.gov.my/legislationframe.htm; Computer Crime
Act of 1997, http://www.ktkm.gov.my; Banking and Financial Institutions Act of 1989
(17) Official Information Act B.E. 2450 of 1997, http://203.152.23.33/html/fslaw_e.htm.
134
Da costo a risorsa - Attività produttive e protezione dei dati personali
cy concerns(18) and the general increasing interest in privacy(19) make a proactive engagement in data protection and privacy very important.
There are several instruments of self-regulation that could be combined to
achieve a comprehensive data protection strategy. Self-declarations as consumer
confidence and privacy statements transport the strategy to the public. Corporate
standards of conduct are binding the companies and employees. The participation
in privacy programs guaranteed by bilateral contracts as the Safe Harbor Principles
(EC/USA) could be another building block in a global privacy strategy.
To effectively carry through a global strategy a quality management system being based on internal or external audits is needed. By way of privacy seals external
audits could be provided to the public. Self-control could also be implemented by
establishing a organization of data protection officers.
A parallel usage of these self-regulatory instruments is conceivable and partly
necessary to address the arising privacy issues.
Apart from self-regulatory approaches integrating many companies, there are
also different mechanisms which could be used by single companies, like Codes of
Conduct, Integrity Codes, Privacy Statements in order to inform the contractors or
potentials about one’s privacy policy, or contractual solutions using model clauses
in specific areas of application.(20)
III. Challenges for global acting companies
The self-regulatory approach could also be used to cope with the problems
concerning transborder data flows.
In general, according to art. 25 para.1 of the EC-Directive, or Principle 9 of the
National Privacy Principles of the Privacy Amendment (Private Sector) Act of Australia, or Sec. 33 of the Personal Data (Privacy) Ordinance of Hong Kong, or Sec. 12
of the Personal Data Protection Act of Argentina, or art. 10 of the Draft of the Senate Bill No. 61 of Brazil, a transfer of personal data to a third country requires that
the third country in question ensures an adequate level of data protection. According
to art. 25 para.2 the European Commission may consider a third country to be providing an adequate level of data protection.(21) A similar authorization is particularly
(18) FT, 28 Feb. 2001: 12 million people stopped buying over the net because of privacy concerns. That relates to $ 12 billion loss of revenue generated over e-commerce.
(19) Westin Research: Privacy Fundamentalists, 25 % in 1990, same in 2000; Privacy Pragmatists, 55 % in 1990, increasing
to 63 % in 2000; Privacy-Unconcerned, 20 % in 1990, dropping to 12 % in 2000.
(20) Regarding the term “self-regulation” and self-regulatory instruments see Bizer, Selbstregulierung des Datenschutzes,
DuD 2001, p. 168.
(21) See for further information Jacob, Datenübermittlungen in Drittländer nach der EU-Richtlinie in Büllesbach (ed.)
Datenverkehr ohne Datenschutz, Verlag Dr. Otto Schmidt KG, 1999. p. 25 ss.; Brühann, Die aktuelle Debatte um den
Alfred Büllesbach - Does Business need In-House Self-Regulation?
135
granted by Sec. 33 para.3 of the Personal Data (Privacy) Ordinance of Hong Kong to
the Commissioner. Up to now, only Hungary,(22) Switzerland(23) and Canada(24) are recognized by the European Commission as countries providing an adequate safeguard.
Furthermore, personal data collected in the EU/EEC may be transferred to the
U.S. provided that the US-American company adheres to the Safe Harbor Principles and is subject to the jurisdiction of the Federal Trade Commission or another
institution which effectively ensures the compliance with the principles.(25) Since the
Safe Harbor Principles provide only a solution for the transfer of personal data from
the EU/EEC to the US they are not an appropriate instrument for companies exchanging personal data worldwide.(26)
If the third country does not ensure an adequate level of data protection a company has the following options to legalize a transborder data flow:
- obtaining the consent of the data subject to the transfer(27) or
- adducing adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and with regards to
the exercise of the corresponding rights. Such safeguards may in particular
result from appropriate contractual clauses or Codes of Conduct.(28)
Since personal data is transmitted worldwide, a global acting company needs a
global solution to cope with the different legal requirements in respect of transborder data flow.
internationalen Transfer von personenbezogenen Daten in Büllesbach (ed.) Datenverkehr ohne Datenschutz, Verlag Dr. Otto Schmidt KG, 1999. p. 35 ss.; Simitis, Der Transfer von Daten in Drittländer – ein Streit ohne Ende? in Büllesbach (ed.)
Datenverkehr ohne Datenschutz, Verlag Dr. Otto Schmidt KG, 1999. p. 177 ss.
(22) Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Hungary, Official Journal of the European Communities,
8/25/2000, L 215/4.
(23) Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland, Official Journal of the European Communities,
8/25/2000, L 215/1.
(24) Commission Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the
Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act, Official Journal of the European Communities, 1/4/2002, L 2/13.
(25) Commission Decision of 27 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the Safe Harbor Privacy Principles and related Frequently Asked Questions issued by the US Department of Commerce, http://europa.eu.int/comm/internal_market/en/dataprot/news/decision_de.pdf.
(26) Critical standpoint to the Safe Harbor Principles is also taken by Karstedt-Meierrieks, Selbstregulierung des Datenschutzes – Alibi oder Change?, DuD 2001, 287, p. 288.
(27) See art. 26 para.1 a) of the EC-Directive; Principle 9 (b) of the National Privacy Principles of the Privacy Amendment
(Private Sector) Act 2000 of Australia, Sec. 33 para.2(c) of the Personal Data (Privacy) Ordinance of Hong Kong.
(28) art. 26 para.2 of the EC-Directive, Principle 9 (f ) of the National Privacy Principles of the Privacy Amendment (Private Sector) Act 2000 of Australia, Sec. 33 para. 2 (f ) of the Personal Data (Privacy) Ordinance of Hong Kong. See also
Büllesbach, Überblick über Europäische Datenschutzregelungen bezüglich des Datenaustausches mit Ländern außerhalb der
Europäischen Union, RDV 2002, forthcoming.
136
Da costo a risorsa - Attività produttive e protezione dei dati personali
IV. Advantages of the Code of Conduct in comparison to the other solutions
Taking all the pros and cons of the several options into account, Codes of Coduct are the best solution to cope with the issues arising from globalization, especially
with the requirements of transborder data flow.
To obtain a legally effective consent, it will be necessary to inform the data subject in advance about all intended data processings and especially about the fact that
her or his data are transferred to substandard countries. Especially, the last notification requirement could raise serious marketing issues.
Another problem is that the data subject is not prevented from withholding or
revoking her or his consent. If this would be the case, her or his data could not be
transferred to a third country. Furthermore, the mere consideration of this possibility could result in complicating the whole data processing process.
The usage of contractual clauses allows to consider the peculiarities of each single processing.(29) But, due to the necessity to incorporate these clauses in each single contract as well as to update the contracts in case of changes (e.g. M & A) this
concept results in an increased expenditure for administration.
Moreover, under the EC-Directive, the contract between the data exporter established in the EU/EEC and the data importer established in the third country to
whom the data are transferred must be individually approved by or notified to the
appropriate data protection authorities in each Member State from which the data
are transferred, making this a time-consuming and expensive process.
The risk that the respective data protection authority refuses to provide its approval could be minimized by incorporating model clauses, which are formally
adopted by the European Commission being a sufficient safeguard for the transfer
of personal data to third countries.(30) In other words, if a company would incorporate the model clauses, the competent authority would be bound by the decision of
the European Commission and could not refuse to provide its approval. But, in order to make use of the decision of the Commission, companies are required to
adopt the model clauses word by word. Any alteration has to be approved by the respective authority. Additionally the use of model clauses could cause an unacceptable administrative expenditure for complex systems of contracts.
Since the model clauses will serve as a benchmark for individually concluded
contracts, it is questionable, whether a data protection authority would approve
contractual clauses, which do not provide for the same safeguards and rights granted to data subjects as the model clauses do.
The Safe Harbor Principles-Program is only created to provide safeguards for
(29) Büllesbach/Höss-Löw, Vertragslösung, Safe Harbor oder Privacy Code of Conduct, DuD 2001, 135, p. 137.
(30) See Commission Decision of 15 June 2001 on standard contractual clauses for the transfer of personal data to third
countries, under Directive 95/46/EC, Official Journal of European Communities, 7/4/2001, L 181/19; Commission Decision of 27 December 2001 on standard contractual clauses for the transfer of personal data to processors established in third
countries, under Directive 95/46/EC, Official Journal of European Communities 1/10/2002, L 6/52.
Alfred Büllesbach - Does Business need In-House Self-Regulation?
137
the transfer of data from the EC to the US. This covers only a part of the data tranfers of a global acting company and must be combined with other solutions. The
combination of the Safe Harbor Principles with other solutions would cause an additional administrative expenditure.
Additionally Codes of Conduct provide an answer to other challenges arising
from globalization. Even if Codes of Conduct could not be a substitute for national laws, by prescribing worldwide recognized data protection principles which, are
based on several national laws, Codes of Conduct provide a possibility for companies to make use of the tendency of law convergence.
Codes of Conduct could be easily implemented, controlled and updated which
minimizes costs.
Furthermore, the adherence to the Codes of Conduct ensures uniform procedures for the handling of personal data within companies. This allows customers to
trust that their data is handled in the same manner, regardless where they are, which
constitutes a competitive advantage.
V. Data protection policy in the DC group
As a conclusion it can be said, that a global acting company needs a global data protection policy. The Code of Conduct is the most adequate means of self-regulation for a group-wide data protection policy. It provides an uniform standard
and philosophy for the DaimlerChrysler group (DC group), results in an uniform
image in data protection of the DC group and satisfies the requirements of Electronic Commerce of today and in the future.
The data protection strategy in the DC group is based on three pillars of selfregulation. The Codes of Conduct for customer and HR data provide an uniform
standard and philosophy.
In order to control the observance of the obligations resulting from Codes of
Conduct, an international control infrastructure has been installed. An internal decentralized organization of data protection coordinators which locally undertake the
tasks of the Chief Officer Corporate Data Protection has been established. The independent position of the Chief Officer Corporate Data Protection ensures a corporate law enforcement of the Code of Conduct.(31)
1. Codes of Conduct
The content of the Codes of Conduct covers:
- Aim of the Code of Conduct
- Scope of the Code of Conduct
- Application of law of individual nations
(31) Büllesbach, Konzeption und Funktion eines Datenschutzbeauftragten vor dem Hintergrund der EG-Richtlinie und der Novellierung des
138
Da costo a risorsa - Attività produttive e protezione dei dati personali
- Principles for the processing of personal data
- Special categories of personal data
- Notification and consent of the data subjects
- Confidentiality of processing
- Principles of data security
- Marketing data /data processing on behalf /involvement of third parties
- Customer Contact via Telecommunication
- Remedies/sanctions/responsibilities
- The Chief Officer Corporate Data Protection
- Definitions
2. Global Data Protection Organization of DaimlerChrysler
The global data protection organization of DaimlerChrysler is divided into
four committees for the regions Europe, NAFTA, Asia/Pacific and Latin America
each having respective data protection coordinators. Chairman of these committees
is the Chief Officer Corporate Data Protection (CPO). The European committee
is divided into three subcommittees for central functions and plants, sales and ebusiness and DaimlerChrysler Services. The meeting schedule of the committees is
at least once a year.
The data protection coordinators are the contact persons for the employees
and the customers. They do the consulting and training on the spot. The coordinators also cope with complaints and are responsible for the administration of the
decentralized controlling function. Additionally the data protection coordinators
have a reporting function to the CPO.
3. Internal law enforcement within the DaimlerChrysler group
The internal law enforcement is based on the Chief Officer Corporate Data
Protection (CPO) with a worldwide responsibility, who reports directly to the
Board of Management. The Chief Data Protection Officer supervises the observance of national and international data protection regulations and of this Code of
Conduct. He is supported by decentrally-located data protection coordinators.
The companies of the Group and the persons responsible for data processing
must ensure that the requirements of data protection are observed.
Infringements by employees may be pursued according to applicable provisions of labor law or disciplinary rules.
In case of data transfers from one company of the Group located in the
EU/ECC (data exporter) to another company of the Group outside the EU/ECC
Alfred Büllesbach - Does Business need In-House Self-Regulation?
139
(data importer), the Chief Officer Corporate Data Protection and the data importer
must cooperate with the competent supervisory authority in which the data exporter has its seat in the course of all inquiries.
If a data subject alleges a breach of this Code of Conduct by the data importer,
the data exporter must lend support to the data subject to clarify the situation. The
data subject’s rights can also be applied against the data exporter.
VI. Summary
Considering the fact that there exists no worldwide data protection law and at
the same time taking into account that enterprises and markets have gained global
dimensions, it is evident that there is a need for worldwide self-regulation as far as
data protection and data security are concerned.
Privacy is an integral part of quality. A company that recognizes data protection and data security risks as a risk for the company, has an competitive advantage
when establishing a global data protection strategy.
140
Da costo a risorsa - Attività produttive e protezione dei dati personali
Alfred Büllesbach - Does Business need In-House Self-Regulation?
141
142
Da costo a risorsa - Attività produttive e protezione dei dati personali
Alfred Büllesbach - Does Business need In-House Self-Regulation?
143
144
Da costo a risorsa - Attività produttive e protezione dei dati personali
Alfred Büllesbach - Does Business need In-House Self-Regulation?
145
146
Da costo a risorsa - Attività produttive e protezione dei dati personali
Alfred Büllesbach - Does Business need In-House Self-Regulation?
147
148
Da costo a risorsa - Attività produttive e protezione dei dati personali
Alfred Büllesbach - Does Business need In-House Self-Regulation?
149
150
Da costo a risorsa - Attività produttive e protezione dei dati personali
Alfred Büllesbach - Does Business need In-House Self-Regulation?
151
Uso a fini privati dei dati personali in mano pubblica
Vincenzo Zeno Zencovich(1)
Lo sfruttamento economico dei dati personali detenuti da soggetti pubblici
presenta indubbie lusinghe: si tratta di grandi numeri, e di dati di rilevante interesse. I soggetti pubblici sono storicamente attrezzati a raccogliere e conservare dati,
ma non rientra nella loro tradizione sfruttarli economicamente, attività per la quale è necessaria una attitudine imprenditoriale. Sicuramente un privato saprebbe trarne maggiore profitto, con significative esternalità positive: l’informazione è un fattore importante della produzione e più essa è accessibile, anche se a pagamento, più
razionali sono le scelte degli attori del processo economico.
È dunque facile cogliere le potenzialità del tema e comprendere i vantaggi che
alle imprese deriverebbero dalla accessibilità e facile fruibilità di tali dati.
Nel contempo sorgono istintivamente delle perplessità. I soggetti pubblici acquisiscono dati personali in genere sulla base di un rapporto di soggezione del privato il quale è obbligato a fornirli oppure, se vuole avvalersi di taluni servizi o prestazioni, deve identificarsi. Questi dati, acquisiti ratione imperii, verrebbero poi ceduti dietro corrispettivo a terzi i quali li utilizzerebbero per trarne profitto. L’intuitivo squilibrio della situazione descritta si fa più razionale se essa è analizzata con
una visuale più ampia.
La disciplina del trattamento dei dati personali - a livello comunitario - è anche una regola di allocazione di risorse informative. Non ci si stancherà di evidenziare lo stretto legame fra la Direttiva 95/46 sul trattamento dei dati personali e la
- di poco successiva - Direttiva 96/6 sulla tutela giuridica delle banche dati. Con
quest’ultima si accorda protezione ad un insieme di informazioni; con la prima si
fissano dei limiti alla libera appropriabilità di talune informazioni, i dati personali.
L’individuo controlla i dati che lo riguardano e stabilisce se e come possano essere appropriati da terzi.
La proposta di direttiva sul “riutilizzo dei documenti del settore pubblico e il
loro sfruttamento a fini commerciali” altera significativamente il bilanciamento degli interessi raggiunto da una lettura coordinata delle due direttive.
Il primo punto critico è stato già evidenziato: l’individuo è tenuto a fornire i propri dati a soggetti pubblici, venendone in tal modo espropriato. Vi sono tuttavia una
serie di vantaggi che egli trae da tale coattiva comunicazione: ottiene l’erogazione di
taluni servizi; riceve certezza in ordine al proprio status o a suoi diritti. Il sistema presenta dunque una sua razionalità nel rapporto privato - soggetto pubblico - anche se
(1) Università Roma III
152
Da costo a risorsa - Attività produttive e protezione dei dati personali
è economicamente poco efficiente nel rapporto fra soggetto pubblico e impresa.
Nel sistema divisato egli, indirettamente, cederebbe - senza consenso e senza
corrispettivo - i suoi dati a terzi. È vero che questi pagherebbero, ma l’utilità economica spetterebbe solo all’ente pubblico.
Quest’ultimo - e non più l’interessato - avrebbe un property right sui dati che
gli sono conferiti dai singoli in virtù del rapporto di autorità o di amministrazione.
Il secondo punto critico è connesso: la comunicazione dei dati al soggetto pubblico risponde a precise finalità ed è strumentale allo svolgimento di attività pubbliche che, per definizione, dovrebbero essere nell’interesse generale, oltre che, sovente,
presentare utilità concrete per l’interessato. È questo interesse generale che guida l’attività del soggetto pubblico imponendo il rispetto di una serie di principi ormai acquisiti nel sistema costituzionale e comunitario: la legittimità, l’imparzialità, la non
discriminazione, la proporzionalità della sua azione. Da ciò conseguono regole procedimentali, controlli, responsabilità. È facile comprendere che, nel momento in cui
i dati sono conferiti a soggetti privati in primo luogo le finalità del trattamento cambiano mettendo in evidenza l’utilità economica del titolare; in secondo luogo il soggetto privato non è - né è logico che sia - gravato dagli oneri che invece sono propri
del soggetto pubblico, essendo la sua azione libera nelle forme e nei fini.
In terzo luogo il soggetto privato non ha quelle responsabilità o anche solo
quella accountability che invece sono imposte al soggetto pubblico. Ed in ogni caso mentre quest’ultimo è tendenzialmente un soggetto unico, ben individuato, la
cessione a terzi di dati pubblici operata nel rispetto del principio di non discriminazione moltiplica i soggetti potenzialmente autori di trattamenti non corretti rendendo estremamente difficile - anche grazie alla circolazione transfrontaliera dei
dati - il controllo da parte dell’interessato.
È possibile evitare tali inconvenienti e conciliare tutela dei dati personali con
circolazione delle informazioni? Al quesito possono darsi alcune risposte ma esse,
come si vedrà, non sono del tutto soddisfacenti.
a) restrizione dei dati trasferibili a soggetti privati: una prima strada da percorrere potrebbe essere quella di cercare di restringere la categoria di dati
trasferibili a terzi, escludendo, ad esempio, quelli sensibili o “semi-sensibili”
ovvero altri come ad esempio quelli inerenti a rapporti tributari. Non pare
convincente ed efficiente la soluzione- individuata dalla proposta di direttiva- di consentire la cessione dei dati per i quali l’ordinamento nazionale ammette un diritto di accesso. Tale diritto, infatti si configura in maniera variegata e riguarda solitamente un dato, un soggetto, non una massa di dati
relativa ad una molteplicità di soggetti. Peraltro il diritto di accesso è solitamente finalizzato al soddisfacimento di un preciso interesse individuale.
Come è stato opportunatamente osservato dalla giurisprudenza, la circo-
Vincenzo Zeno Zencovich - Uso a fini privati dei dati personali in mano pubblica
153
stanza che un dato sia conservato in un pubblico registro non legittima di
per sé la diffusione urbi et orbi del dato medesimo.
b) restrizione delle finalità per le quali i dati possono essere ceduti: un’altra strada potrebbe essere quella di consentire la cessione dei dati pubblici ai privati a condizione che essi ne facciano il medesimo uso consentito al soggetto pubblico. Ancorché razionale, la soluzione è di ben scarsa utilità: il privato vuole acquisire i dati pubblici perché vuole sfruttarli in modo più intenso e innovativo. Se dovesse limitarsi a farlo ad imitazione del soggetto
pubblico (ad es. rilascio di attestazioni o “visure”) sarebbe sufficiente un suo
collegamento telematico con il sistema che gestisce i dati pubblici.
c) restrizione dei soggetti cui cedere i dati: al fine di assicurare un maggiore
controllo sul corretto utilizzo dei dati da parte di terzi sarebbe possibile pensare di restringere il numero dei soggetti privati abilitati al trattamento dei
dati personali pubblici. Si tratta di una linea antitetica a quella della proposta di Direttiva che si fonda sul principio di non discriminazione (e dunque
di astratta illimitata fruibilità). Tuttavia non è difficile scorgere i prevalenti
interessi generali che suggeriscono una limitazione a pochi soggetti del riutilizzo di tali dati. È evidente che in tal modo si pone il problema della
scelta del o dei soggetti: ma qui i meccanismi comunitariamente compatibili sono ben collaudati e vanno dalla qualità ed affidabilità del soggetto all’eventuale offerta economica presentata per aggiudicarsi la gara.
d) una ipotesi alternativa: i dati personali pubblici come res extra commercium:
non si può peraltro ignorare una diversa prospettiva che configuri i dati personali detenuti dai soggetti pubblici come res extra commercium e dunque in
radice sottratte ad uno sfruttamento economico diretto o tramite terzi. Dal
punto di vista normativo si possono rinvenire significativi elementi nella
Direttiva 95/46 essendo la cessione a terzi per scopi di lucro incompatibile
con le finalità per le quali i dati sono stati raccolti. Oltretutto verrebbe a
crearsi un vistosa disparità fra dati detenuti da titolari privati - che possono
essere comunicati a terzi solo in ipotesi limitate e in genere con il consenso
dell’interessato - e dati detenuti da titolari pubblici abilitati ad una generale disseminazione dei dati.
Ma vi sono anche ragioni di ordine più generale: tutti ricordiamo che la prima
spinta verso la protezione della riservatezza informatica nasce dalla preoccupazione
efficacemente rappresentata dalla figura letteraria del “Grande Fratello” di George
Orwell. Ed è nei confronti delle banche di dati pubbliche - le uniche all’epoca - che
si appunta l’attenzione. Lo Stato dovrebbe ora trasformarsi da potenziale “nemico”
della riservatezza individuale in suo difensore. tutelando in tal modo anche il rapporto di fiducia con le parti del contratto sociale. I dati personali pubblici vanno ge-
154
Da costo a risorsa - Attività produttive e protezione dei dati personali
stiti direttamente dallo Stato, al pari di altri beni fuori commercio, come quelli ambientati e molti di quelli culturali.
Ed il richiamo all’ambiente e all’arte non appare fuori luogo perché ci porta in un dibattito sulla riservatezza da costo a risorsa- a riflessioni che sono state ampiamente svolte nel confrontarsi fra ragioni dell’ecologia e sviluppo sostenibile, fra
difesa del patrimonio nazionale e corretta fruizione dello stesso.
Si tratta di problemi di difficile soluzione, ma sicuramente il dibattito sulla tutela dei dati personali assume dimensioni più vaste e implicazioni di policy di più
ampio respiro.
Vincenzo Zeno Zencovich - Uso a fini privati dei dati personali in mano pubblica
155
Using Personal Data Held by Public Entities for Private Purposes
Vincenzo Zeno Zencovich(1)
The business exploitation of personal data held by public entities is undoubtedly appealing: one has to do with a major amount of data, which are of considerable interest. Public entities have traditionally been equipped to collect and store
data; however, exploitation of these data for business purposes does not fall under
the scope of their standard activities – it being an undertaking that requires entrepreneurial approaches. A private entity is undoubtedly in a better position to profit from such data by turning them into a source of significant assets; indeed, information is an important production factor: the more it is available, even if not for
free, the more rational the decision-making will be as regards economic actors.
Therefore, the potential inherent in this matter can be easily grasped, as can the
beneficial effects for businesses produced by availability and ease of use of those data.
At the same time, one is bound to feel instinctively perplexed. Public bodies
usually acquire personal data on the basis of an individual’s obligation to either supply such data or provide proof of his/her identity in order to obtain certain services. These data as acquired ratione imperii, i.e. by authority, would then be transferred for a consideration to third parties, who could use them for profit-seeking activities. The unfairness of this situation can be appreciated intuitively, but a broader scope of analysis allows attaining a more rational vision.
The regulations applying to processing of personal data at Community level
can be also regarded as guidelines for allocating information resources. The close relationship between Directive 95/46 on the processing of personal data and Directive 96/9 on the legal protection of databases should be tirelessly pointed out. The
latter Directive provides safeguards for sets of information; the former one lays
down restrictions on the boundless acquisition of certain items of information – i.e.
personal data. Individuals are in control of the data concerning them and decide
whether and how they may be acquired by third parties.
The draft directive concerning “Reuse and Exploitation for Commercial Purposes of Public Sector Documents” produces significant effects on the balancing of
interests that can be achieved by the joint application of the two directives.
One first critical issue has already been referred to – namely, the fact that individuals are required to provide their data to public entities and therefore, are dispossessed of their data. However, this compulsory communication entails some
benefits: individuals are delivered certain services, or can establish their status
(1) Roma Tre University-Italy
156
Da costo a risorsa - Attività produttive e protezione dei dati personali
and/or rights with certainty. There is therefore a rationale underlying this system as
regards the relationship between individuals and public entities – whilst this same
system proves poorly effective in economic terms with regard to the relationship between public entities and businesses.
According to the system envisaged in the Draft Directive, an individual would
indirectly assign his/her own data to a third party regardless of his/her consent and
for no consideration. It is a fact that the third party in question would have to pay
for the data, however only the public entity would be entitled to the resulting profit.
Only the public entity would be entitled to a property right in respect of the
data it receives from individuals on account of the existing authority and/or management relationship.
A second critical issue is related to the considerations made above: data communication to a public body serves specific purposes and is necessary for performing public activities which, by definition, should be carried out in the public interest as well as being concretely useful for the individual concerned. This general interest focus underlies the activities of public entities and makes it compulsory for
them to comply with principles that have long been recognised in constitutional
and Community provisions – namely, lawfulness, impartiality, non-discrimination,
proportionality. This results into the need for setting forth procedural rules, controls, and specific liabilities. It can be easily appreciated that the purposes of the processing change whenever data are transferred to private entities, since emphasis is
put on the data controller’s economic profit; secondly, private entities are not – nor
can be expected to be – subjected to the obligations that are actually typical of public entities, since they are free to act in the manner and for the purposes they find
most suitable.
Thirdly, responsibilities and accountability of private entities are not the same
as those pertaining to public entities. At all events, whilst the latter are usually single, well-defined organisations, assigning publicly-owned data to third parties in
compliance with the non-discrimination principle results into multiplying the
number of entities that may process such data inappropriately and makes it quite
difficult for a data subject to be in control – partly on account of the existing transborder data flows.
Can these mishaps be avoided by reconciling personal data protection and free
movement of data? This question can be answered in several ways, which are, however, not completely satisfactory – as the paragraphs below will show.
a) Limiting the data that may be transferred to third parties: one first solution
might consist in trying to limit the categories of data that may be transferred to third parties, e.g. by excluding sensitive and/or “quasi-sensitive”
data or else other data such as those concerning taxation matters. The solu-
V i n c e n z o Z e n o Z e n c o v i c h - Using Personal Data Held by Public Entities for Private Purposes
157
tion envisaged in the draft Directive – i.e. allowing transfer of a data in
whose respect the right of access may be exercised under domestic law –
would not appear to be either convincing or effective. Indeed, the access
right shows a multifarious pattern and usually refers to one data and one entity – rather than to multiple data concerning several entities. On the other hand, the right of access is usually aimed at meeting a specific individual
requirement. As appropriately pointed out in some court decisions, the fact
that a data is kept in a public register does not make it lawful, in itself, to
unrestrictedly disclose it.
b) Limiting the purposes for which the data may be assigned: another solution
might consist in allowing publicly-owned data to be assigned to private entities on condition that the latter use them for the same purposes for which
they are used by the public entity. Though sensible, this solution is all but
useful: indeed, private entities wish to acquire publicly owned data in order
to exploit them more thoroughly and innovatively. If they were to limit
themselves to using the data in a similar fashion – e.g. to issue certificates
and/or attestations – it would be enough for them to connect electronically with the system managing the publicly owned data.
c) Limiting the entities entitled to receive the data: in order to allow more effective control on the appropriate use of the data by third parties, limiting
the number of private entities that are entitled to process publicly-owned
data might be envisaged. This approach goes in the opposite direction to
that proposed in the draft Directive, which is based on the non-discrimination principle – entailing unlimited usability, at least theoretically. However, it is not difficult to imagine the overriding general interests that point to
the advisability of limiting re-use of such data to a small number of entities.
This raises, most obviously, the issue of how to select the relevant entity/entities; Community-compatible parameters have long been tested in this
field, ranging from quality and reliability of the recipient(s) up to the tender possibly submitted in order to be granted a public contract.
d) An alternative approach: regarding publicly-owned personal data as res extra commercium: one should also take account of a different approach, in
which publicly-owned personal data are regarded as res extra commercium
(non-marketable goods) that may not be, as such, the subject of economic
exploitation whether directly or by the agency of third parties. From a regulatory viewpoint, this position is significantly supported by Directive
95/46 – since assignment to third parties for purposes of gain is incompatible with the purposes for which the data have been collected. Additionally, this type of assignment would give rise to a markedly unequal treatment
158
Da costo a risorsa - Attività produttive e protezione dei dati personali
of the data held by private data controllers as compared with those held by
public data controllers – since the latter would be enabled to disseminate
the data unrestrictedly, whereas the former are currently entitled to only
communicate personal data to third parties under specific circumstances
and with the data subjects’ consent.
However, this approach is also based on more general considerations. We all
remember that the first impulse towards protecting computer privacy resulted from
the concerns that were aptly described in George Orwell’s literary works as the “Big
Brother”. The attention was focussed on public data banks – being the only ones
existing at that time. Nowadays, States should turn from potential “enemies” into
defenders of privacy, which would allow them to also safeguard the trust relationship with all the parties to the social contract. Publicly owned personal data should
be managed directly by States, similarly to other non-marketable goods such as environmental goods and a considerable portion of cultural heritage.
The reference to environmental and cultural heritage is far from being out of
the place. Indeed, the focus being on how to make privacy from a cost to a resource,
this reference points to considerations that have been repeatedly made in connection with the debate on environmental protection and sustainable development,
safeguarding national heritage and making appropriate use of our heritage.
These issues cannot be coped with easily; however, the issue of personal data
protection can be undoubtedly approached in a wider perspective and with deepranging policy implications.
V i n c e n z o Z e n o Z e n c o v i c h - Using Personal Data Held by Public Entities for Private Purposes
159
Privacy e rapporti di lavoro(1)
Umberto Romagnoli(2)
1. Ricordare gli inizi è sempre utile. Non di rado, è doveroso. Come in
questo caso
Lo statuto dei lavoratori non era ancora legge dello Stato e già si era sparsa la
voce che si stava esagerando coi diritti. Non solo con quelli collettivi, ma anche e
soprattutto con quelli individuali che, propiziando un morboso attaccamento alle
libertà personali, avrebbero incoraggiato comportamenti sconsiderati. La voce si tramutò in un luogo comune; il quale, come i suoi fratelli, dimostrerà di avere la prerogativa di sovvertire i ritmi biologici. I luoghi comuni, si sa, nascono, crescono, ma
non muoiono mai.
Predire che la cultura anarco-libertaria del “tutto è lecito” sarebbe dilagata nelle aziende non era molto più realistico di quanto non lo fosse in passato. Tuttavia,
la predizione venne ugualmente presa sul serio dai laudatores temporis acti per delegittimare i denigratori di una cultura industriale che volevano caratterizzata dalla
prevaricante autorità-autoritaria degli imprenditori.
Ogni tanto, per fortuna, il tempo è galantuomo. Così, adesso che nemmeno le
giovani mamme più colte conoscono le teorie di pediatri come Spock, i figli liceali
non leggono libri di filosofi come Marcuse e i padri, se sono operatori giuridici di
mestiere, hanno smesso di doparsi con dosi consistenti di diritto alternativo, adesso
– dicevo – è arrivato il momento di confessare quel che allora pensavano in pochi,
anche se era la verità. E la verità era che, quando il carastrofismo moralistico si coniuga col trionfalismo apologetico, l’orgasmo della drammatizzazione tocca il culmine e difatti si finisce col perdere di vista che si può essere a sinistra o a destra di
tutto, tranne che del buon senso.
Per questo, contrapporre ad un’opinione faziosa e parziale un’opinione altrettanto faziosa e parziale, se allora fu il pedaggio pagato alla temperie di una stagione
surriscaldata dalle polemiche e avvelenata da insane voglie di rivincita, adesso sarebbe peggio che ozioso. È saggio invece suggerire agli instancabili duellanti di accettare una premessa comune: ammettere cioè che il riconoscimento legale di diritti individuali di libertà nei luoghi di lavoro non va enfatizzato – né da destra né da sinistra.
L’ambiente era quello che era; si sa. Tuttavia, per essere persuasiva, anche la più
fondata critica della giuridificazione avrebbe dovuto essere preceduta dalla ricerca
dei correttivi necessari per giustificare la scelta di lasciare le regole nell’informalità.
(1) Questo scritto sarà pubblicato anche negli Studi in onore di Mario Grandi.
(2) Università di Bologna - Italia
160
Da costo a risorsa - Attività produttive e protezione dei dati personali
Analogamente, pur essendo condivisibile, la soddisfazione per l’intervento legislativo non avrebbe dovuto essere compiaciuta, e compiacente, al punto di pretendere
che la titolarità del diritto a fare una certa cosa esonerasse di per sé da censure.
Non a caso, un leader carismatico della Cgil sentì il dovere di ammonire, anche a rischio dell’incomprensione o della contestazione, quei “compagni che si erge(va)no a gelosi custodi di certe conquiste come se avessero (avuto) un tesoro da
conservare dentro uno scrigno e non si accorg(evano) di montare la guardia ad un
mucchietto di cenere”.
Correva l’anno 1978, uno dei più cupi della più drammatica crisi che abbia
colpito l’Italia nel secondo dopo-guerra, e nel mucchietto di cenere erano finite anzitutto le norme statutarie a tutela della privacy.
Titolavano i grandi quotidiani nazionali: “È da lì, dallo statuto, che nascono
l’assenteismo e la violenza?”, trasmettendo così all’opinione pubblica la notizia che
la riservatezza legislativamente protetta incoraggiava i più lavativi a darsi continuamente malati o, peggio, poteva servire per nascondere le simpatie o le connivenze
che alimentavano il terrorismo armato. Infatti, intorno alla norma che aboliva la figura del medico di fabbrica ed a quella che vietava le indagini sulle opinioni e la vita privata, si formò in fretta un alone di diffidenza e i giuristi che avevano assecondato l’ascesa della tendenza dottrinale ad assegnare ai diritti della personalità costituzionalmente garantiti universalità di direzione, e dunque rilevanza anche nei rapporti contrattuali, si rinchiusero in un pensoso silenzio.
Luciano Lama non poteva condividere e reagì. Reagì con la medesima energia
con cui, un quarto di secolo più tardi, un suo successore respingerà la proposta
avanzata da un governo di centro-destra di rimodulare le tutele degli insider a beneficio degli outsider, perché vi leggerà quel che vi leggerebbe anche un Premio Nobel per l’economia: un pretesto, secondo Robert Solow, che spiana il terreno al proposito di “rafforzare gli imprenditori rispetto agli insider”.
Lama, dunque, prese pubblicamente posizione, nella forma di una densa intervista a la Repubblica, pronunciando parole che ho sempre giudicato le più adatte a popolarizzare efficacemente l’asserzione secondo cui la relazione tra lavoro e cittadinanza ha la caratteristica instabilità di una barca con l’elefante, perché le libertà del cittadino in quanto lavoratore devono bilanciarsi con la libertà d’iniziativa economica.
Infatti, se l’impresa è il luogo in cui più si manifesta l’effetto cumulativo delle
disuguaglianze – le concentra, le focalizza, le radicalizza – al tempo stesso è il luogo
in cui è più problematico ridurle e pressoché impossibile eliminarle, come insegna
la storia ormai secolare delle cooperative di lavoro. Per questo, la normativa statutaria – con buona pace dei reduci dall’autunno caldo del ’69 disposti ad accettare soltanto interpretazioni massimaliste che la stiracchiassero come pelle di zigrino – ha
sì ridisciplinato il potere aziendale, lo ha razionalizzato, lo ha procedimentalizzato,
Umberto Romagnoli - Privacy e rapporti di lavoro
161
ma non poteva autorizzare ad azzerarlo. Piuttosto, al legislatore non bastava più che
esso fosse contenuto entro i limiti di una rigorosa finalizzazione allo svolgimento
dell’attività produttiva; voleva che il suo esercizio fosse commisurato a tutti i valori, anche extra-patrimoniali ed extra-contrattuali, di cui il lavoro è portatore per volontà dei padri costituenti.
“L’idea-madre dello statuto”, scrisse Luigi Mengoni, “è che l’organizzazione
tecnico-produttiva dell’impresa deve modellarsi sull’uomo, e non viceversa”, nell’ampia misura in cui l’inserimento in essa della persona tenuta a lavorarvi subordinatamente assume rilevanza giuridica quale fonte non solo di obblighi di comportamento coordinati alle esigenze dell’organizzazione, ma anche del diritto di proteggersi contro le minacce alla libertà, alla dignità e alla sicurezza. Come dire: lo statuto, più che una riforma, è stato una sfida. Una sfida che gli operatori giuridici,
economici e sindacali non potevano perdere o vincere se non insieme.
Ce l’hanno fatta?
Naturalmente, non intendo insinuare il sospetto che non abbiano raggiunto
una maturità culturale e una preparazione professionale all’altezza delle aspettative.
Semplicemente, ritengo che la sfida duri tuttora e anzi non terminerà mai. Un po’
perché, malgrado la sua centralità, quella individuale è la dimensione lunare del rapporto di lavoro dipendente e un po’ perché, come ama dire Gérard Lyon-Caen, il
diritto del lavoro “c’est Pénélope devenue juriste”. Quindi, se qualcuno mi chiedesse di elencare le idee nobili e generose che mi sedussero in gioventù, non mi vergognerei a mettere in cima alla lista quella che ravvisava nel costituzionalismo aziendale il sentiero percorribile dagli abitanti del pianeta-impresa per tentare di ricomporre la frattura che spacca in due il cittadino: legittimato a partecipare al governo
della polis almeno quando entra nella cabina elettorale, quando si veste da produttore subalterno può vedersi negata da altri uomini la possibilità di avvalersi dei diritti derivanti dal contratto quanto di quelli connessi con la sua posizione professionale od anche col suo status di cittadino, acquistando così le connotazioni di un
capite deminutus.
Tuttavia, ho imparato che bisogna essere idealisti senza illusioni. Perché c’è
sempre qualcuno o qualcosa che disfa la tela. Anche al di là delle intenzioni.
Paradigmatica è l’accelerazione subita per effetto delle innovazioni tecnologiche dal processo di invecchiamento della protezione legale della privacy dei lavoratori; innovazioni di per sé neutre, come si desume dalla casualità delle distorsioni
prodotte, che talvolta possono mortificare il legittimo potere di controllo, talaltra
indeboliscono le linee di difesa del controllato.
Così, per ricominciare ogni volta daccapo occorre proprio la testardaggine del
diritto del lavoro ereditato dal Novecento. E la sua umiltà. Perché non è mica esatto che le sue stagioni evolutive siano immancabilmente segnate da rotture epocali,
162
Da costo a risorsa - Attività produttive e protezione dei dati personali
da spettacolari dietro-front, da brack risolutivi. Anzi, la sua costante storica è la micro-discontinuità, specialmente per quanto attiene alle situazioni giuridiche soggettive che i contemporanei designano in termini di diritti di libertà del lavoratore come individuo.
È infatti un errore credere che tutti i comuni mortali possano sentire ciò che
ad alcuni di noi sembra di udire distintamente: un fragoroso sbatacchiamento di
porte. Quella della società pre-industriale, che si chiude, e quella della società industriale, che si apre. Quella del corporativismo fascista, che pareva non chiudersi
mai, e quella della costituzione democratica, che pareva non volersi aprire. Quella
del post-industriale, che però non si apre né si chiude del tutto, e quella del postmoderno, che non si sa dove conduca.
Le cose sono andate e vanno diversamente.
Le scosse dei sommovimenti tellurici di cui discorrono storici e costituzionalisti non si propagano fulmineamente alla dimensione individuale del rapporto di lavoro. Anzi, è altamente probabile che vi giungano infiacchite. Del resto, durante la
traversata nella sala-macchine nessuno riesce a capire quali pezzi musicali l’orchestra
di bordo sta eseguendo per intrattenere i passeggeri in crociera. Forse, non è neanche interessato a capire.
Insomma, la disciplina del rapporto individuale di lavoro è refrattaria all’innovazione, soprattutto se è repentina o destinata ad agire in profondità, e cambia adagio anche per evitare che i passaggi d’epoca descritti nei manuali scolastici possano
destabilizzare una relazione sociale che possiede una valenza fondativa per l’esistenza della gente comune. Potrà impietosire o indignare, ma il suo modo di realizzare
il valore della certezza giuridica si confonde con la vischiosità d’una storia infinita i
cui protagonisti sono troppo piccoli e troppo soli per poter manifestare una propensione all’adattamento al nuovo che avanza meno accomodante di quella che si
esprime nella ricerca delle soluzioni compatibili con l’esistente interiorizzato come
un dato oggettivo immodificabile. “Gli individui”, come scrisse André Gorz, “desiderano quello che hanno la possibilità di ottenere nelle condizioni date, e non quello che potrebbero ottenere solo in condizioni diverse”.
A ciò si aggiunga che il diritto individuale del lavoro costituisce dalle origini
parte integrante, se non del diritto civile codificato, delle sue categorie e dei suoi referenti concettuali.
Con la velocità impercettibile dei ghiacciai, infatti, si è sviluppato alla periferia d’un impero e in forma semi-clandestina, perché il diritto dei privati non tollera che la prestazione di lavoro all’altrui servizio sia sottratta al suo governo e dunque è intenzionato ad immunizzarne le regole contro i virus messi in circolazione
da eventi esterni.
Sennonché, i gius-privatisti che colonizzarono questo settore del sapere dava-
Umberto Romagnoli - Privacy e rapporti di lavoro
163
no per scontato ciò che non poteva esserlo. Davano per scontato che il capitalismo
moderno si sarebbe sorretto indefinitamente sulla capocchia d’uno spillo come il
contratto individuale di lavoro e che la configurazione collettiva impressa di fatto,
sotto più di un aspetto, dall’evoluzione industriale al regime dei rapporti contrattuali in cui si realizza tipicamente lo scambio tra lavoro e retribuzione sarebbe rimasta ai margini dei discorsi giuridici. Peraltro, daranno per scontata anche l’ininfluenza della costituzione post-liberale del 1948.
Ormai, la storiografia giuridica ha analizzato la vicenda in misura più che sufficiente alla sua archiviazione. Pertanto, se vi accenno, è unicamente per sottolineare
che la cultura giuridica degli anni ’50 trasmetteva ai giuristi del lavoro – anche a quelli che erano stati dei corporativisti convinti – il medesimo disagio che i gius-privatisti provavano davanti al documento costituzionale. Un disagio che si traduceva in un
arbitrario impoverimento della sequenza di dati di cui gli interpreti devono tenere
conto. In realtà, avrebbero voluto che il diritto del lavoro restasse rinchiuso dentro
l’involucro di una transazione economica, pur protestando contraddittoriamente
contro il persistente sequestro. Poi, è arrivato lo statuto e l’involucro è stato lacerato.
2. Infatti, è nell’area dei rapporti di lavoro dipendente che l’ordinamento
giuridico italiano si è aperto all’esigenza di tutelare la privacy delle persone.
Tuttavia, non è vero che tutto sia cominciato con lo statuto.
È toccato a Philipp Lotmar, durante la sua pionieristica incursione nell’inesplorato territorio di una contrattazione collettiva statu nascenti, registrare con simpatia che, tra le clausole dirette ad assicurare all’operaio un trattamento riguardoso,
figurava il divieto al padrone di dargli del “tu”. Come dire il grande giurista pre-weimariano intuì che regolare l’amministrazione del personale significa spesso giuridificare le buone maniere.
Perciò, ove si ammetta che un atteggiamento rispettoso della privacy del lavoratore durante e fuori l’orario di lavoro sia in qualche modo equivalente ad un corretto uso della forchetta a tavola, bisogna riconoscere che la velocità con cui si è incivilita l’amministrazione del personale è stata più che discreta: la forchetta impiegò cinque secoli per entrare stabilmente nelle consuetudini degli europei.
D’altra parte, se la velocità è stata inferiore alle attese degli amministrati, anche
loro dovrebbero recitare il mea culpa, perché non può dirsi che si siano sforzati troppo per imparare che, se i diritti non vengono interpretati con l’auspicabile ragionevolezza, possono incentivare una condotta irresponsabile. Così, per esemplificare, non
giova certamente ad intensificare i ritmi dell’evoluzione usare abitualmente a fini privati il telefono aziendale, riportare false annotazioni sui fogli di presenza, svagarsi viaggiando in Internet; a prescindere dall’esistenza di un danno reale per l’azienda.
164
Da costo a risorsa - Attività produttive e protezione dei dati personali
Non me la sentirei, invece, di sostenere che dovrebbe recitare il mea culpa anche il sindacato, come se le carenze od i limiti riscontrabili nelle politiche sindacali
in difesa della privacy fossero interamente riconducibili a negligenza, disimpegno
od altro. Il fatto è che le aggressioni più lesive della dignità del debitore di lavoro
hanno ben altra natura – più rozza ed elementare – e occorre pur stabilire un ordine di priorità: tutto e subito non si può ottenerlo. Per questo, gli stessi sindacati che
contestavano la pratica delle perquisizioni personali degli operai all’uscita dagli stabilimenti, senza pretendere troppi riguardi, nell’arco degli stessi anni premevano per
sottrarre all’imprenditore la licenza di licenziare, negoziando importanti accordi che
prevedevano la sanzionabilità dei licenziamenti privi di giustificato motivo. Come
dire che la clausola collettiva abilitante alle perquisizioni era ed è valutabile non già
come una testimonianza della loro opportunità o addirittura della loro indispensabilità per prevenire furti, bensì come un indicatore empirico che permetteva di misurare il cammino che restava da percorrere per civilizzare il clima aziendale.
Ciò non toglie che carenze o limiti esistessero nelle politiche rivendicative in
materia. Ma, proprio per questo, è documentabile che il loro superamento è stato
agevolato e accelerato dalla normativa statutaria che coinvolge e responsabilizza la
rappresentanza sindacale aziendale nella elaborazione di criteri per l’esercizio del potere di controllo idonei a contemperare contrapposte esigenze che, pur non essendo
equi-ordinate, aspirano alla massima realizzazione contestuale possibile.
Per quanto significativa, l’esperienza generata dalle norme che subordinano la
liceità del controllo sulla persona dei debitori di lavoro ad una previa codecisione
collettiva ha dimensioni minuscole al confronto con quelle che assumerà l’attuazione della legge 146/1990 sullo sciopero nei servizi pubblici essenziali. In entrambi i
casi, la qualità degli interessi in gioco e della loro mediazione è identica: in entrambi i casi, il sindacato dispone di diritti della personalità dei propri rappresentati allo scopo di garantirne la fruibilità nel quadro di un passabile equilibrio col godimento di diritti costituzionalmente riconosciuti a terzi.
Se la legislazione limitativa dello sciopero non ha dato buona prova nei settori – trasporto aereo e ferroviario – senza la preesistente turbolenza sindacale dei
quali il legislatore non si sarebbe probabilmente mosso, è tuttavia inconfutabile
che, nel restante mondo del lavoro dipendente, il suo rendimento è stato e continua ad essere elevato.
A questo proposito, vorrei dissuadere i più zelanti a non andare a caccia di meriti e demeriti per stilare pagelle. L’operazione non è interessante quanto ci terrebbe
ad apparire. Senz’altro più proficuo è riflettere sul dato, anch’esso inconfutabile, che
l’autorità amministrativa indipendente a cui spetta pilotare l’attuazione della normativa, e che in ragione della sua pluri-funzionalità è un punto di snodo cruciale
delle procedure prescritte per produrre e far osservare le regole del conflitto nel ter-
Umberto Romagnoli - Privacy e rapporti di lavoro
165
ziario, da sola non sarebbe mai riuscita a generalizzarne la metabolizzazione da parte dei loro destinatari.
L’apporto del sindacato per aiutare la legge a superare le comprensibili difficoltà di acclimatazione è stato determinante.
Finora, invece, non può dirsi la stessa cosa con riferimento alla legge 675/1996.
Il suo impianto è eminentemente individualistico.
Si direbbe che i suoi autori abbiano voluto mantenersi fedeli al principio di
realtà caro a Roman Jakobson, il linguista, secondo il quale la parola formaggio non
ha senso alcuno per chi non ne ha mai assaggiato in vita sua. Insomma, non si può
né si deve parlare se non di ciò che si conosce: il che è sacrosanto. Può darsi, devono aver pensato nonostante tempestivi e autorevoli richiami, che i singoli possiedano un’apprezzabile capacità di autodeterminazione informatica e siano in grado di
fronteggiare le insidie che il progresso tecnologico reca alla loro personalità: certamente, devono aver pensato, più del sindacato. Coerentemente, devono aver giudicato una forzatura prevederne interventi nei processi decisionali attinenti all’introduzione e alla gestione di sistemi automatizzati per la raccolta e l’uso di dati di carattere personale dei dipendenti: sarebbe come aspettarsi consigli affidabili sul sapore del formaggio da parte di chi ne sa poco o quasi niente.
Se, come credo, questa è una delle chiavi lettura della legge in parola, è agevole stabilire la paternità del suo imprinting culturale. Essa risale ad un’opzione di politica del diritto mirante non tanto a sottostimare il ruolo del sindacato quanto piuttosto ad offrire una rappresentazione deformata del mondo del lavoro. Si è ritenuto cioè che la privacy sia il pregio o il tic di un angolo di mondo del lavoro popolato da minoranze privilegiate e, presumendo anche per questo che sarebbe stata sufficiente un’istituzione centralizzata di sorveglianza, il sindacato non possa stazionare se non nelle smisurate retrovie dove il bisogno primario di un lavoro decente è
soverchiante.
È questo soprassalto di pauperismo, che sa di grottesco nel contesto di una società evoluta, a pregiudicare e compromettere l’efficienza operativa di una legge a cui
gioverebbe il contributo del medesimo esponente della cultura della prassi che lo statuto dei lavoratori aveva sollecitato ad attivarsi su di una tipologia di questioni strettamente affini. E ciò accadeva proprio mentre il divieto statutario di controlli sulla
persona di fatto si era svuotato per conto suo e, contemporaneamente, era stato relativizzato dalla dilatazione del concetto di privacy per cui da una garanzia di riservatezza dell’individuo mediante il blocco assoluto delle informazioni si transitava alla ricerca dei mezzi per mantenere il controllo su di esse e la loro circolazione. Pertanto, l’espulsione del sindacato dal circuito “persona-informazione-circolazionecontrollo”, per dirla con Stefano Rodotà, costituisce una incoerenza di sistema che
nessuna scaltrezza interpretativa dell’obsoleta normativa statutaria può sanare.
166
Da costo a risorsa - Attività produttive e protezione dei dati personali
Si obietterà che la legge del 1996, se non prevede un preventivo confronto sindacale sulle ragioni e modalità di raccolta e trattamento dei dati personali, nemmeno lo preclude. Ma l’argomento è fragile, perché qui più che altrove appare necessaria una misura legislativa promozionale dell’intervento sindacale; un po’ perché la
reattività del sindacato non è, come si è visto, in rerum natura e un po’ perché i rapporti di forza possono non favorirla.
Antecedenti normativi in Europa non mancano. Gli stessi vertici della Comunità trasmisero nel 1989 un input per introdurre “una tutela più articolata di natura collettiva”. Ma l’indicazione non ebbe seguito sul piano della progettazione legislativa. Come dire che si è sciupata un’occasione. E non solo per restituire alla ratio
della normativa statutaria la perduta incisività, e al tempo stesso allargarne il cono
di luce, e dunque per stuccare le crepe emerse a livello sistemico, ma anche per arricchire una cultura delle relazioni industriali la cui articolazione binaria – o contrattazione o conflitto – fa tenerezza.
In effetti, poiché le esigenze di tutela della privacy insorgono soltanto in azienda e qui si manifestano in termini che si rinnovano continuamente, il metodo più
adeguato per affrontarle e soddisfarle non può essere quello dell’eteronomia regolativa. L’incessante quanto imprevedibile dinamismo evolutivo dell’informatica applicata all’organizzazione del lavoro si è incaricato di dimostrare che scarse sono le capacità di dominio della materia da parte della legge e perciò anche da parte della
contrattazione collettiva che ha imparato da un pezzo a mimarne le movenze. Il metodo preferibile è quello meno sordo alla richiesta di “meccanismi omeostatici”, come li chiama Stefano Rodotà, “che consentano al diritto di evitare un destino che
contraddirebbe la sua stessa natura: divenire da strumento di ordine elemento di
disordine, generatore e non più risolutore di conflitti, per l’allontanarsi dalla realtà
delle sue regole”.
Una tecnica del genere, però, non è stata ancora individuata e messa a punto
con la precisione desiderabile. Per questo, in vista dell’avvento di una seconda generazione delle norme sulla protezione dei dati personali, avanzerei faute de mieux
la proposta di sperimentare il metodo della partecipazione imperniato su organismi
collettivi di rappresentanza.
L’originalità della proposta è assai limitata. Essa risiede unicamente nella modulazione dell’intervento sindacale. Infatti, a sostegno di quest’ultimo si è già pronunciata, non senza qualche dissenso, la giovane, ma agguerrita, dottrina che si è
occupata del tema negli ultimi anni adducendo numerose motivazioni tra le quali
quella che mi persuade di più attiene alla necessità di frenare lo slittamento degli atti di disposizione delle informazioni concernenti la persona del lavoratore nell’orbita della logica proprietaria di cui è paradigmatica la valorizzazione del consenso individuale che, liberamente prestato e corredato da congrue informazioni, viene ele-
Umberto Romagnoli - Privacy e rapporti di lavoro
167
vato a pilastro dell’intera impalcatura legislativa. Una logica che, oltretutto, mi sembra singolare voler accarezzare e premiare nella medesima unità spazio-temporale in
cui se ne teorizza la caduta: infatti, se è diventata un’eresia con riferimento al posto
di lavoro, con riferimento ai dati personali non è che il riflesso di una ideologia nel
senso di falsa coscienza.
Se a Stefano Rodotà quella del consenso individuale per autorizzare il trattamento dei dati personali appare, giustamente, “una via di mezzo tra regulation e deregulation”, non si può negare che la proposta di declinare in chiave partecipativa
il sistema di tutela della privacy nei rapporti di lavoro tende a renderla meno insicura: il consenso individuale resterà essenziale; ma sarà un po’ più libero e un po’
più informato.
Onestamente, però, non credo che l’aggiustamento di ottica qui indicato come preferenziale renda più attraente la proposta. In Italia, la partecipazione non è
ancora uscita dall’ambiguità. Non corrisponde ad una linea di politica del diritto
che possa svolgersi in maniera trasparente. Si fa, ma non si dice.
Ostacolata dai veti di imprenditori ai quali la massima di ragion pratica “nel
dubbio, consultarsi” non suggerisce nient’altro che l’idea di una deplorevole abdicazione di ruolo, incontra resistenze anche da parte di un sindacalismo restio a
schiodarsi dalla “presunzione di autosufficienza” pan-contrattualistica di cui parla
Aris Accornero.
Viceversa, il management più moderno sa che, per ogni momento di contrattazione, ce ne dovrebbero essere cento di consultazione e un sindacato consapevole che
un glorioso passato non è di per sé garanzia di un luminoso futuro dovrebbe sapere
che “codeterminare non è contrattare. E’ una questione di skill”. Di competenza tecnica. Di stile professionale. “Chi sa contrattare non è detto che sappia cogestire”.
168
Da costo a risorsa - Attività produttive e protezione dei dati personali
Privacy in the Employment Context
Umberto Romagnoli(1)
1. Starting from the beginning is always useful. At times, it is actually necessary – like in this case.
The workers’ statute had not yet been passed and rumours already had it that
this thing with rights had gone too far – meaning not only collective rights, but also, above all, personal rights: by favouring a morbid fondness for individual freedom,
reckless behaviours would be encouraged. These rumours became commonplace and
– as is the case with all items in this category – proved capable to subvert the laws of
biology. It is well known that commonplaces are born, grow and never die.
Foreseeing that businesses would be flooded by the anarchist and libertarian
views based on the “everything is permitted” principle was not much more realistic
than it had been in the past. Still, this forecast was taken seriously by the laudatores
temporis acti - those praising the past – as a way to cut the ground from under the
feet of those protesting against a business culture that was allegedly characterised by
the entrepreneurs’ overwhelming authoritarian power.
Luckily, time happens to do us a good turn every now and then. Thus, nowadays when not even the most cultured young mothers are aware of the theories put
forward by such paediatricians as Dr. Spock, teenage children no longer read the
books written by Marcuse and other philosophers and their fathers – working as legal professionals – have stopped getting high on considerable doses of alternative
law, it is high time we acknowledged what very few people thought at that time –
even though it was true. Indeed, the truth is that whenever moralistic catastrophism
meets apologetical triumphalism, dramatisation reaches its climax and one ends up
failing to realise that one can be to the right or left of any and every thing – apart
from common sense.
This is why counteracting a partial, factious view by an equally partial, factious
view would be worse than useless – whilst in those days it was the toll required by
the circumstances resulting from a period of overheated debates, which was poisoned by senseless vindication impulses. One can perhaps suggest that the tireless
fighters should accept starting from a shared assumption – namely, acknowledging
that the legal recognition of individual freedoms in the workplace is not to be emphasized excessively, either by left-wing or by right-wing supporters.
The milieu was as good as it could get – this is well known. Still, even the bestgrounded criticism to juridification should have been preceded – in order to be re(1) Bologna University - Italy
Umberto Romagnoli - Privacy in the Employment Context
169
ally convincing – by the search for the adjustments required in order to justify the
decision of laying down no formal rules. Similarly, jubilation for the passing of legislation, though understandable, should not have been self-satisfied (and self-satisfying) – so much so that it gave rise to the belief that being entitled to do a certain
thing did exempt, in itself, from being the subject of reproach.
It is no mere chance that a charismatic trade union leader felt the duty – by
defying misunderstandings and opposition – to warn those “comrades who jealously ward certain conquests as if they had a treasure to keep inside a coffer, without
realising that they are mounting guard at a heap of ashes”.
It was the year 1978, one of the darkest years in the most difficult crisis that
gripped Italy in the aftermath of WWII, and the heap of ashes consisted, in the first
place, of the provisions included in the Workers’ Statute concerning privacy protection.
Major Italian dailies worded their headlines like this: “Is It, the Workers’
Statute, the Source of Absenteeism and Violence?” – thereby conveying the information that laws protecting confidentiality actually encouraged lazybones to request sick leave, or could be used to hide support for and/or assistance to armed terrorists. Indeed, the provisions abolishing factory physicians or prohibiting investigations on employees’ opinions and private life came to be the subject of mistrust,
and those legal scholars that had supported the spreading of views according to
which personal rights enshrined in constitutional instruments should be recognised
as having universal value, and therefore should be applicable to contractual relationships as well, chose to pursue their meditations in silence.
Luciano Lama, leader of the left-wing Cgil trade union, could not share this
stance, and reacted. He reacted with the same energy shown by his successor a quarter of a century later in rejecting the proposal put forward by a centre-right government – i.e. re-defining the safeguards applying to insiders to benefit outsiders.
He construed this proposal exactly as a Nobel Prize economist would do, that is to
say, as an excuse for paving the way – in Robert Solow’s opinion – to the attempt
at “strengthening entrepreneurs rather than insiders”.
Mr. Lama therefore took publicly stance via a lengthy interview to la Repubblica daily, in which he used words I have always regarded as most suitable to effectively divulge the concept that the relationship between employment and citizens
shows the same instability as that between a boat and an elephant – since the freedoms of citizens as employees should be reconciled with freedom of enterprise.
Indeed, if businesses are the places where the cumulative effects of inequalities
are most visible – because they get concentrated, become the focus of attention, are
made harsher – they are, at the same time, the places in which reducing such inequalities is most difficult and eliminating them is as good as impossible, which is
shown by the century-old history of employees’ co-operatives. This is why the work-
170
Da costo a risorsa - Attività produttive e protezione dei dati personali
ers’ statute has undoubtedly downsized businesses’ power by rationalising it and setting forth procedural rules, but it could have never allowed eliminating such power – much to the chagrine of the veterans of the fights waged in the “hot autumn”
of 1969, who could only accept maximalist interpretations such as to stretch the
provisions in the statute to their utmost degree. In fact, Parliament could no longer
accept that the boundaries of businesses’ power should consist in its serving exclusively the purposes of production; rather, exercise of that power was to take account
of all the values, including non-pecuniary and extra-contractual values, that have
been conferred on employment by the drafters of our Constitution.
“The leading concept of the workers’ statute” Luigi Mengoni wrote, “is that
the technical and manufacturing organisation of businesses should be modelled after man, rather than the other way round” – to the wide extent that inclusion into
a business of an individual that is required to work inside it as an employee is to be
attached juridical importance, being the source not only of obligations to behave in
line with the requirements of the specific organisation, but also of the right to get
protection against threats to freedom, dignity and safety. That is to say: the workers’ statute was a challenge rather than a reformation. A challenge that legal, economic and trade-union actors could only lose or win together.
Did they make it?
Obviously, I am not going to intimate that they did not reach cultural maturity and professional skills such as to be equal to those expectations. It is simply that I
believe this challenge to go on – in fact, it will never end, partly because the individual dimension, though pivotal, is the remotest component among those making
up the employer-employee relationship, and partly because, to quote Gérard LyonCaen, employment law “c’est Pénélope devenue juriste”. Therefore, if someone asked
me to list the noble, generous ideas I was seduced by as a youngster, I would not be
ashamed to refer, in the first place, to the concept that business constitutionalism was
the path to be followed by the inhabitants of the business-planet in order to attempt
healing the fracture that is splitting citizens in two. Indeed, citizens are entitled to
participate in governing the polis at least when they enter a polling station, whilst in
the capacity of employed producers they may be denied by others the possibility to
exercise the rights resulting both from the social contract and from their professional and/or citizen status – so that they take on capite deminuti features.
However, I have learnt that one should be idealist without delusions. There is
always someone or something managing to unweave the cloth – even unwillingly.
A typical example is provided by the accelerated obsolescence of the legal safeguards applying to employees’ privacy that has resulted from technological innovations. These innovations are neutral in themselves, as shown by the casual nature of
the distortions they have produced: at times they may impinge on lawful monitor-
Umberto Romagnoli - Privacy in the Employment Context
171
ing powers, at other times they actually weaken the defence afforded to the monitored parties.
Thus, in order to start from scratch every time, you do need the stubbornness
that is a feature of the employment law as developed in the course of the 20th century. But you also need its humility. Indeed, it is not accurate to state that the development of employment law has ever been characterised by unprecedented
achievements, dramatic U-turns and final solutions. In fact, this development is
characterised historically by micro-discontinuities especially with regard to the legal
entities contemporaries usually refer to as freedom rights recognised to employees
as individuals.
It is a mistake to believe that all mortals can be aware of what some of us apparently can hear quite clearly – doors slammed with violence. The door of pre-industrial society is being closed, whilst the door of the industrial society is ajar. The
door of fascist corporativism is closing – although it seemed as if it would never be
closed – and the door of the democratic constitution is opening – whereas it seemed
as if it would never be opened. The door of post-industrialism is closing – in fact,
it has never been opened (or closed) completely – and the door of post-modernism
is opening on nobody knows what.
Things have gone and are going differently.
The tremors due to the earthquakes referred to by historians and experts in
constitutional law do not propagate as lightning to the individual dimension of the
employer-employee relationship. Indeed, they are quite likely to arrive there in a
much-softened fashion. On the other hand, in crossing the engine room nobody
manages to understand what pieces the orchestra is playing to entertain passengers
on a cruiser. Perhaps one is not interested in understanding it.
In short, individual labour law is shy of innovation – especially as regards sudden or deep-ranging innovations – and changes slowly also to prevent the epochmaking transformations described in schoolbooks from unbalancing a social relationship that has a founding value for the existence of ordinary people. You may find
it pitiful or be incensed by it; still, it is a fact that here, the rule of law is realized in
a manner that tends to get confused with an endless story, whose main characters are
too puny and too lonely in order to prove less ready to adjust to the advancing innovations than are individuals seeking solutions that are compatible with the existing circumstances – which are felt to be an objective, non-modifiable reality. To
quote André Gorz, “individuals wish what they can get under the existing circumstances, rather than what they might only get under different circumstances”.
It should also be considered that individual labour law has formed, from the
start, an integral part not so much of statutory civil law, but of its conceptual categories and reference items.
172
Da costo a risorsa - Attività produttive e protezione dei dati personali
Indeed, it has been developing on the margins of an empire in a semi-clandestine fashion, at the barely perceptible speed of a glacier: private law does not accept
the performance of work by employees to be outside the scope of its regulatory
power, and therefore intends to make its rules immune against the viruses spread by
external events.
However, private law scholars colonizing this sector of knowledge took for
granted what could not be. They assumed that modern capitalism would indefinitely rest on a pinpoint – i.e. individual labour contracts – and that the collective
configuration industrial evolution was conferring under many respects on the contractual relationships applying to the exchange between work and wages would only remain marginal within the juridical debate. Actually, those scholars also took for
granted that the 1948 Constitution would prove ininfluential.
This issue has been debated more than enough by law historians and should
therefore be talked off. I am only mentioning it to stress that the legal culture of the
‘50s was such that labour law scholars – including the staunchest supporters of corporativism – felt as ill at ease as private law scholars did when faced with the text of
the Constitution. This uneasiness was translated into the arbitrary depletion of the
circumstances that juridical analysis should take into account. In fact, they would
have liked labour law to remain inside the boundaries of economic transactions, although they protested, at the same time, against this persistent seclusion. But then,
the workers’ statute was passed, and those boundaries were broken.
2. It was exactly with regard to the employer-employee relationship that
the need for safeguarding individuals’ privacy was first considered within
Italy’s legal system.
However, not everything did begin with the workers’ statute.
Philipp Lotmar first remarked sympathetically, in his pioneering exploration of
the yet virgin land of collective bargaining, that the clauses aimed at ensuring that
workers would be treated respectfully included the prohibition for masters to address them familiarly. That is to say, the great pre-Weimarian law scholar perceived
that regulating personnel management often means juridifying good manners.
Therefore, if it is acknowledged that respecting employees’ privacy during and
outside working hours is somehow equivalent to properly using forks when eating,
it should also be acknowledged that personnel management has been civilised at a
more than moderate speed: it took five centuries for forks to become a staple item
of European cutlery.
On the other hand, if the managed personnel believe that speed to have been
lower than expected, perhaps they should also assume their own responsibilities; in-
Umberto Romagnoli - Privacy in the Employment Context
173
deed, they cannot be said to have made many efforts to learn that rights may encourage reckless behaviour if they are not construed as reasonably as is desirable. For
instance, making private phone calls from one’s office, making false statements as to
the clock-in time or having a good time by surfing the Internet are all but conducive
to a quicker pace of evolution in this sector – regardless of the damage this may actually cause to a business.
Conversely, I would not go as far as maintaining that trade unions should also
assume their own responsibilities – as if the gaps and/or limitations affecting trade
union policies with regard to privacy protection were exclusively due to their negligence, non-committal conduct and so on. In fact, the most damaging attempts on
employees’ dignity are of a totally different nature: they are much rougher, much
more elementary in nature, and a priority order is to be defined. One cannot get all
and all at the same time. This is why trade unions, on the one hand, endorsed body
searching of employees exiting from plants without requesting too many safeguards,
whilst in those same years they exerted their pressure to prevent employers from
having the power to fire their employees by negotiating important agreements under which unjustified firing was to be punished. That is to say, the collective agreement enabling searches was and is to be regarded not so much as proof of their being appropriate or even necessary to prevent theft, but rather as an empirical index
that could allow appreciating the stretch of road yet to be followed in order to civilize the business environment.
This does not mean that there were no gaps or limitations affecting the policies
implemented in this field. However, it can be shown that exactly for this reason they
could be overcome more easily and expeditiously by means of the workers’ statute,
which provides that trade union representatives should participate in and be responsible for setting out criteria applying to the exercise of control powers in such a way
as to reconcile opposite requirements – which, though of different rank, both strive
to be complied with to the widest possible extent under the given circumstances.
Though significant, the experience gathered through the provisions under
which employee monitoring is only allowed on the basis of a prior collective decision-making procedure is puny compared with that related to implementation of
Act no. 146/1990 – concerning strikes in the public facilities sector. In both cases,
the quality of the interests at stake and their balancing is the same: in both cases,
trade unions may make use of their members’ personal rights in order to ensure that
they can be exercised by striking an acceptable balance with the exercise of rights
that are granted to third parties by the Constitution.
Whilst the provisions limiting the right to strike have not proven especially effective in those sectors – air and rail transport – whose prior turbulence in tradeunion terms was probably the reason prompting Parliament to take steps, it cannot
174
Da costo a risorsa - Attività produttive e protezione dei dati personali
be denied that they have been and are still quite beneficial in the remaining employment sectors.
In this regard, I would like to discourage the most zealous among you from
pinpointing pros and cons to get a final score. This activity is not as interesting at
it might appear to be. Definitely more fruitful considerations can be made as regards the fact – unquestionable in itself – that the independent administrative authority in charge of supervising implementation of those provisions, which is a key
reference point on account of the multiple functions discharged in connection with
the procedures that must be followed to lay down and ensure compliance with the
relevant regulations in the tertiary sector, could have never managed by itself to have
those procedures accepted by all the entities concerned.
Trade unions gave a fundamental contribution towards helping the legislation
to go unscathed through the – understandably difficult – acclimatation phase.
Conversely, this has not been the case so far with regard to Act no. 675/1996,
whose structure is in essence individualistic.
One could argue that the drafters of this Act tried to abide by the reality principle so aptly described by the linguist Roman Jakobson, who remarked that the
word “cheese” is meaningless for someone who has never tasted cheese in his life. In
short, one can and should only talk of what one knows – which is unquestionable.
In spite of timely, authoritative objections, they must have thought that individuals
are likely to be gifted with considerable informational self-determination and are
probably capable to cope with the dangers for their personality resulting from technological development – to a greater extent than trade unions, in any case. Consistently with this stance, they must have considered that it would be inappropriate to
provide for involving trade unions in the decision-making concerning deployment
and management of automated system to collect and use employees’ personal data.
It would be as if one expected to get reliable advice on the taste of cheese from
someone who knows as good as nothing about cheese.
If, as I believe, this is one of the ways to construe the Act we are considering
here, its cultural imprinting can be easily traced. It is related to a law policy perspective that is focussed not so much on the underestimation of the role played by
trade unions, but on a distorted view of the labour sector. It has been considered,
in short, that privacy is a benefit and/or the hobby-horse of a small portion of the
labour world, which is inhabited by privileged minorities, and that trade unions can
only be stationed among the huge rearguards where the primary need for a decent
job is the prevailing interest – which also accounts for the idea that a single, centralised supervisory authority would be enough.
This pauperistic component, which sounds absurd within the framework of an
advanced society, did jeopardise and negatively affect the operational effectiveness of
Umberto Romagnoli - Privacy in the Employment Context
175
a law that could only profit from the contribution of an entity – the trade union –
called upon by the workers’ statute to take steps in respect of closely related issues.
This happened just when the statutory ban on monitoring of individuals was losing
its force – of its own accord – and, at the same time, was being re-defined as to its
scope following the expansion of the privacy concept. The final result was a shift
from the attempt to safeguard personal privacy by blocking all kinds of information
to the search for means allowing control over information and its circulation to be
retained. Therefore, expulsion of trade unions from the individual-information-circulation-control chain, to quote Stefano Rodotà, is a system inconsistency, which no
technicalities in construing the outdated statutory provisions will be able to amend.
One might argue that the 1996 Act does not provide for previously seeking the
trade unions’ opinion as to the purposes and arrangements of the collection and
processing of personal data, but it does not prevent these steps from being taken.
However, this objection is poorly grounded, since in this case, more than in any
other case, a legislative measure appears to be necessary in order to promote trade
unions’ participation – partly because trade unions’ reactivity is far from being immediate, as described above, and partly because such reactivity may not be promoted by the existing power configuration.
There is no dearth of regulatory precedents in Europe. Ever since 1989, Community leaders gave an input aimed at laying down “more detailed protection of
collective nature”. However, this invitation did not produce any effects in terms of
legal drafting – that is, an opportunity was wasted not only to restore the effectiveness of the relevant statutory provisions and simultaneously enlarge their scope of
action, by plastering the cracks that had appeared in the structure, but also to expand the culture of employer-employee relationships, whose binary configuration
(negotiate or fight) is almost endearing.
Indeed, since privacy protection requirements arise in a business and manifest
themselves in ever-changing ways, the most appropriate means to address and cope
with them cannot consist in regulations adopted elsewhere. The unceasing, unforeseeable evolution dynamics of computer science as applied to labour organisation
has shown that the law – and therefore, collective negotiation, which has learnt to
mimic legislative evolution quite closely – is scarcely capable to keep this matter under control. The most preferable approach is one that is less indifferent to the demand for “homeostatic mechanisms”, to quote Stefano Rodotà, “allowing law to escape a destiny that would be in conflict with its very nature – i.e. turning from a
tool bringing about order into an agent of chaos, which gives rise to conflicts without solving them, on account of the widening gap between its rules and reality”.
However, such a technique has not yet been identified and developed with the
required precision. This is why, pending the adoption of second-generation person-
176
Da costo a risorsa - Attività produttive e protezione dei dati personali
al data protection regulations, I would put forward, faute de mieux, the proposal of
testing the method based on participation via collective representational bodies.
Originality of this proposal is quite limited. It only consists in modulating the
contribution to be given by trade unions. Indeed, the latter has already been supported – though amidst a few dissenting opinions – by recent jurisprudence dealing with this issue. The reasons underlying this stance are of many different kinds,
but the one I find most convincing has to do with the need to counteract the trend
by which assignment of the personal data concerning employees is falling progressively under the scope of proprietary law – as shown by the emphasis put on the individual’s consent, which has been turned into the pillar of the whole legislative
framework on condition that it is given freely and on the basis of suitable information. Actually, I find it rather puzzling that one should endorse such an approach
exactly at a time when it is considered to be on the wane. Whilst it has come to be
regarded as heresy with reference to the workplace, it is but the reflection of an ideology – i.e. of bad conscience – in respect of personal data.
Stefano Rodotà has aptly said that authorising the processing of personal data
through the individual’s consent is “halfway between regulation and de-regulation”;
one cannot deny that the proposal to enhance participation mechanisms in devising privacy safeguards for the employment context serves the purpose of making
such protection more secure: individuals’ consent will remain fundamental, but it
will be somewhat freer and more informed.
Honestly, I do not believe, however, that adjusting the viewpoint in the way I
have referred to as the most suitable one will make the proposal more appealing. In
Italy, participation is still the province of ambiguity. It does not correspond to a law
policy that may be waged in an open manner. Such things are done, but they are
not mentioned.
It is hindered by the vetoes of entrepreneurs, for whom the rule of thumb saying that “when in doubt, consult” only means a regrettable waiver of their power;
it is also meeting with the opposition of some trade unions, which are unwilling
to get rid of the pan-contractual “self-sufficiency assumption” mentioned by Aris
Accornero.
Conversely, modern managers know that for each negotiation there should be
hundreds of opportunities for consulting with the other parties; a trade union being aware that a glorious past is no guarantee, in itself, of a bright future should also know that “co-determining does not mean negotiating. It is a matter of skill”, of
technical know-how, professionalism. “Who can negotiate is not necessarily capable to co-manage”.
Umberto Romagnoli - Privacy in the Employment Context
177
Privacy and Technological Innovation
Helmut Bäumler (1)
Contents: 1. The Starting Point – 2. From Technological Scepticism to Privacy Enhancing Technologies – 3. The Legislative Response – 4. Data Protection Audit and IT
Quality Seals – 5. Market Economy and Data Protection – 6. A Revolutionary
Change – 7. Future Tasks of Data Protection Authorities – 8. Outlook for Data Protection in Europe
1. The Starting Point
It is no exaggeration to say that the relationships between data protection and
information technology were all but easy at the beginning. In fact, it is perfectly correct to see data protection as an answer to the challenges and risks resulting from
computerisation in many different sectors. There are actually those who consider the
most serious threats to the private sphere to derive from information technology in
itself, so that one should not wonder that privacy watchdogs are often accused of regarding computers as the real public enemies. This has eventually lent technologyunfriendly features to the image of data protection, which would allegedly attempt
to hinder any developments. Conceiving of data protection as mainly an obstacle to
technological progress does not make it a palatable issue; moreover, this type of approach cannot but oblige privacy watchdogs to play the role of people who can only react to technological development without being able to influence it. In competing with information technology, data protection appears to be bound to be the loser because it has to cope with new technological variations – meaning new challenges
for the protection of private life – immediately a problem is solved. On the whole,
data protection has been allotted a very bleak role from this viewpoint.
2. From Technological Scepticism to Privacy Enhancing Technologies
However, another approach has been receiving increased favour for the past few
years in data protection circles. It does not consider technology to be the main enemy of data protection; in fact, it seeks to determine whether privacy might be effectively protected with the help of information technology – maybe even better so than
with the help of conventional methods. This attempt has immediately shown that
information technology tends to turn from a threat into an ally of data protection.
The significance of such Privacy Enhancing Technologies (PET) was highlighted for
(1) Unabhängiges Datenschutzzentrum Schleswig-Holstein
178
Da costo a risorsa - Attività produttive e protezione dei dati personali
the first time in 1995 by the then Vice-President of the Dutch Registratiekamer, Mr.
John Borking, during the international data protection conference in Copenhagen.
Since then the issues related to development, promotion and use of PET have been
a permanent feature of the international data protection debate.
A typical example of PET is provided by encryption techniques, which allow
securing personal data against unauthorised access. However, other technical means
for restricting access, the automatic logging of accesses and changes, the application
of data minimisation and data avoidance principles to technical design and other
technical features are so many examples of the possibility to cope with data protection issues by means of technology. It is immediately evident that PET integration
into the data protection concept allows viewing information technology in a completely different perspective. Regarding computers as allies rather than enemies of
data protection can open up wholly new paths.
3. The Legislative Response
Lawmakers have also realised that PET are an issue to be taken into account in
data protection legislation. The European Data Protection Directive is actually relatively non-committal in respect of technical issues; its Article 6(1e) provides that
data should be made anonymous as early as possible, whilst under Article 17 appropriate technical and organisational measures are to be taken to protect personal
data against accidental and/or unlawful destruction, accidental loss, unauthorised
alteration, disclosure or access “and against all other unlawful forms of processing
of personal data”. In this context, information technologies are mainly regarded as
a “conservative” tool to ensure enforcement.
A step forward was made in 1997 by Germany’s Computerised Services Data
Protection Act, whose section 3(4) expressly required providers of computerised
services to pursue the objective of collecting, processing and using either no personal data or as little personal data as possible in configuring and selecting technical equipment. Therefore, Parliament took account for the first time not only of the
way in which processing operations were organised, but also of the selection and
configuration of technical equipment itself. The underlying reasons can be easily
understood when considering the core provisions of the above Act in Germany.
They include data minimisation, data avoidance and the obligation to enable
anonymous and/or pseudonymous access to the Internet by users. A similar provision has been also included meanwhile into the general Federal Data Protection Act,
whose Section 3a) also concerns configuration and selection of data processing systems. On the other hand, the underlying assumption consists in the development
and availability of data processing systems with the above features, as well as in the
H e l m u t B ä u m l e r - P r i v a c y a n d Te c h n o l o g i c a l I n n o v a t i o n
179
possibility for managers of information systems to find and identify these products
on the market. Therefore, a fundamental step forward was made in this connection
by the Data Protection Act of the Schleswig-Holstein Region, requiring that the Region’s public authorities should implement, on a priority basis, products whose
compatibility with the provisions concerning data protection and security was established “through a formal proceeding”. Thus, for the first time the use of PET was
not only encouraged from a theoretical viewpoint, but rather made concretely binding in a German data protection law.
4. Data Protection Audit and IT Quality Seals
However, the regulations set forth in Schleswig-Holstein go further by referring to a “formal proceeding” to establish the specific features of a given product in
terms of data protection and security. This has to do with the certification issue,
which is addressed in Section 4(2), second sentence, of the Schleswig-Holstein’s data protection act: the Regional Government is empowered to regulate, by decree,
contents, configuration and authorisation to carry out “the proceeding”, i.e. the certification of IT products. The above decree has actually come into force, therefore
it can be stated that in Schleswig-Holstein the introduction of IT seals for data protection is fully regulated.
More specifically, the Schleswig-Holstein’s model envisages a two-step proceeding. Manufacturers and/or providers of an IT product can apply to an auditing
body that is certified by the Independent Regional Centre for Data Protection and
have their own product(s) audited. The auditing bodies are evaluated as to their
professional qualifications, reliability and independence before being certified. They
are required to assess and evaluate products in accordance with the criteria developed and upgraded yearly by the Independent Regional Centre for Data Protection.
They will subsequently send their audit report to the Independent Regional Centre
for Data Protection, which will establish its soundness and methodological correctness. If all prerequisites are met, the Independent Regional Centre for Data Protection will grant the quality seal, which is valid for two years and may be renewed following a simplified procedure.
The peculiarity of this model consists in the fact that the Independent Regional Centre for Data Protection – which also acts as supervisory authority pursuant to Article 28 of the European data protection directive – grants the seal as a
public entity of the Schleswig-Holstein region. This is in line with the requests coming from businesses, which preferred the quality seal to be granted under public law
provisions rather than under exclusively private law requirements. Some experience
has already been gathered in respect of this model; auditing bodies have been certi-
180
Da costo a risorsa - Attività produttive e protezione dei dati personali
fied and the first quality seals have already been granted. Work is in progress at federal level as well in Germany to draft an auditing and quality seal act, which is expected to enter into force in the near future.
5. Market Economy and Data Protection
With the establishment of auditing and quality seals as new data protection
tools, a veritable revolution is taking place in the data protection sector, which is
barely visible at first sight but is bound to produce deep-ranging effects and, above
all, new opportunities for data protection. Data protection in Germany as well as
in most European countries is organised according to a prescriptive law scheme. Data protection laws provide for a certain type of conduct to be followed whilst they
ban other types. Any entity failing to abide by the rules is in danger of being punished as provided for by the data protection legislation. In case of an audit, it can
expect to be reprimanded and to have its infringement made public, which sometimes may be harmful for its image and even negatively affect its turnover. Under
specific circumstances, this may even lead to imposition of a fine and/or institution
of a criminal proceeding. However, in Germany as well as in most European countries, data protection authorities are not in a position to carry out blanket controls
on businesses and public authorities – on account of the available human and financial resources. Still, one cannot rule out the possibility of a data protection audit, which is why each enterprise and each authority is to take minimum-level precautions to avoid being pinpointed as a data protection rogue.
What can data protection offer to someone who abides by the relevant provisions, or actually implements a data protection concept that goes much further?
What benefits can he expect? At present, no immediately tangible benefits, since data protection law is currently built after a “negative” pattern – that is to say, it is focussed on detecting infringements, raising criticisms and lodging of complaints.
“Positive” data protection, in which correct data protection approaches are rewarded, is slowly developing. This is why one has the impression that with data protection there is always something to lose and very little to gain. However, if anything
is ever associated with the concept of loss, it is uncommonly difficult to turn it into a success story.
Data protection could benefit from the circumstance that one can get “some”
benefits through it. This is the objective pursued by the introduction of market
economy components into the data protection system. Audits and quality seals are
important tools to achieve that objective. Indeed, they allow businesses that either
implement a correct data protection concept or can offer products in line with PET
requirements to achieve market advantages – which plays a key role in the market
economy system that predominates throughout Europe.
H e l m u t B ä u m l e r - P r i v a c y a n d Te c h n o l o g i c a l I n n o v a t i o n
181
6. A Revolutionary Change
Auditing and quality seals are therefore the founding stones of a new data protection system that is focussed on providing stimuli rather than issuing obligations
and prohibitions. This presentation started with the consideration that data protection must get rid of its technology-hostile approach by turning information technology into its ally. This led obviously to wondering how producers and developers
of IT products can be convinced to design such products in a way that is compliant with PET criteria. Raising this issue means – more or less unavoidably – to address the auditing and quality seals issue, which in turn points to market economy
considerations. Indeed, auditing and quality seals fall undoubtedly under the scope
of the market advantages expected by producers and users of privacy-compliant information technology. Thus, we have ended up unawares being confronted with the
issue of the stimuli, benefits and advantages related to data protection – even
though our starting point was data protection as based on obligations and prohibitions and modelled after a prescriptive policy.
What are the remains of the “old” data protection concept? Undoubtedly we
will need clear-cut, effective data protection laws in future as well – this is actually
the advantage of Europe compared with the Usa. Additionally, the fully independent supervisory authorities referred to in the EC data protection directive may not
be abolished. However, their tasks can become simpler and more practicable if they
have increasingly to do with certified IT products and audited data controllers in
their supervisory activities. Auditing and quality seals could even result, to a certain
extent, into improving their supervision. Customers would pay special attention to
the actual implementation of data protection concepts in respect of products and
services advertising their auditing and quality seals features. One might argue that
probably thousands of customers’ eyes can see better than the eyes of the few professional data protection supervisors. At all events it must be clear that auditing and
quality seals as well as an increasingly market-oriented data protection concept
should not replace the amply tested tools of “traditional” data protection, but rather
supplement them by adding new options.
7. Future Tasks of Data Protection Authorities
The “new” data protection concept will also entail a change in the tasks committed to data protection authorities. In addition to the legal competence, they will
be increasingly in need of technical know-how. The staff structure in their offices
should therefore be modified accordingly. If they do not wish to be directly involved
in issues related to auditing and seals, this will be done by private entities – a very
promising market is about to open in this sector. If data protection authorities in-
182
Da costo a risorsa - Attività produttive e protezione dei dati personali
tend to exert their influence in respect of technical standards, they must address
these issues more intensively among themselves. Meetings and workshops devoted
so far mostly to the exchange of views on legal issues related to data protection
should leave ampler room for technical issues. This is especially important in light
of the fact that law-making remains – as it was the case in the past – mostly a matter for national consideration, whereas technology is per se of transnational nature.
A typical example is provided by the Internet, which operates in the same way in
Rome as well as in Oslo or Moscow.
Regarding the Internet, absorbing Internet’s specific work culture can open up
new ways for data protection authorities to organise their work processes. Many discussions and voting procedures could be carried out via the Internet in future. It will
be considerably easier to process complex work packages in a transnational manner
by a subdivision of tasks. An example is provided by the – already existing – Virtual Privacy Office, which includes most data protection authorities in Germany as
well as those from Canada, Poland, Switzerland, Slovakia and Netherlands. The Virtual Privacy Office is only the beginning of these new developments and can make
available potentialities that will facilitate discharge of the increasingly complex, rapidly changing tasks committed to data protection authorities. The information offer of the Virtual Privacy Office can be accessed on the Internet by visiting the following web site: www.privacyoffice.org
8. Outlook for Data Protection in Europe
Data protection in Europe has made a huge step forward with the adoption of
the EC data protection directive. The directive has resulted into a comparable level
of data protection and transparency for citizens throughout Europe. Still, the EC
data protection directive entails a major drawback in addition to this unquestionably beneficial effect – namely, it takes account of technical issues to a very limited
degree. In principle this reflects the state-of-the-art debate on data protection in the
early ‘90s. Everybody knows that the dynamics of information technology results
into very rapid changes to the framework applying to data protection. Continuously adjusting the data protection directive to technical evolution would be a
daunting task; this is why it could be considered whether a European regulation applying to audits and quality seals might be developed as a first step in addition to
the EC data protection directive. There are ample opportunities for dealing with
these issues in a transnational perspective. The IT market is international and every
single IT manufacturer and provider cannot but be interested in bringing his own
products as much as possible into line with international standards. Should European criteria be laid down for data protection auditing and quality seals, manufac-
H e l m u t B ä u m l e r - P r i v a c y a n d Te c h n o l o g i c a l I n n o v a t i o n
183
turers and developers of new IT products would probably strive to comply with
those criteria. Data protection would come significantly closer to achieving a longcherished objective, i.e. influencing information technology from the start. Data
protection and technological innovation – which are referred to in the title of my
presentation – would thereby go hand in hand. This is quite pleasant as an outlook;
indeed, it sounds so promising that it does make sense to try and make it real.
184
Da costo a risorsa - Attività produttive e protezione dei dati personali
Garanzie e nuove tecnologie
Giuseppe Casadio(1)
Sono consapevole della non adeguata attenzione che la mia organizzazione
(tutto il sindacato) dedica alla specifica e modernissima declinazione della tematica
dei diritti individuali e collettivi dei lavoratori a cui presiede l’autorità di garanzia,
oggetto di questo convegno.
Mi piacerebbe discutere delle ragioni di questa inadeguatezza (quelle indicate
da Paissan mi paiono sommarie). Ma questo spero potremo farlo in un prossimo
incontro da noi organizzato, auspico con il prezioso contributo dell’autorità di garanzia.
Certo è che sul piano della elaborazione siamo poco oltre qualche convegno
sulla normativa di base; sul piano dell’azione sindacale poco oltre qualche sporadica esperienza di contrattazione collettiva in realtà produttive di avanguardia e alla
tradizionale attività di tutela individuale in casi di conclamata discriminazione; sul
piano del pensiero poco oltre la fedeltà ai principi (preziosi) sanciti negli articoli 4
e 8 dello Statuto dei lavoratori e al patrimonio di giurisprudenza che ne è seguito.
Questo vale in Italia, ma, in verità anche in Europa.
Fatti, pur importanti, come la recente, più volte citata, esperienza dell’accordo
sul tele-lavoro o la partecipazione della Ces a qualche audizione finalizzata alla emanazione delle attese direttive comunitarie non possono considerarsi alla stregua di
un impegno sindacale pieno e consapevole.
Per me, per noi, questo incontro, l’invito che il presidente Rodotà ci ha rivolto a prendere la parola sono una sollecitazione che raccogliamo con serietà per una
nostra più diretta partecipazione al farsi del diritto comunitario; per un potenziamento della nostra azione negoziale a livello nazionale e nelle imprese; per elevare la
conoscenza e la capacità di intervento dei nostri gruppi dirigenti.
D’altronde l’organizzazione che qui rappresento ha ben dimostrato in questi
mesi la sua quasi ossessiva fedeltà all’obiettivo della difesa e della espansione dei diritti, individuali e collettivi, delle persone nel lavoro e nella cittadinanza.
E il riscontro di consensi che le nostre iniziative hanno registrato, noto forse
anche agli ospiti stranieri, va così interpretato.
Gli episodi di mobilitazione sociale che hanno contrassegnato i mesi che abbiamo alle spalle non si spiegano con la potenza organizzativa della Cgil; noi abbiamo voluto dare voce ad un altissimo sentimento di dignità delle persone, di rispetto di tutte le differenze, di valorizzazione di tutte le identità, innanzitutto nel lavo(1) Confederazione generale italiana del lavoro
Giuseppe Casadio - Garanzie e nuove tecnologie
185
ro; abbiamo sintetizzato questa volontà in uno slogan di cui abbiamo forse anche
abusato: per i diritti. E questo slogan ha intercettato una enorme disponibilità, un
diffuso sentire (il nesso con le tematiche qui oggi approfondite è evidente).
Ci siamo mossi sul terreno che ci è proprio, quello del diritto sostanziale del
lavoro (anche se questo flusso di sentimenti e aspirazioni, come si è visto, non è recintabile, in una sola dimensione).
Ci siamo mossi con determinazione perché, è necessario dirlo con forza, molte azioni messe in campo da questa maggioranza di governo si proiettano in direzione opposta.
Atti legislativi già adottati e, ancor più, altri più consistenti in via di definizione manomettono in profondità il diritto del lavoro, fino a negare l’esistenza di quella “asimmetria di potere fra le parti del contratto” che del diritto del lavoro, in questa parte del mondo che chiamiamo Europa, è il fondamento teorico e culturale.
Come si potrà dare effettività anche ai diritti individuali già oggi formalmente
sanciti nella L. 300 (e più in generale nell’ordinamento lavoristico) depotenziando
la funzione della rappresentanza collettiva, equiparando il contratto di lavoro ad un
ordinario contratto commerciale?
Eppure ciò è teorizzato nel libro bianco sul Mercato del Lavoro e normato nei
principi del ddl delega sul lavoro in discussione al Senato.
A quali condizioni di fatto (anche inerenti la possibilità di esprimere e praticare i propri convincimenti politici, sindacali, di fede religiosa, di appartenenza a sensibilità e orientamenti civili ed umani) sarà disposto ad acconsentire il singolo lavoratore quando si troverà solo davanti al potenziale datore di lavoro a sottoscrivere le
clausole del proprio contratto individuale? Condivido a questo proposito tutte le
considerazioni testè esplicitate dal Prof. Romagnoli sul ruolo che possono e devono
essere chiamati a svolgere i soggetti della rappresentanza collettiva al fine di dare effettività ai diritti individuali.
E quale soggetto, autorità, istituzione, tutelerà il singolo lavoratore, a fronte di
abusi, se il sindacato si sarà nel frattempo trasformato in una istituzione che dopo
averlo collocato presso quella impresa, ha certificato la congruità di quel contratto
individuale, magari ricevendone in cambio qualche prebenda?
Questo, ancora, prevede il disegno di legge sul mercato del lavoro in via di approvazione.
Queste che sto formulando non sono apocalittiche ipotesi della irrealtà; sono simulazioni fondate nei dispositivi del nuovo diritto del lavoro in fieri oggi in Italia.
Spero di non essere considerato inopportuno e invadente se colgo l’occasione
per lanciare, anche da questa autorevole e qualificata sede un preoccupante grido
di allarme.
Questa grave tendenza regressiva caratterizza la prospettiva contro cui ci bat-
186
Da costo a risorsa - Attività produttive e protezione dei dati personali
tiamo con vigore da mesi, e continueremo a batterci, in ragione, se me lo consentite, delle stesse motivazioni che mi spingono, lo ripeto, a raccogliere con molto impegno la sollecitazione che da qui ci viene ad allargare a nuovi ambiti la nostra azione per i diritti delle persone che lavorano.
Giuseppe Casadio - Garanzie e nuove tecnologie
187
Safeguards and New Technologies
Giuseppe Casadio(1)
I would like to start by saying that I am well aware of the inadequate attention
dedicated by my organisation (and the trade union as a whole) to this specific and
very modern subject concerning the protection of the individual and collective
rights of workers by the data protection Authorities, which is at the basis of this
conference.
I would like to discuss the reasons for this inadequacy (those indicated by
Paissan in my opinion are unsubstantial), but we will do that at the next meeting,
which we are going to organise, I hope, with the invaluable support of the data
protection Authority.
Certainly, as far as any discussion on this subject matter is concerned, we have
hardly gone past some meetings on ground rules; at a trade union level, we have hardly gone beyond some occasional cases of collective bargaining and our traditional activity of individual protection in cases of clear discrimination; on a theoretical level,
hardly beyond our compliance with the (invaluable) principles sanctioned in articles
4 and 8 of the statute of workers and the ensuing relevant heritage of case law.
This is true in Italy, but also in Europe.
Events like the recent, and already mentioned, case of the telework agreement
or the CES participation at some hearing aimed at producing the expected community guidelines, although important, cannot be considered as an exhaustive and
conscientious trade union commitment.
I think that by bidding us to take the floor, Chairman Rodotà has invited us
to participate more directly in developing community law; in fostering our bargaining action at a national and corporate level; in improving our knowledge and
the intervention capacity of our executives.
After all, the organisation I represent here has over the last months effectively
shown its nearly obsessive loyalty to the objective of defending and increasing the
individual and collective rights of the people, as workers and citizens.
And this is how the consent recorded by our initiatives - of which perhaps our
foreign guests are aware - has to be interpreted.
The episodes of social mobilization over these last months cannot be explained
by Cgil’s organisational power; we have wanted to give voice to a high sentiment of
dignity, respect for all discrepancies, enhancement of all identities, especially in the
labour milieu; we have summarised our intent in a slogan, which perhaps we have
also misused, which is: “for the rights”. And this slogan has been widely accepted
(1) Confederazione generale italiana del lavoro - Italy
188
Da costo a risorsa - Attività produttive e protezione dei dati personali
and shared (of course its connection with the subject we are dealing here today is
quite clear).
We have moved on familiar ground, that of labour substantive right (even if
this flow of sentiments and inspirations, as we have seen, cannot be fenced in, in
only one dimension).
We have moved with determination because, and this has to firmly underscored, many initiatives taken by our government head in the opposite direction.
Legislative acts that have already been adopted, and even more those that are being developed now, deeply undermine the labour right, to the extent of denying the
existence of that “asymmetry of power among the parties to a contract” which in this
part of the world called Europe, is the theoretical and cultural basis of labour.
How can we support the individual rights already officially sanctioned by Law
300 (and more in general by the labour system), when the function of collective
representation is being undermined, and labour contracts placed at the same level
as an ordinary trade contract?
And yet this is theorised in the white book on the Labour Market and embodied in the principles set forth in the delegated Decree Law on labour being discussed by the Senate.
On what factual conditions (also inherent in the possibility of expressing and
practising one’s own political, trade union, religious, civic and human beliefs) will
the individual worker agree to when, all alone, he will face his employer and sign
the clauses of his individual contract? I share, in this regard, all the considerations
set forth by Prof. Romagnoli before on the role that trade unions can and have to
be called to play for the purposes of giving effectiveness to individual rights.
And what entity, authority, institution will protect the individual worker when
he suffers abuses if the trade union in the meantime changes into an institution that
after placing a worker in a given corporation, certifies the congruity of the individual contract, maybe in return for some profit?
This, again is what is envisaged by the bill on the labour market that is being
considered.
The things I am saying are not apocalyptic assumptions of an unreal situation;
they are simulations based on the provisions on the labour law in the process of being developed in Italy today.
I hope you will not consider me as inappropriate and intrusive for having
seized this opportunity to launch a concerned cry of alarm also in front of this eminent and qualified forum.
We have been fighting this serious regressive trend for months, and will continue to do so for the same reasons that will urge me to meet the invitation to extend our action in favour of the rights of workers to new ambits.
G i u s e p p e C a s a d i o - S a f e g u a r d s a n d N e w Te c h n o l o g i e s
189
La nuova consapevolezza dei consumatori
Enrico Letta (1)
Io parto da una frase molto importante che ritengo essere il nocciolo dell’intervento che Mauro Paissan ha svolto prima. Quella appunto della logica per cui il
rapporto tra iniziativa economica e i diritti fondamentali deve essere interpretato
come un rapporto di alleanza e non di funzionalizzazione, di trade off. Questo elemento – credo – deve condizionare il ragionamento che oggi noi facciamo sul tema
della privacy, del costo, del passaggio dal costo alla risorsa. In questa prospettiva, la
privacy è certamente un tema nuovo e, come tale, deve obbligare chi si occupa di
vicende economiche ad affrontarlo con una mentalità differente rispetto al passato.
Ma in cosa consiste questa novità? In primo luogo, nella inedita consapevolezza che
contraddistingue negli ultimi anni i comportamenti dei consumatori. Si tratta di un
punto per me centrale, che del resto voi affronterete in modo approfondito domani. Le vicende economiche risultano di certo influenzate da questo nuovo protagonismo dei consumatori, che, attraverso le loro scelte, indirizzano gli andamenti del
mercato e impongono a chi offre i prodotti di tener conto di questo cambiamento
di approccio e di aspettative.
In termini più chiari, oggi i consumatori valutano le politiche di privacy dell’impresa come un elemento discriminante. È un fenomeno non ancora generalizzato – questo è evidente – ma tutti gli indicatori a nostra disposizione configurano
una tendenza ormai consolidata e in qualche modo indiscutibile, perché unilaterale e senza soluzione di continuità. Ciò impone alla generalità degli operatori economici la necessità di tener conto di un nuovo elemento che condiziona gli orientamenti dei consumatori e diventa – ed eccolo il trait d’union con l’iniziativa economica – fattore chiave nel determinare la competitività delle imprese, specie in una
fase in cui alla competizione non ci si può più sottrarre, soprattutto alla luce dell’emergere, su scala globale, di nuovi attori sempre più agguerriti e dinamici.
In questa prospettiva può essere affrontata anche la questione fondamentale
della fidelizzazione del cliente, in funzione della quale il rispetto della privacy diventa una sorta di valore aggiunto, un elemento qualificante nella percezione del
giudizio sulla prestazione di una determinata azienda. Un simile processo vale per
la singola azienda, ma anche per il fenomeno ormai crescente delle multi-utilities,
che vivono del fatto di poter usufruire su più campi e su più settori del concetto per
cui l’informazione sul cliente e il rapporto col cliente è un valore economico. Si tratta – è chiaro – di un elemento nuovo, di straordinaria e fondamentale importanza,
(1) Camera dei deputati - Italia
190
Da costo a risorsa - Attività produttive e protezione dei dati personali
che investe, ad esempio, anche tutto il terreno dell’applicazione delle direttive comunitarie nel campo della liberalizzazione delle public utilities, nel quale con l’on.
Rasi nella scorsa legislatura abbiamo compiuto, mi sembra, un lavoro molto positivo per il Paese. Settore, tra l’altro, nel quale il concetto di informazione, di rapporto con il cliente, diventa un valore economico e spinge l’impresa che fornisce un servizio a ricercare sinergie con altri soggetti, con prevedibili ripercussioni sull’attività
dell’Autorità per la concorrenza, che deve valutare questi sviluppi in termini di concentrazioni e di violazione delle leggi antimonopolio. E questo perché l’impresa che
opera in più settori rischia di trasgredire le regole della concorrenza per ciascun ambito di attività.
Più in generale, la questione si riflette anche su un altro tema cruciale, quale
quello che attiene al marketing. Per chiarirci: il non rispetto della privacy del cliente produce un effetto assolutamente controproducente per l’impresa. Effetto, per
giunta, amplificato dalla facilità e dalla velocità di trasmissione delle informazioni
offerte dai nuovi media.
In questa prospettiva, sono convinto che ognuno di noi sia quotidianamente
alle prese con la necessità di salvaguardare il proprio indirizzo di posta elettronica,
e di tutelarsi dalla quantità, francamente insopportabile, di informazioni e notizie.
Sovraesposizione mediatica? Forse. È interessante comunque notare come queste
dinamiche seguano un percorso in qualche modo antitetico rispetto a quello della
pubblicità.
Infatti, così come nell’ambito del marketing, si può riscontrare un andamento
abbastanza lineare di crescita dei risultati economici di una azienda e di un prodotto, a seconda della quantità di risorse che quella azienda e quel prodotto investono
in pubblicità, in quello della privacy osserviamo un andamento speculare, ma opposto, per cui, superata una certa soglia di ricezione delle informazioni, l’utente finisce per subire un effetto saturazione, che lede all’immagine, al brand, del prodotto o dell’azienda, che invece si vorrebbe promuovere.
Quindi: tematiche nuove per le imprese, per i consumatori, per coloro che distribuiscono i prodotti. Ma soprattutto tematiche rispetto alle quali la privacy diventa, a seconda di come viene gestita, un fattore importantissimo, di successo o di
insuccesso.
Tutto questo suggerisce, inoltre, la nascita di nuove professionalità, specie tra
coloro che affrontano il tema della privacy in termini di consulenza aziendale, strategica o di customer care.
Entrando più nello specifico – e vengo alla parte conclusiva del mio intervento – è utile concentrarsi sulla situazione italiana e capire quali siano i miglioramenti da approntare nel nostro Paese. Su questo aspetto, soprattutto dal punto di vista
legislativo, vi è sicuramente un problema di chiarimento dei tanti dubbi interpreta-
Enrico Letta - La nuova consapevolezza dei consumatori
191
tivi che oggi ci sono, legati prevalentemente all’assenza di un testo unico di riferimento. Un testo che stiamo aspettando da tempo, e che dovrebbe essere emanato,
pare, in tempi abbastanza rapidi. Ovviamente ce lo auguriamo, soprattutto perché
la definizione di un quadro regolatorio certo, razionale, lineare è indispensabile in
una fase in cui i soggetti economici e sociali che devono relazionarsi tra loro in questo settore scontano la cronica assenza di punti di riferimento ben identificabili.
Dunque, regole chiare, nessun dubbio interpretativo, responsabilità ripartite. Questo chiediamo e questo – mi sembra – sta venendo in questi mesi, grazie anche all’attivismo del Garante, che sta portando avanti una grande opera di comunicazione alle imprese, soprattutto alle Pmi.
Per procedere a qualsiasi trasformazione, è necessario, tuttavia, che si abbia una
lucida percezione dei tempi che stiamo vivendo. Le facili approssimazioni sarebbero oggi quanto mai deleterie. Anni fa, ai primordi della Rete e della sua utilizzazione, c’è stato un periodo in cui in molti immaginavano che Internet modificasse
completamente il modo in cui si produceva e si vendeva. Per la gran parte di noi l’ecommerce, ad esempio, era la nuova frontiera nella vendita dei prodotti. In realtà –
ce ne siamo resi conto solo recentemente – l’e-commerce altro non è se non una modalità di acquisto e vendita. A contare è ancora la qualità del prodotto. E poi, proprio per quanto attiene alla commercializzazione, incidono tutti quegli elementi tipici anche delle altre modalità di commercio, prime fra tutti le infrastrutture fisiche. Perché ho fatto questo riferimento? Perché – a mio avviso – quello del commercio elettronico è un caso che ben sintetizza il modo un po’ caotico e non eccessivamente ragionato con cui le imprese si sono lanciate in un settore nuovo e poco
conosciuto. È mancata – spesso manca ancora – le selettività delle scelte strategiche.
E questo mi pare contrassegnare, più in generale, anche gran parte degli atteggiamenti nei confronti delle nuove frontiere aperte alle attività economiche dall’innovazione tecnologica. È necessario, piuttosto, comprendere quali sono gli elementi
davvero decisivi e puntare tutto su questi. Inoltre, occorre acquisire la consapevolezza che, specie in settori nuovi, le regolamentazioni e l’intervento dello Stato non
sempre sono costi aggiuntivi e “laccioli” che frenano le attività imprenditoriali. È
vero: il Legislatore non può permettersi errori di prospettiva o di approssimazione.
Ma allo stesso modo – si pensi a tal proposito alla reazione nei confronti di tutta la
normativa in materia di sicurezza – anche i soggetti economici devono accettare le
iniziative legislative e i regolamenti applicativi come una forma di tutela, e non come fattori limitativi.
Quanto tempo abbiamo impiegato e di quanto ancora abbiamo bisogno perché tutte le nostre attività vengano messe a norma? È opinione abbastanza diffusa
che il nostro sistema sia ingessato da troppi regolamenti e da troppe leggi. A mio avviso, tuttavia, non si tratta di un problema di quantità, ma di efficacia nell’imple-
192
Da costo a risorsa - Attività produttive e protezione dei dati personali
mentazione e nell’applicazione di queste stesse leggi. Proviamo a pensare alla resistenza con cui l’intero sistema ha reagito al complesso di norme e regolamenti che
disciplinano la sicurezza in materia di ascensori.
L’eventualità da scongiurare è quella che le stesse imprese si trovino a bypassare le norme perché considerate eccessivamente onerose, sia in termini di adattamento e comprensione, che di costi. I livelli di attenzione vanno quindi attivati subito, nella fase legislativa e di preparazione regolamentare.
C’è inoltre il livello comunitario, sul quale in questa sede non è possibile dilungarsi. Mi fa piacere, tuttavia, notare che, rispetto alla situazione della media dei
Paesi dell’Unione, l’Italia occupa una posizione all’avanguardia. Il fatto stesso che
Stefano Rodotà sia anche presidente dei garanti europei è un elemento importante
per noi, sia perché in questa materia il livello legislativo comunitario è semplicemente decisivo, sia perché in una fase quale quella attuale occupare un posto di prestigio nelle istituzioni comunitarie assume un ruolo politicamente strategico.
L’altro punto chiave da sottolineare è attinente al coinvolgimento diretto degli
operatori nella elaborazione delle norme e riguarda, ad esempio, tutta la materia dei
codici di autoregolamentazione, peraltro ancora aperta in Italia.
Chiudo con un tema che mi sta particolarmente a cuore. Il riordino quadro
dell’intero comparto delle Autorità indipendenti, reale condizione perché il garante, così come le altre autorità, riescano a essere efficaci fino in fondo e indipendenti. La discussione va avanti già da tempo e ha coinvolto soggetti di entrambi gli
schieramenti, che hanno portato ciascuno idee e proposte di riforme. Il mio auspicio è che si vada avanti in questa direzione, soprattutto dopo che il ministro della
Funzione Pubblica ha espresso la volontà del governo di portare avanti una logica
di riordino del settore.
Credo che sia importante che questa – che é una materia di riforma istituzionale pura – trovi in Parlamento un confronto libero e aperto. Sul tavolo ci sono numerose proposte formalizzate in disegni di legge che mantengono delle specificità
laddove questo è necessario, soprattutto nel caso del garante della privacy, per il quale una omologazione con altri organi e altre autorità indipendenti sarebbe nefasta.
Tuttavia, molti sono gli elementi utili per rendere più lineare il rapporto con le
altre autorità indipendenti e con gli altri livelli istituzionali, e anche il rapporto legato alla materia dei contenziosi amministrativi, per esempio, che ritengo potrebbero trovare un giusto e positivo chiarimento in sede parlamentare. L’intento è quello di razionalizzare e di rendere più efficiente l’intera materia, con ovvi vantaggi in
termini di soddisfacimento delle richieste dei cittadini e degli utenti. Il tutto al fine
di avvicinare istituzioni, cittadini e imprese, e contribuire davvero al processo di maturazione di questo Paese.
Enrico Letta - La nuova consapevolezza dei consumatori
193
Consumers' New Awareness
Enrico Letta (1)
I would like to start from a very important passage I consider to be the core of
the presentation given by Mauro Paissan – namely, that the relationship between
enterprise and fundamental rights should be seen as an alliance rather than as a
trade-off. I think that this item should be given top priority in analysing the privacy issue nowadays – the costs of privacy, the transformation of privacy from a cost
to a resource. In this context, privacy is undoubtedly a very new issue and should
be addressed by scholars in a totally different perspective compared with the past.
What does this novelty consist in? I think it consists first and foremost in the unprecedented awareness that has featured in consumers’ behaviour for the past few
years. This is a key issue in my view; actually you will be addressing it tomorrow in
depth. Indeed, there is little doubt that economy is influenced by this new stance
taken on by consumers, who set the pattern of economic events through their
choices and require producers and marketers to take account of this change in approach and expectations.
More specifically, consumers nowadays consider privacy policies of businesses as
a major determinant in their decision-making. Although this is not yet a mass-scale,
all-round approach, nevertheless all the available information shows that this is a consistently upward trend as well as one that cannot be questioned because it is unilateral and shows no intermissions. Therefore, economic actors as a whole are required to
take into account a new item that influences consumer choices and thereby becomes
– here is the link with enterprise and industry – a key feature in ensuring competitiveness, especially at a time when you can no longer escape competition given that
increasingly aggressive, dynamic actors arise unrelentingly in a global scenario.
This is the perspective in which to also address the fundamental issue of customer loyalty, as a function of which respect for privacy can become a sort of added
value – a qualifying item to appreciate the performance of a given enterprise. This
is the case for individual businesses, but it applies to an even greater extent to the
growingly common “multi-utilities” – whose existence is grounded on the concept
that customer information and customer relations are economic assets. This is unquestionably an extraordinary as well as fundamental innovation – for instance, as
also regards the application of Community directives concerning liberalisation of
public utilities, which is a sector where highly positive results could be achieved for
our country together with the Hon. Mr. Rasi during the past legislature. In this sec(1) Chamber of Deputies, Italy
194
Da costo a risorsa - Attività produttive e protezione dei dati personali
tor, the information on and relationships with customers are becoming an economic asset and increasingly leading businesses that provide services to pursue a
synergic approach by involving several entities. This, in turn, is raising new issues
to be coped with by the antitrust authority, which is called upon to assess these developments in terms of concentrations and violations of anti-monopoly laws. Indeed, when doing business in several sectors you run the risk of breaching competition rules in each of the sectors at stake.
From a more general standpoint, these considerations apply to another key issue, i.e. marketing. That is to say, failure to respect customer privacy is ultimately
counterproductive for an enterprise, and this effect is enhanced further by the ease
and quickness of information transmission afforded by new media.
I am sure that all of us are daily aware of the need to protect our own e-mail
addresses against the by now definitely insufferable amount of information and
news. Is this a case of media overexposure? Maybe, however I believe it is interesting to consider that the dynamics underlying this phenomenon are exactly the reverse of those conventionally applying to advertising.
Indeed, in the marketing sector one can usually observe that the results
achieved by a given business or product increase in basically direct proportion to the
resources invested in advertising said business or product. In the privacy sector, the
effect produced is exactly the reverse; that is to say, there is an information reception
threshold beyond which users get eventually saturated, which spoils the image/the
brand of the product and/or business that is being advertised in this manner.
Thus, there are new issues to be taken into account by businesses, consumers,
and distributors. Above all, the privacy issue can become the key to a successful economic initiative depending on how it is managed.
Furthermore, these considerations point to opportunities for creating new professions, in particular as regards addressing the privacy issue in terms of business
and/or strategic consultancy or else of customer care.
Let me now tackle a couple of points more in detail – so as to approach my
conclusions. I think it is helpful to focus on the Italian situation and establish what
improvements are to be made in our country. There is undoubtedly the need to clarify several interpretive doubts, in particular from the standpoint of legislation. This
is related mainly to the lack of a consolidated reference instrument. We have been
waiting for this instrument for a long time, and I understand that it is to be issued
shortly. We all hope that it will be so, above all because clear-cut, sensible, and
streamlined regulations are indispensable at a time when economic and social actors
that are required to interact in this sector are negatively affected by the long-standing absence of clearly identifiable reference points. Therefore, the objectives should
be to set out unambiguous rules, do away with interpretive doubts, and allocate re-
Enrico Letta - Consumers' New Awareness
195
sponsibilities. This is what we would like to get, and this is what – I believe – has
been happening for the past few months, partly thanks to the active role played by
the Garante, which is making a major communication effort in respect of businesses, in particular SMEs.
However, prior to making changes one should get a crystal-clear picture of the
attending circumstances. Simplistic approximation would only be deleterious. There
was a time, a few years ago, when Internet had just been discovered and was considered capable to modify all the production and sales mechanisms. Most of us believed that e-commerce, for instance, would be the new sales frontier. In fact, we realised only recently that e-commerce is ultimately a means to perform sales and purchases. What still matters is product quality. Then, account should be taken – exactly in view of marketing products – of all the components that can usually be
found in the other types of commerce, first and foremost physical infrastructures.
What is the point of all this? In my view, the e-commerce case is an excellent example of the rather disorderly, not especially reasoned approach followed by businesses
to cope with a new, unfamiliar sector. There was, indeed there still is, no selective
approach in strategic choices – which is, I believe, a feature applying more generally to the stance taken with regard to the new frontiers opened up by technological
innovation in the economic sector. One should rather try and understand what
components are really decisive and stake all on them. Furthermore, one should become aware that regulations and State interventions do not always carry additional
costs and hindrances for businesses, especially as regards new sectors. There is little
doubt that lawmakers cannot afford to see things from the wrong angle or be sloppy in their work; however, economic actors should be ready to view legislation and
implementing regulations as safeguards rather than limitations – only think, in this
regard, of the reaction brought about by all the legislation on safety matters.
How long did and will it take for all our activities to be brought into line with
safety laws? Our country is widely held to be hampered by an excess of legislation
and rules. However, I think that it is not a question of quantity, but of effectiveness
in implementing and applying such legislation and rules. Let me quote, as an example, the resistance aroused by the set of laws and regulations applying to safety
measures for elevators.
The danger to be averted is that the businesses concerned decide eventually to
dodge the laws and regulations at stake because they are regarded as too burdensome in terms both of the adjustments required and their understandability and of
the costs involved. Therefore, it is necessary to pay the utmost attention from the
start, i.e. in drafting legislation and/or implementing regulations.
Then there is the Community level to be considered, on which I am not going to dwell. Let me only recall that our country has proved to be on the forefront
196
Da costo a risorsa - Attività produttive e protezione dei dati personali
in this area, compared with the situation existing on the average in EU countries.
The fact that Stefano Rodotà is currently the chair of the European data protection
working party is itself important for us, both because Community legislation plays
a key role in this sector and because it is strategically fundamental to hold an influential position within the Community in the current phase.
Still on this point, another key requirement consists in directly involving economic actors in the law-making process. Reference can be made, for instance, to the
broad-ranging issues related to codes of conduct and professional practice – which
are as yet unsolved in Italy.
Let me conclude by mentioning a topic I am especially keen on – that is, how
to re-organise the whole framework of independent authorities, which is a prerequisite for the Garante as well as the other authorities to be effective and independent to the highest possible degree. There has been a debate on this for some time,
which has allowed both majority and opposition members to voice their views and
put forward proposals. I hope that further progress will be made in this direction,
especially considering that the Minister for the Public Administration expressed the
Government’s intention to streamline the regulations applying to this sector.
I think that this issue, related to institutional reformation, should be addressed
by Parliament via an open-minded, free discussion. There are several proposals tabled
in bills submitted to Parliament, in which account is taken of individual peculiarities
insofar as this is necessary – in particular, it would be deleterious for the data protection authority to be equated to other independent bodies and authorities.
Still, there are many items that can help simplify its relationships with other
independent authorities and institutions as also regards, for instance, the handling
of disputes under administrative law – a topic that might be appropriately clarified
by Parliament. This is aimed ultimately to streamline and enhance the effectiveness
of this sector as a whole, which cannot but be beneficial in terms of meeting the demands coming from citizens and users so as to bring institutions closer to citizens
and businesses and contribute concretely to the maturation of our country.
Enrico Letta - Consumers' New Awareness
197
Contributi
S ESSIONE III
I MPRESA , UTENTI
E CONSUMATORI
Sessione III – Impresa, utenti e consumatori
Impresa, Utenti, Consumatori: verso un nuovo rapporto
Giuseppe Santaniello(1)
Sommario: 1. New economy. Imprese, consumatori, utenti. Verso un nuovo rapporto sulla base della privacy – 2. La privacy: costi e benefici – 3. La tutela del consumatore e
dell’utente. Le innovazioni - Gli interventi della Comunità europea – 4. Gli antesignani: i sistemi anglosassoni – 5. La legge italiana – 6. Conclusioni
1. New Economy. Imprese, Consumatori, Utenti. Verso un nuovo rapporto sulla base della Privacy
Nella fase attuale di profonde trasformazioni e innovazioni dei sistemi economici su scala mondiale il fattore privacy non poteva non collocarsi con la sua particolare rilevanza di significati individuali e sociali e soprattutto con la sua trasfigurazione da costo economico a risorsa dell’impresa.
In un interessante libro, dal titolo “Il mondo che cambia”, Antony Giddens
(uno dei più influenti sociologi del nostro tempo) ha rilevato che la new economy
non può essere ridotta, attraverso una interpretazione superficiale, a una dimensione speculativa legata a una particolare fase di espansione dei mercati, bensì essa
incide in profondità sui valori fondanti dei sistemi di convivenza tra gli individui
e tra i popoli.
In tale quadro emerge uno specifico ciclo evolutivo, per cui nei mercati privacy
oriented si sta delineando un rapporto del tutto nuovo, intercorrente fra i tre protagonisti dello scenario economico, l’imprenditore, il consumatore, l’utente, fra i quali si determina per effetto delle regole della privacy una situazione di sostanziale armonizzazione di interessi e di condivisione di obiettivi per molteplici profili.
Attraverso la funzione emergente della riservatezza quale fonte di risorse, il sistema non è orientato soltanto verso l’operatore commerciale e la protezione dei
suoi diritti, ma pone l’accento anche sulla rilevanza dei consumatori e degli utenti.
I quali per tal modo si configurano come fattori di equilibrio del ciclo produttivo e
soprattutto come soggetti partecipi, non più in un ruolo inerte.
(1) Vice presidente Garante per la protezione dei dati personali - Italia
Giuseppe Santaniello - Impresa, Utenti, Consumatori: verso un nuovo rapporto
201
2. La privacy: costi e benefici
Ciò premesso, si rileva che i costi della protezione dei dati personali vanno misurati in termini sia pubblici, sia privati. Vi è un costo sopportato dalle strutture
amministrative pubbliche nel momento in cui si apre la fase attuativa della leggebase, e vi è un costo pubblico di gestione delle normative che con ritmo incalzante
si susseguono nella regolamentazione di una materia in continuo divenire.
Tali oneri non sono specifici della privacy, bensì sono generalizzati per ogni tipo di legislazione a carattere innovativo, che richieda l’organizzazione di nuovi nuclei strutturali e funzionali.
D’altra parte sussistono una serie di oneri che incidono esclusivamente sulla
imprenditoria privata, poiché gli interventi aziendali finalizzati alla data protection
hanno forti valenze di tipo commerciale. Basti avere quale punto di riferimento il
costo degli adeguamenti strutturali di un’impresa in termini di infrastrutture tecnologiche, di gestione dei processi di trattamento dei dati personali nonché di formazione e aggiornamento del personale preposto a tali compiti.
Però tali costi non sono inerti passività aziendali, bensì generano una serie di positività per le imprese. Un impegno degli imprenditori finalizzato a soddisfare le
aspettative dei consumatori, degli utenti di beni e dei servizi materiali e immateriali,
sollecita le opportunità competitive dell’impresa, promuovendo l’individuazione di
formule innovative, per la fidelizzazione dei clienti e la conquista di nuovi mercati.
Ogni politica commerciale di ampia prospettiva poggia sul rapporto fiduciario
col cliente e ha tra suoi fini un miglioramento di tale relazione. Anzi il vantaggio
competitivo, prodotto dalla applicazione di regole aziendali per il corretto trattamento delle informazioni personali, è l’effetto del consolidamento del rapporto fiduciario tra fornitore e consumatore, che la tutela della riservatezza determina. Un
recente studio realizzato negli Usa dal Boston Consulting Group ha evidenziato che
la crescita del commercio elettronico aumenterebbe, in rapido tempo, oltre il doppio, se l’utente si sentisse sicuro ed avesse fiducia del rispetto della propria privacy
nelle transazioni in rete.
E già nell’ottobre del 1997 la Commissione europea indicò delle linee di quadro, per sottolineare l’importanza della tutela e della sicurezza delle informazioni
personali, al fine di effettuare attività commerciali o comunicazioni private su Internet (Ensuring trust and security in electronic communication, 8 ottobre 1997). La
Commissione sottolineò che la tutela dei dati personali (mediante apposite misure
di sicurezza dei dati, da parte delle imprese) è il frutto di un’attività composita e permanente, che richiede interventi di tipo organizzativo, sottoposti a continuo aggiornamento e verifica. E soggiunse che le informazioni personali devono essere
protette a prescindere dalla loro forma o supporto (cartaceo, informatico o di altro
tipo) su cui sono registrate.
202
Da costo a risorsa - Attività produttive e protezione dei dati personali
E osservò che il principio di adeguatezza indica una relazione tra misure adottate (o da adottare) e una serie di riferimenti, quali il grado di sensibilità dei dati
personali trattati, i criteri di distribuzione interni al titolare, i flussi esterni con altri
responsabili, le procedure di divulgazione, il metodo di archiviazione.
Ed è significativo che su un piano internazionale si è registrata una sostanziale
convergenza fra le imprese e l’utenza nel conferire il valore di risorsa alla tutela della
privacy on line, ai fini del potenziamento delle infrastrutture telematiche che costituiscono la fondamentale articolazione della società dell’informazione. Il sondaggio
Harris Westin evidenziò come per il 52% degli utenti di computer la tutela della privacy sia il fattore principale che influenza la loro decisione di collegarsi in rete.
La conferenza ministeriale europea di Bonn del luglio 1997, nel segnalare l’esigenza delle reti informative globali di offrire ogni opportunità per il rafforzamento dei valori democratici e sociali, ravvisò nella collaborazione e nel supporto degli
utenti la forza trainante dello sviluppo delle reti, condizionatamente a una adeguata tutela dei dati personali, al fine di incrementare il rapporto di fiducia fra utenza
e rete. Ciò costituiva la dimostrazione che l’investimento in privacy è un fattore costitutivo per lo sviluppo di nuovi prodotti e servizi.
3. La tutela del consumatore e dell’utente. Le innovazioni. Gli interventi
della Comunità europea
In tale prospettiva della riservatezza quale risorsa di sviluppo dell’impresa, assume valore di fattore essenziale la tutela del consumatore e dell’utente.
Il fattore determinante del processo, che ha portato negli ordinamenti dei Paesi
partners dell’Unione europea all’esplicito riconoscimento dei diritti dei consumatori e
alla loro tutela diretta, è rappresentato dall’attività svolta dalle istituzioni comunitarie.
Secondo l’art. 153 del trattato CE (come modificato dal trattato di Amsterdam)
la Comunità contribuisce alla protezione della sicurezza e degli interessi economici
dei consumatori, alla promozione del loro diritto all’informazione e all’organizzazione dei loro interessi. Ed è stato con il trattato di Maastricht che la protezione dei
consumatori, non specificamente considerata originariamente dal trattato di Roma,
è divenuta politica comunitaria a pieno titolo, in relazione agli obiettivi di fornire
un contributo di rafforzamento delle misure protettive dei consumatori.
L’evoluzione, che ha condotto a una specifica politica comunitaria, è stata sostenuta a livello organizzativo da una apposita direzione generale della Commissione, col compito di vigilare sul rispetto degli interessi dei consumatori nell’impostazione delle politiche comunitarie, di rafforzare la trasparenza del mercato, di migliorare la sicurezza dei prodotti e dei servizi di consumo in circolazione nel mercato unico, di accrescere la fiducia dei consumatori, in particolare attraverso un più
Giuseppe Santaniello - Impresa, Utenti, Consumatori: verso un nuovo rapporto
203
nutrito flusso di informazioni, di instaurare un dialogo sistematico tra la Commissione e le organizzazioni rappresentative dei consumatori.
Da tali fattori viene in rilievo una figura del tutto nuova del consumatore, la
cui funzione, di primaria importanza, travalica perfino l’ambito contrattuale intercorrente col fornitore o col produttore, per inserirsi nel quadro degli obiettivi di trasparenza del mercato e di ottimizzazione della qualità dei prodotti.
Con la decisione del 25 gennaio 1999 la Comunità si è dotata di uno strumento operativo unitario, stabilendo il quadro generale per le attività volte a promuovere gli interessi dei consumatori e a garantire loro un elevato livello di protezione.
Tale quadro è adottato per il periodo 1999-2003 a sostegno e completamento
della politica degli Stati membri, e comprende azioni di ausilio ad attività delle organizzazioni europee dei consumatori e di sostegno finanziario a progetti specifici.
Gli interventi riguardano quattro settori: salute e sicurezza dei consumatori in
relazione a prodotti e servizi; educazione e informazione dei consumatori sui diritti
di cui godono; promozione e rappresentanza dei loro interessi. Grande interesse ha
mostrato il legislatore comunitario anche per l’accesso dei consumatori alla giustizia.
È emerso con particolare rilievo non solo il tema della tutela giustiziale del singolo consumatore, ma anche quello della tutela giurisdizionale degli interessi collettivi e diffusi dei consumatori, in particolare della legittimazione processuale degli
enti esponenziali di tali interessi.
Dal complesso di queste misure protettive emerge anche una linea prospettica
del tutto nuova: quella per cui gli interventi sono rivolti a tutelare non solo le imprese concorrenti nel mercato, ma a garantire anche il consumatore come soggetto
che contribuisce con le imprese stesse al regolare andamento di quel modello concorrenziale del mercato, che deve essere salvaguardato per assicurare, nell’interesse
generale, un continuo e dinamico sviluppo economico.
Alla nozione di consumatore e alla questione relativa alla sua tutela si affianca la figura dell’utente, specialmente in relazione ai servizi pubblici di cui essi sono utilizzatori.
Vi sono punti di assimilazione del cittadino utente al cittadino consumatore,
ma vi sono anche elementi differenziali tra la posizione di soggezione in cui può trovarsi il consumatore, quale contraente debole nella stipulazione di contratti aventi
ad oggetto beni di consumo offerti dai privati, e quella dell’utente di servizi pubblici sottoposto alle determinazioni imposte dall’impresa pubblica erogatrice dei servizi. Ed è proprio su tale profilo che la tutela dei diritti fondamentali della persona
può dispiegare la sua efficacia ai fini del corretto ed equo rapporto tra il fornitore
pubblico dei servizi e l’utente.
204
Da costo a risorsa - Attività produttive e protezione dei dati personali
4. Gli antesignani: i sistemi anglosassoni
Ho citato finora riferimenti normativi prevalentemente di fonte comunitaria
per i profili della disciplina consumeristica.
Ma va ricordato che, in ordine storico, gli antesignani di tale tutela sono stati
il sistema giuridico americano e quello britannico, i quali per primi (e già da molto
tempo) hanno accordato protezione anche giurisdizionale a quegli interessi che non
sono necessariamente individualizzati (come i diritti soggettivi) ma rivestono carattere ultraindividuale, o categoriale o di gruppo organizzato. Sicchè trascendono il
singolo soggetto e si esprimono in una entità collettiva: essi si definiscono interessi
collettivi e interessi diffusi. In tale ambito si è collocata, nei sistemi di matrice anglosassone (e non tanto per tradizione codicistica quanto per influsso di common
law o per regolamentazioni autodisciplinari) la difesa degli interessi delle associazioni di consumatori e di utenti. Va ricordato che la grande forza innovativa caratterizzante gli ordinamenti giuridici anglosassoni ha riservato alle suddette associazioni consumeristiche l’ingresso della tutela giudiziaria attraverso il riconoscimento
delle c.d. azioni di classe (class action).
5. La legge italiana
Per quel che riguarda l’ordinamento italiano la l. 281/1998 ha introdotto la disciplina generale dei consumatori e degli utenti. Essa riguarda principalmente tre temi. In primo luogo sotto il profilo sostanziale garantisce i diritti fondamentali e gli
interessi individuali e collettivi dei consumatori e degli utenti.
In secondo luogo, sotto il profilo processuale, promuove la protezione di tali
diritti e interessi, definendo il ruolo delle associazioni dei consumatori in giudizio.
In terzo luogo si occupa della rappresentanza a livello istituzionale dei consumatori e degli utenti, istituendo il consiglio nazionale.
In particolare la legge tratta dei diritti alla qualità dei prodotti e dei servizi, alla correttezza, trasparenza ed equità nei rapporti contrattuali concernenti beni e servizi, nonché dei diritti all’erogazione di servizi pubblici secondo standard di qualità ed efficienza.
6. Conclusioni
Lo sviluppo dei diritti fondamentali della persona, nel cui contesto la privacy
mantiene il suo ruolo essenziale, si iscrive nel ciclo attuale di mutazione della società e delle istituzioni, dei modi di essere e di operare degli individui e delle collettività e particolarmente in quella dinamica economica fortemente accelerata, la cui
formula definitoria è mondializzazione.
Giuseppe Santaniello - Impresa, Utenti, Consumatori: verso un nuovo rapporto
205
In tale visuale la privacy rivela la sua duplice valenza: sia come formula di garanzia per tutti i soggetti, sia come opportunità per le imprese operanti nel mercato.
Ma va considerato che il mercato tende a globalizzarsi sempre più, in una dimensione spazio-temporale ad ampiezza crescente. E se da un lato esso si presenta
pieno di potenzialità produttive e generatore di nuove risorse sotto tutte le latitudini, dall’altro lato deve evitare il rischio di tensioni, di disequilibri, di scompensi. Occorrono quindi fattori riequilibranti e riumanizzanti, i quali possono rinvenirsi soltanto nella tutela dei diritti fondamentali. Sicchè la formula strategica per determinare uno sviluppo del tutto positivo è quella di crescita di un mercato globale che
sia attento ai principi dei diritti fondamentali. In tal modo prendono valore gli sviluppi di un’economia globalizzata, purchè affiancata dalla globalizzazione delle garanzie.
206
Da costo a risorsa - Attività produttive e protezione dei dati personali
Businesses, Users, Consumers: Toward a New Relationship
Giuseppe Santaniello
(1)
Contents: 1. New Economy. Businesses, Consumers, Users: Toward a New Relationship
Based on Privacy - 2. Privacy: Costs and Benefits - 3. Protection of Consumers and
Users. Innovations. European Community’s Initiatives - 4. Forerunners: The Anglo-Saxon Systems - 5. Italian Legislation - 6. Conclusion
1. New Economy. Businesses, Consumers, Users: Toward a New Relationship Based on Privacy
In the current phase featuring deep-ranging changes and innovations of economic systems worldwide, the privacy factor was bound to play a major role on account of its significance for individuals and society as well as, above all, because of
its potential for turning from a cost into a resource for businesses.
In his interesting book on “A Changing World”, Anthony Giddens – one of
the most influential contemporary sociologists – remarked that the new economy
should not be considered to merely reflect speculative attempts in connection with
a specific market expansion phase – as might be suggested by a superficial analysis.
In fact, it deeply influences founding values underlying the coexistence of peoples
and individuals.
Within this framework, a specific evolutionary cycle can be identified, in which
a wholly new relationship is taking shape between the main economic actors – i.e. entrepreneurs, consumers, and users - as regards privacy-oriented marketplaces. Because
of the effects produced by privacy rules, the interests at stake are growingly harmonised and the targets to be achieved are increasingly shared under many respects.
Thanks to the emerging function of privacy as a resourceful aid, the whole system is not focussed only on commercial operators and the protection of their rights;
in fact, emphasis is also put on the important role played by consumers and users.
The latter become in this way balancing factors in the production cycle – above all,
they become actors rather than simply passive bystanders.
2. Privacy: Costs and Benefits
Given these premises, it should be pointed out that the costs of personal data
protection are to be assessed in both public and private terms. There are undoubt(1) Vice-President, Italian Data Protection Authority
G i u s e p p e S a n t a n i e l l o - B u s i n e s s e s , U s e r s , C o n s u m e r s : To w a r d a N e w R e l a t i o n s h i p
207
edly costs that are incurred by a State’s administrative machinery at the time of implementing the basic Act; on the other hand, there are public management costs in
connection with the quick-paced enactment of provisions to better regulate this
ever-changing sector.
These costs are no specific feature of privacy legislation, since they actually apply to all types of innovative legislation that requires organisation of new structural and functional components.
There are additionally costs to be borne exclusively by private enterprises, since
business actions aimed at ensuring data protection entail considerable commercial
costs. Only think of the costs related to adjusting technology infrastructures in a
business, managing personal data processing, training and upgrading staff in charge
of these activities.
However, such costs are no mere business liabilities: in fact, they are a source
of assets for businesses. The entrepreneurial commitment towards meeting the expectations of consumers and users of goods and physical/non-physical services can
enhance businesses’ competitive chances by promoting the development of innovative approaches to increase customer loyalty and acquire new markets.
Any far-sighted commercial policy must be based on customer trust and is aimed
at improving such trust. In fact, the competitive advantage resulting from application
of business rules for appropriate personal data processing is the outcome of the enhanced trust between supplier and consumer generated by the protection of privacy.
A study recently carried out in the USA by the Boston Consulting Group showed that
the growth of E-commerce would more than double in a short time span if users felt
safe and were confident that their privacy was respected during network transactions.
Ever since October 1997, the European Commission laid down framework
guidelines to stress the importance of the protection and security of personal information, in order to carry out commercial activities and/or private communications
on the Internet (Ensuring Trust and Security in Electronic Communications, 8 October 1997). The Commission pointed out that data protection by way of specific
security measures to be adopted by businesses is the outcome of a complex, permanent activity requiring organisational measures that should be continuously updated and assessed. It was also added that personal information should be protected irrespective of its format and/or the media (paper, computerised, or any other kind)
on which it is stored.
In the Commission’s paper it was also highlighted that the adequacy principle
was based on the relationship between adopted (or yet to be adopted) measures and
a set of reference criteria such as the degree of sensitivity of the personal data undergoing processing, the controller’s internal circulation rules, external flows to other processors, dissemination procedures, archiving methods, and so on.
208
Da costo a risorsa - Attività produttive e protezione dei dati personali
On the international level, businesses and users can be said to have significantly shifted towards the shared understanding of the protection of online privacy
as a resource, with a view to strengthening the electronic infrastructure that is the
backbone of the information society. A Harris Westin survey has shown that 52%
of computer users consider privacy protection to be the main factor influencing
their decision to go on the Net.
The 1997 Bonn Ministerial Conference pointed out the need for global information networks to provide the amplest opportunity for strengthening democratic
and social values and pinpointed user cooperation and support as the driving forces
for network development – provided adequate data protection is ensured – so as to
enhance the trust relationship between users and the Net. Thus, investing in privacy is to be regarded as a basic feature of quality products and services.
3. Protection of Consumers and Users. Innovations. European Community’s Initiatives
Being privacy to be regarded as a resource for business development, the protection of consumers and users takes on fundamental importance.
Within the EU, the basic factor that has led to the express recognition of consumer rights as well as to their protection has been the activity carried out by community institutions.
Under Article 153 of the EC Treaty – as amended by the Amsterdam Treaty , the European Commission contributes to protecting security and economic interests of consumers, promoting their right to information and organising their interests. It was thanks to Maastricht Treaty that consumer protection – not specifically
taken into account in the Rome Treaty – became a component of community policy in its own right with a view to contributing to the enhancement of consumer
protection measures.
The process leading to a specific community policy was supported in organisational terms by the creation of an ad-hoc general directorate of the Commission,
which is responsible for verifying that consumer interests are respected in the shaping of Community policies, as well as for increasing market transparency, improving the security of product and consumer services in the single market, enhancing
consumer trust – in particular by expanding information flows -, and setting up and
maintaining a dialogue between the Commission and consumer representatives.
The above developments have been shaping a wholly new type of consumer,
whose function is to be attached fundamental importance since it actually goes beyond the scope of the contract stipulated with suppliers/producers – in fact, it is becoming a part of the market openness policy and product quality optimisation.
G i u s e p p e S a n t a n i e l l o - B u s i n e s s e s , U s e r s , C o n s u m e r s : To w a r d a N e w R e l a t i o n s h i p
209
Following its decision of 25 January 1999, the European Community was provided with a unified operational tool in which the general framework applying to
the activities aimed at promoting consumer interests and ensuring a high protection
level was laid down.
This framework was adopted for the 1999-2003 period to support and supplement the policies adopted by the individual Member States; it envisages the support of European consumer organisations as well as the funding of specific projects.
Four areas of activity were identified, namely consumer health and education
in connection with products and services, education and information of consumers
as to their rights, promotion and representation of consumer interests. Considerable
attention was also paid at Community level to the availability of legal remedies for
consumers.
The legal safeguards afforded to individual consumers as well as the judicial
protection of the collective interests applying to consumers – in particular as regards
the locus standi of consumer organisations intended to further such interests – were
found to be especially important.
These protective measures also point to a wholly new development, i.e. the fact
that the individual measures are aimed not only to protect such companies as operate on the market, but also to provide safeguards for consumers; the latter should
be actually regarded as entities contributing - jointly with businesses - to ensuring
operation of the market competition model, which must be protected in order to
allow continued, dynamic economic development and benefit society as a whole.
Consideration of the “consumer” concept and its protection should be accompanied by the analysis of the role played by “users” – with particular regard to public facilities catering for their needs.
There are several similarities between user-citizens and consumer-citizens;
however, there are also differences between the subjection status of consumers –
considered as weak parties in the stipulation of contracts concerning consumer
goods offered by private entities – and the subjection status of users of public facilities, who are subjected to the decisions made by the public company delivering the
relevant service(s). This is exactly an area, in which the protection of fundamental
human rights can prove effective in order to ensure fair, balanced relationships between public service providers and users.
4. Forerunners: The Anglo-Saxon Systems
I have referred so far mainly to Community law sources as regards consumer
legislation.
However, it should be stressed that the forerunners of this type of protection
can be found in the American as well as in the British legal systems. They have been
210
Da costo a risorsa - Attività produttive e protezione dei dati personali
the first to (also) grant judicial protection to interests that are not necessarily individual-oriented – such as individual rights – as they are of supra-individual nature,
i.e. they concern a given category or organised group. From this viewpoint, their
scope goes beyond that of the individual’s interest: they are called collective and/or
community interests, being the expression of a community group. In Anglo-Saxon
systems, the protection of the interests of consumer and user associations has been
ensured within this framework – not so much on the basis of statutory instruments,
as because of the influence of either the common law or self-regulatory tools. It
should be pointed out that the innovation drive of Anglo-Saxon legal systems reserved the legal remedy consisting in the recognition of the so-called class actions
exactly for consumer associations.
5. Italian Legislation
As to Italy’s legal system, Act no. 281/1998 set forth the general regulatory
framework applying to consumers and users. Three main topics can be distinguished. Firstly, the Act guarantees the fundamental rights as well as the individual
and collective interests of consumers and users from a substantive viewpoint.
Secondly, as regards procedural issues, the protection of those rights and interests is supported in that the role to be played by consumer associations in judicial
proceedings is specified.
Thirdly, the issue of the institutional representation of consumers and users is
addressed; to that end, the Act provides for setting up the National Board of Consumers and Users.
More specifically, this Act addresses the rights to product and service quality,
fairness and openness in contractual relationships concerning goods and services,
and the delivery of high-quality, effective public services.
6. Conclusion
The development of fundamental human rights, in whose framework privacy
retains its fundamental role, is part and parcel of the changes currently involving
our society and institutions, the conduct and life-styles of both individuals and
communities – in particular, it is part of the quick-paced economic development
mechanism that is usually referred to as globalisation.
In this context, privacy shows its dual role – being both a safeguard for individuals, and an opportunity to be seized by businesses.
However, the growing globalisation of markets should be also taken into account, as it entails the extension of space and time coordinates. On the one hand,
G i u s e p p e S a n t a n i e l l o - B u s i n e s s e s , U s e r s , C o n s u m e r s : To w a r d a N e w R e l a t i o n s h i p
211
markets are rich in production potentialities and can generate new profits at all latitudes; on the other hand, it is necessary to prevent the risk that markets are exposed
to tensions, unbalances and decompensation. It is necessary, above all, to counteract such unbalances and humanise market dynamics – which can only be achieved
by ensuring the protection of fundamental human rights. Therefore, the key to
achieve fully positive developments consists in ensuring growth of a global marketplace that is mindful of fundamental human rights – in whose framework privacy
retains a fundamental role. Within this new boundary, the values underlying a universalised economic system can be implemented on the foundations of globalised
safeguards so as to achieve widespread progress.
212
Da costo a risorsa - Attività produttive e protezione dei dati personali
Competizione economica: i vantaggi della protezione dei dati
Giuseppe Tesauro(1)
La relazione che lega concorrenza e informazione ovvero, guardando l’altro lato della medaglia, concorrenza e protezione dei dati, ha in primo luogo una dimensione sostanziale, che però non è così lineare come potrebbe a prima vista apparire. Infatti, se la concorrenza perfetta implica come condizione necessaria una
puntuale e completa informazione tra tutti gli operatori (quindi l’assenza di asimmetrie informative), è anche vero che lo scambio di tali informazioni può trasformarsi in uno strumento che facilita condotte collusive.
È evidente che questa problematica è di fondamentale rilevanza per una Autorità preposta alla tutela della concorrenza, dal momento che in molti contesti diventa cruciale distinguere se la protezione dei dati è essenziale per evitare scambi di
informazioni in grado di consentire il coordinamento (esplicito o tacito) tra imprese concorrenti, o se invece tale scambio possa rendere così trasparente il mercato da
incentivare strategie competitive a vantaggio del consumatore finale.
La rilevanza del tema è dimostrata dal fatto che gli organi di giustizia, sia comunitari che nazionali, hanno da tempo sostenuto la natura illecita dello scambio
di informazioni.
La liceità o meno dello scambio di informazioni è in primo luogo legata alla
natura sensibile dei dati. Questo implica che lo scambio di segreti aziendali, così come di informazioni sulle strategie d’impresa (quali i prezzi o le politiche di marketing) o sulla struttura d’impresa (ad esempio sui costi o sulla funzione di domanda)
è elemento potenzialmente sufficiente per individuare uno “spirito anticoncorrenziale” della condotta.
Secondo fattore da valutare riguarda la forma con la quale tali dati vengono trasmessi. Infatti, uno scambio di dati aventi natura sensibile in modo disaggregato è
da valutare diversamente dal medesimo scambio ma in forma aggregata, ovvero in
modo tale da non consentire ai concorrenti di risalire alle informazioni sui singoli
operatori.
Terzo elemento è la tempistica nel senso che uno scambio di dati sensibili e
disaggregati in modo sistematico e ravvicinato nel tempo consente un grado di conoscenza e una capacità di reazione tra concorrenti in grado certamente di agevolare il reciproco coordinamento su equilibri non concorrenziali.
Altro elemento è la divulgazione limitata ai partecipanti allo scambio di tali informazioni. Si tratta forse del fattore centrale nell’analisi, dal momento che se i da(1) Presidente Autorità garante per la concorrenza ed il mercato - Italia
Giuseppe Tesauro - Competizione economica: i vantaggi della protezione dei dati
213
ti vengono utilizzati solo tra gli operatori concorrenti la loro funzione non può che
essere quella di strumento facilitante la collusione, essendo veicolo per l’osservazione delle azioni e pertanto di reazione tra le imprese. Viceversa, se le informazioni sono rese pubbliche, dove per pubbliche si fa riferimento alla divulgazione soprattutto ai consumatori, è possibile che queste assumano la veste di strumento che aumenta la trasparenza nel mercato, facilita il confronto tra i prezzi, la qualità e la
gamma dei prodotti/servizi offerti e quindi incentiva il gioco competitivo tra le imprese. La stessa Commissione, già nella Relazione sulla politica della concorrenza del
1977, aveva chiarito che la differenza, o meglio una delle differenze, tra scambi di
informazioni statistiche consentiti e scambi vietati concerneva proprio la limitazione della diffusione ai soli operatori e non a vantaggio del mercato (inteso come insieme dei consumatori e dei concorrenti non aderenti allo scambio).
Questo tipo di analisi è stata seguita in varie istruttorie condotte dall’Autorità
garante della concorrenza e del mercato, da ultimo nel recente caso nel settore assicurativo. Si trattava di un sistema di scambio di informazioni su dati estremamente sensibili (tariffe, premi, tipologie di polizze, sconti, previsioni future, ecc) tra le
principali compagnie assicurative, posto in essere tramite una società terza, che è
stato qualificato come pratica concordata avente un oggetto illecito, in quanto in
grado di facilitare l’uniformazione delle condotte commerciali delle imprese, quindi di determinare premi commerciali più elevati rispetto a quelli che si sarebbero registrati in un mercato concorrenziale. A tale conclusione l’Autorità è giunta rilevando (i) la natura sensibile dei dati (si trattava di informazioni acquisibili solo dalle imprese e non dal mercato), (ii) la disaggregazione delle informazioni poi trasmesse ai partecipanti (i dati erano individuati per singola società), (iii) la divulgazione limitata alle compagnie aderenti al sistema e (iv) alla continuità nel tempo del
sistema di trasferimento dei dati di input e di output.
Oltre ad essere rilevante essendo il primo caso nel quale lo scambio in sé è stato ritenuto lesivo della concorrenza avendo un oggetto illecito, in grado di facilitare condotte coordinate, esso è stato utile al fine di chiarire i limiti oltre i quali lo
scambio di informazioni diventa lesivo della concorrenza. Inoltre, è stato ribadito il
principio secondo il quale non rileva la “modalità” attraverso la quale lo scambio
viene posto in essere, nel senso che le parti possono anche servirsi di una società terza, senza che questo incida sulla illiceità della condotta. Ciò che rileva è la natura riservata dei dati scambiati, la possibilità di risalire a ogni operatore e la limitazione
della loro conoscenza alle parti e non anche ai consumatori.
In un simile contesto il trasferimento di quei dati tra le imprese era uno strumento pro-collusivo e certamente non incentivante la trasparenza e in definitiva la
concorrenza tra le imprese.
La necessità di condurre questo tipo di analisi è stata avvertita in numerosi al-
214
Da costo a risorsa - Attività produttive e protezione dei dati personali
tri casi istruttori, nei quali lo scambio di informazioni è stato spesso qualificato come strumentale o come condotta ricompresa in una più complessa e vasta intesa,
frequentemente in seno ad una associazione di categoria.
Non è facile distinguere se e quando i dati oggetto di scambio meritano protezione, ovvero devono necessariamente rimanere nell’ambito dell’impresa e non diventare oggetto di scambio tra concorrenti, o viceversa meritano la massima divulgazione per favorire il confronto concorrenziale.
Una informazione chiara e trasparente al pubblico dei consumatori, in grado di
rendere agevole la valutazione delle tariffe, il confronto e la comparazione sui vari
parametri tra imprese, potrebbe essere uno strumento importante per rendere trasparente il mercato, aumentare il grado di conoscenza del consumatore sul servizio e
quindi indurlo a porre in concorrenza le compagnie nella formulazione delle offerte.
I settori ove tale problematica emerge sempre più di frequente sono quelli ove
è necessaria una qualche forma di regolamentazione o di controllo pubblico. E’ questo il caso del settore farmaceutico, settore nel quale la rilevazione dai dati sulle vendite appare talvolta funzionale al controllo della spesa farmaceutica pubblica. La ricerca del confine tra dati da proteggere e dati invece da rendere pubblici diventa in
questi casi questione delicata.
Infatti, in tale settore (oggetto di vari interventi anche comunitari - da ultimo
il caso comunitario di abuso Ims) le rilevazioni sulle vendite è arrivato ad un livello
di dettaglio da poter praticamente consentire di risalire al farmaco venduto dal singolo medico in un’area di pochissime farmacie. Proprio per il rischio che una simile disaggregazione, frequenza e sensibilità di dati, possa trasformarsi in uno strumento quantomeno disincentivante la concorrenza tra le imprese, l’Autorità ha
espresso alcune “preoccupazioni” in una segnalazione al legislatore. Si tratta della segnalazione sulla “Rilevazione dei dati di vendita dei medicinali a carico del Sistema
sanitario nazionale”, del 29/03/2001, nella quale è stata rilevata la possibile distorsione della concorrenza derivante da alcune disposizioni, sulla raccolta dei dati concernenti la vendita dei farmaci, effettuata dalle farmacie pubbliche e private, contenute nell’accordo collettivo nazionale tra il Ssn e le farmacie del 3 aprile 1997, nella l. 448/98 (“Misure di finanza pubblica per la stabilizzazione e lo sviluppo”) e nel
decreto del Ministero della Sanità n. 7032/99.
Le disposizioni prevedevano la raccolta da parte di Federfarma dei dati di vendita contenuti nel fustello dei medicinali dispensati con onere a carico del Servizio
sanitario nazionale per la trasmissione al Ministero della Sanità. Tale sistema è stato recentemente esteso dalla legge finanziaria 2001 anche alla raccolta dei “dati presenti sulla ricetta leggibili otticamente relativi al codice del medico, al codice dell’assistito ed alla data di emissione della prescrizione”.
L’Autorità ha ritenuto che il sistema potesse produrre effetti restrittivi della
Giuseppe Tesauro - Competizione economica: i vantaggi della protezione dei dati
215
concorrenza qualora alcune delle informazioni raccolte fossero state portate a conoscenza delle imprese farmaceutiche. Nessuna distorsione della concorrenza appariva, al contrario, rilevabile con riferimento all’acquisizione di tali dati da parte degli
organi del Servizio sanitario nazionale, ovvero delle Asl, delle Regioni e del Ministero della Sanità, essendo in questa ipotesi le informazioni acquisite funzionali al
controllo e alle politiche relative alla spesa farmaceutica.
Per quanto riguarda invece la cessione di tali dati da parte di Federfarma a soggetti privati, possibilità espressamente prevista, le stesse fonti normative primarie e
secondarie non specificavano limiti o cautele in merito al tipo di informazioni che
potessero essere cedute o alla loro aggregazione. L’Autorità ha quindi ritenuto che la
cessione di tali dati ai soggetti privati, in assenza di specifici limiti e cautele, potesse consentire un utilizzo improprio degli stessi, in grado di ridurre o alterare la concorrenza fra imprese farmaceutiche. La diffusione dei dati in oggetto poteva, innanzitutto, elevare in modo eccessivo la trasparenza del mercato, rendendo più facili condotte non competitive.
In particolare, per i farmaci soggetti ad obbligo di prescrizione (medicinali etici
in classe A, B e C), la conoscenza diretta o indiretta (attraverso un’aggregazione minima dei dati di vendita) delle modalità di prescrizione da parte dei medici poteva alterare le politiche informativo-promozionali delle imprese farmaceutiche inducendole a porre in essere iniziative dirette anche a ripartizioni territoriali, incidendo in
tal modo sui meccanismi di concorrenza. Con riferimento a questa tipologia di farmaci, l’attività informativa-promozionale rappresenta, infatti, uno dei principali ambiti nei quali si svolge il confronto concorrenziale fra le imprese farmaceutiche.
Sulla base di tali considerazioni, l’Autorità ha ritenuto opportuno che la disciplina relativa al sistema di raccolta dei dati di vendita dei farmaci soggetti a rimborso
venisse integrata con limiti e cautele per l’eventuale cessione a privati dei dati raccolti in base ad un obbligo imposto dalla legge. In primo luogo, è stato rilevato che dovesse essere espressamente esclusa la possibilità che vengano ceduti dati relativi al medico e al paziente. Inoltre, per quanto riguarda i dati di vendita, avrebbe dovuto essere stabilito che essi potessero essere ceduti solo in forma aggregata non in grado di
individuare, direttamente o indirettamente, la posizione delle imprese concorrenti
con riferimento ad ambiti territoriali estremamente circoscritti; il livello di aggregazione minimo doveva identificarsi con l’ambito spaziale corrispondente al territorio
provinciale, ovvero con quello corrispondente alle singole Aziende Sanitarie Locali.
Quanto descritto evidenzia la difficoltà di individuare una chiara linea di confine tra dati da proteggere a tutela della stessa struttura competitiva del mercato e
dati invece da diffondere per agevolare lo “spostamento” dei consumatori e quindi
la aggressività in termini di strategie concorrenziali tra le imprese.
La rilevanza della riservatezza di dati ed informazioni confidenziali viene in ri-
216
Da costo a risorsa - Attività produttive e protezione dei dati personali
lievo poi in relazione ai procedimenti di concorrenza, in cui vanno considerati insieme ed in rapporto ad altri valori meritevoli di tutela.
Una prima questione è l’interferenza della disciplina della privacy sul trattamento delle informazioni confidenziali nell’ambito dei procedimenti di concorrenza. Il regime introdotto dalla disciplina sulla privacy non interferisce direttamente
sul regime della riservatezza e dell’accesso prevista dalla normativa antitrust. Questo
primo punto mi sembra pacifico, ove si consideri la legge n. 675/96 che in sostanza fa salvi i regimi di comunicazione e diffusione di dati da parte di soggetti pubblici (art. 27, comma 2), nonché le vigenti norme in materia di accesso ai documenti amministrativi (art. 43, comma 2).
In secondo luogo, la riservatezza che generalmente viene in rilievo in materia
di concorrenza è quella relativa, tranne alcune eccezioni, alle informazioni confidenziali di carattere commerciale delle imprese coinvolte nei procedimenti antitrust.
Si tratta cioè di dati non direttamente riconducibili al cosiddetto nucleo duro della
privacy, ossia i cosiddetti “dati sensibili” riconducibili alla dignità della persona e di
diretta estrazione costituzionale, che nella legge 675/96 ricevono a buon diritto una
tutela rafforzata. Ciò, ben inteso, non perché si intende negare riconoscimento alle
informazioni confidenziali delle persone giuridiche, parimenti ricomprese nell’ambito di applicazione della legge in questione; ma solo perché, nell’ipotesi di contrapposizione insanabile tra diritto alla riservatezza e diritto di difesa – che in materia di concorrenza possono trovarsi in posizione confliggente - l’esito del contemperamento assume toni meno drammatici di quanto potrebbe risultare in un conflitto con dei dati sensibili legati alla dignità di una persona fisica(2).
Ciò premesso, la disciplina specifica del regime della riservatezza in materia di
concorrenza viene essenzialmente in rilievo nell’ambito del regime dell’accesso. Nel
quadro di un procedimento antitrust il diritto delle parti “imputate” ad accedere ai
documenti raccolti nell’ambito dell’istruttoria è ampiamente riconosciuto perché è
null’altro che il corollario del diritto di difesa delle parti; ma va contemperato con
altri interessi meritevoli di tutela, quali appunto la riservatezza di informazioni di
natura personale o commerciale comunicate dalle parti del procedimento, dai denuncianti o parti terze estranee al procedimento.
La disciplina nazionale è interamente ispirata a quella comunitaria. In ambito
comunitario, in particolare, i principi rilevanti sono esplicitati nella Comunicazione sul diritto di accesso ai documenti acquisiti nei procedimenti antitrust(3), dove la
(2) Ciò detto, anche in relazione alla esigenza di riservatezza di informazioni commerciali delle imprese è forse possibile identificare un ancoraggio costituzionale, un po’ più mediato, nel diritto di proprietà e nello stesso diritto relativo alla libertà di
iniziativa economica.
(3) Comunicazione della Commissione relativa alle regole procedimentali interne per l’esame delle domande di accesso al fascicolo
nei casi di applicazione degli articoli 85 e 86 del Trattato CE, degli articoli 65 e 66 del Trattato CECA e del regolamento CEE
464/89, sul controllo delle concentrazioni tra imprese, in GUCE del 23/1/97, n. C 23/3.
Giuseppe Tesauro - Competizione economica: i vantaggi della protezione dei dati
217
Commissione fornisce un quadro completo della disciplina rilevante, sistematizzando taluni principi elaborati dalla giurisprudenza comunitaria nella materia(4).
La disciplina nazionale prevede dei principi sostanzialmente analoghi. Per cominciare, la disciplina in questione si pone in un rapporto di specialità rispetto al
regime generale sancito dall’art. 22 della nota legge n. 241/90 sulla trasparenza dei
procedimenti amministrativi per il fatto che sussiste nei procedimenti antitrust l’esigenza di contemperare contrapposti interessi, da un lato il diritto di difesa delle
parti, di cui, come si è detto, l’accesso è diretto corollario, dall’altro la salvaguardia
di altri interessi meritevoli di tutela, quali la riservatezza di informazioni di natura
personale o commerciale comunicate dai partecipanti al procedimento o comunque
acquisite dall’Autorità attraverso l’esercizio dei propri poteri investigativi. La specialità della disciplina dell’accesso in materia di concorrenza è stata avallata dal giudice amministrativo (sentenze n. 873 del 15/04/99, Vendo Musica, e n.103 del
14/01/2000, Vetri), nonché ormai anche codificata nell’ordinamento dall’emendato art. 23 della legge 241, nella nuova formulazione recentemente introdotta dall’art. 4, comma 2, della legge n. 265/99.
Sotto il profilo soggettivo, il diritto d’accesso è innanzitutto, ed in forma più
generosa, riconosciuto alle parti “imputate” del procedimento, che lo esercitano come strumento di esercizio dei diritti di difesa. Inoltre, anche gli altri soggetti che
partecipano al procedimento in funzione di un interesse giuridicamente rilevante
hanno diritto ad accedere ai documenti del fascicolo. Si tratta in sostanza, di quei
soggetti portatori di interessi pubblici o privati, nonché le associazioni di consumatori, cui possa derivare un pregiudizio, diretto, immediato e attuale dalle infrazioni
oggetto dell’istruttoria o dai provvedimenti adottati in esito alla stessa ” (cfr. art. 13,
comma 1 e art. 7 dpr 217/98). In sostanza, il legislatore identifica l’interesse legittimante all’accesso con il pregiudizio che un soggetto può ricevere dalle infrazioni oggetto
di accertamento o dall’esito di un procedimento dell’Autorità.
Sotto il profilo oggettivo, sul modello di quanto previsto in sede comunitaria,
la legge identifica tre categorie di documenti suscettibili di segretazione: ossia le informazioni riservate, comprensive, tra l’altro, degli atti contenenti informazioni che
permettono di svelare l’identità di coloro che hanno fornito l’informazione o che
desiderano mantenere l’anonimato rispetto alle parti, nonché taluni tipi di informazioni comunicate alla Commissione a condizione che ne venga rispettata la riservatezza; ii) i segreti commerciali, intendendo per tali quelle informazioni che oggettivamente hanno un valore commerciale sensibile, e la cui divulgazione può arrecare pregudizio economico all’impresa; iii) le note interne, ossia ogni elaborazione degli uffici con funzioni di studio e preparazione del contenuto degli atti nel
corso dell’istruttoria, nonché la corrispondenza eventualmente intercorsa con altre
(4) Si veda in particolare la sentenza 29 giugno 1995, Solvay c/Commissione, causa T-30/91, p. II-1775.
218
Da costo a risorsa - Attività produttive e protezione dei dati personali
istituzioni (art. 13, comma 5). Mentre con riferimento a quest’ultima categoria è
sempre esclusa l’azionabilità al diritto di accesso - e così anche in ambito comunitario -, per le prime due l’ostensibilità è garantita entro certi limiti, peraltro differenti per l’una e l’altra categoria di documenti. Per quanto riguarda in particolare
le informazioni riservate, si pone un principio “positivo” di accesso cui si può derogare eccezionalmente, sicché questo è di regola consentito nei limiti in cui ciò sia
necessario per assicurare il contraddittorio(5). In merito, per converso ai segreti commerciali, la norma prevede una forma di tutela rafforzata, ponendo il principio opposto di sottrazione all’accesso, salvo che dette informazioni non forniscano elementi di prova di un’infrazione o elementi essenziali per la difesa di un’impresa, nel
qual caso gli uffici ne consentono l’accesso, limitatamente a tali elementi (6). In altri
termini, le divergenze testuali delle disposizioni in causa lasciano pensare ad una
deliberata volontà del legislatore di assicurare per la sola categoria dei segreti commerciali una sorta di tutela rafforzata. Concretamente, l’Autorità procede, in relazione alla documentazione per la quale sia stata richiesta la segretazione, al bilanciamento degli opposti interessi all’accesso ed alla riservatezza.
(5) L’art. 13 § 2 d.p.r. n. 217/98 prevede che “Qualora i documenti contengano informazioni riservate di carattere personale,
commerciale, industriale e finanziario, relative a persone e imprese coinvolte nei procedimenti, il diritto di accesso è consentito, in
tutto o in parte, nei limiti in cui ciò sia necessario per assicurare il contraddittorio”
(6) L’art. 13 § 3 d.p.r. n. 217/98 prevede che “I documenti che contengono segreti commerciali sono sottratti all’accesso. Qualora
essi forniscano elementi di prova di un’infrazione o elementi essenziali per la difesa di un’impresa, gli uffici ne consentono l’accesso,
219
Giuseppe Tesauro - Competizione economica: i vantaggi della protezione dei dati
219
Business Competition: Advantages of Data Protection
Giuseppe Tesauro(1)
The relationship between competition and information – or, if you consider the
other side of the coin, competition and data protection – has substantive features,
which are not, however, as simple as one might imagine. Indeed, if a prerequisite for
perfect competition is full, detailed information of all stakeholders – i.e. the lack of
information asymmetry -, it is unquestionable that the exchange of such information
may turn into a tool facilitating collusion.
These issues obviously play a key role with regard to an authority that is in charge
of safeguarding competition, since in many cases it is fundamental to establish
whether data protection is indispensable to prevent information exchanges that might
allow competing business to explicitly or tacitly co-ordinate their activities, or maybe
those exchanges can enhance market transparency to such a degree that competitive
policies are devised with an overall benefit for end-consumers.
Proof of the importance of this subject matter is given by the fact the both Community and national judicial authorities have been long upholding the view that information exchanges are unlawful.
Lawfulness of information exchanges is related, first and foremost, to the sensitive nature of the data. This implies that the exchange of business secrets and/or information on corporate strategies – such as prices or marketing policies – and corporate structure – such as costs and demand patterns – is potentially enough to establish
the existence of “anti-competitive” conduct.
A further consideration to be made has to do with the manner in which those
data are conveyed. Exchanging disaggregate sensitive data is to be evaluated differently from exchanging those same data in aggregate form, i.e. in a way preventing competitors from tracking information on the individual operators.
A third issue has to do with timing, in that exchanging sensitive, disaggregate data in a systematic fashion and at short time intervals allows competing entities to attain a degree of knowledge and response capability such as to undoubtedly facilitate
their striking a non-competitive balance.
Another item to be taken into account is disclosure as limited to the participants
in the exchange of this type of information. This is perhaps the key consideration
here: indeed, if the data are only used by competing operators, they cannot but be
used as a tool to facilitate collusion – providing a key to interpret activities and react
accordingly. Conversely, if the information is published – where published means disclosed to, above all, consumers – it is likely to become a tool enhancing market trans(1) President, Italian Anti-Trust Authority
220
Da costo a risorsa - Attività produttive e protezione dei dati personali
parency, facilitating comparison of prices, quality and products/services on offer and,
therefore, promoting competitive company strategies. The Commission itself, in its
Report on competition policies of 1977, had highlighted that the difference, or rather
one of the differences, between lawful and unlawful exchanges of statistical information had to do exactly with the scope of its dissemination – i.e. among market operators rather than within the marketplace as a whole, where marketplace includes consumers and competitors not involved in those exchanges.
This type of analysis was carried out in several proceedings instituted by the Italian anti-trust authority – of late, with regard to the insurance sector. In this case it was
a system for exchanging information on quite sensitive data – rates, premia, types of
policy, discounts, forecasts, etc. – among the most important insurance companies,
which had been set up by way of a third-party company. This system was considered
to be an instance of concerted practice with a view to unlawful purposes since it could
facilitate adoption of unified commercial policies by the relevant undertakings, which
would be able to set higher commercial premia compared with those applying to a
competitive market. This conclusion could be drawn by the Authority on the basis of
(i) the sensitive nature of the information – which could only be gathered by undertakings rather than by the market as a whole, (ii) the disaggregation of the information subsequently forwarded to the participants – the data were specifically intended
for the individual companies, (iii) the fact that dissemination was only limited to the
companies adhering to the system, and (iv) the continuing nature of input and output data transfers.
The importance of this case consists not only in its being the first one in which
the exchange of data as such was considered to be in breach of competition rules – being aimed at unlawful purposes in order to facilitate concerted practices – but also in
the fact that it could usefully highlight the boundary beyond which exchanging information becomes an anti-competitive practice. Additionally, it allowed re-affirming
the principle that the manner in which such exchange takes place is irrelevant – since
the parties may also make use of a third-party company without this producing any
effects on unlawfulness of their conduct. What really matters is the confidential nature of the exchanged information, the possibility to track each individual operator
and the fact that the information is only available to the parties at stake rather than to
consumers as well.
Given the specific background, transfer of the data among the businesses involved was a means to facilitate business collusion rather than to enhance transparency and ultimately competition.
The need for this type of analysis was felt in many other proceedings, where the
exchange of information was often found to be either instrumental to or part of a larger, more complex agreement that had frequently been made within a trade association.
It is not easy to establish if and when the exchanged data deserve protection or
else must absolutely remain inside a business without becoming the subject of an ex-
Giuseppe Tesauro - Economic Competition: Advantages of Data Protection
221
change between competitors, or perhaps should be disseminated to the highest possible degree in order to promote competition.
Clear-cut, open information to consumers such as to facilitate price assessment
as well as comparisons of the different business parameters might be a major tool to
enhance market transparency, increase consumers’ awareness of a service and therefore
encourage them to get businesses to compete in offering their products.
The sectors in which these issues arise with increasing frequency are those requiring some type of public regulation and/or control. This applies to the pharmaceutical sector, where sales data surveys sometimes appear to be instrumental to the
control of public expenditure in that sector. Setting the boundary between the data to
be protected and the data to be made public becomes a highly sensitive issue under
these circumstances.
Indeed, sales data have become so detailed in this sector – which has also been
the subject of Community measures, including lately the IMS misuse case – that they
practically allow identifying the individual drug as sold by the individual physician in
an area including very few pharmacies. Exactly because of the risk that such a level of
disaggregation coupled with the frequency and sensitivity of the surveyed data might
turn into a factor discouraging, if nothing, business competition, our Authority expressed its “concern” in a report submitted to Parliament. This report relates to the
“Survey of Sales Data in respect of Drugs Paid for by the National Health System” of
29.03.01 and points out the possible distortion of competition resulting from certain
provisions on the collection of drug sales data as performed by public and private
pharmacies in pursuance of the national collective agreement between NHS and pharmacies of 3 April 1997 as well as of Act no. 448/1998 (including “Public Financial
Measures for Stabilisation and Development”) and the Health Minister’s decree no.
7032/1999.
Those provisions required Federfarma [the federation of Italy’s drug manufacturers] to collect sales data as included in the package tags removed from drugs paid
for by the National Health System and subsequently forward them to the Ministry of
Health. This system was recently extended by the 2001 Budget Act to the collection
“of optically readable prescription data concerning physician’s code number, patient’s
code number and prescription issue date”.
Our Authority considered that this system might produce restrictive effects on
competition if any of the collected data were made known to drug manufacturers.
Conversely, no distortion of competition appeared to result from acquisition of those
data by NHS bodies, since the acquired data were instrumental to control and policy-making in respect of pharmaceutical expenditure.
As for Federfarma’s assignment of the data to private entities – which is expressly permitted under the law – primary and secondary legislation sources do not
specify limitations and/or precautions applying to the type of information that may
be assigned or else to the aggregation level. Therefore, our Authority ruled that as-
222
Da costo a risorsa - Attività produttive e protezione dei dati personali
signment of such data to private entities in the absence of specific limitations and
precautions might allow inappropriate use of those data such as to reduce or alter
competition among pharmaceutical businesses. Dissemination of the data at stake
could, first and foremost, enhance market transparency excessively by facilitating
non-competitive practices.
This applies, in particular, to prescription drugs – so-called ethical drugs included in A, B and C classes – since direct and/or indirect knowledge of physicians’ prescription patterns, based in the latter case on the loose aggregation of sales data, may
affect businesses’ information and promotion policies by leading them to take steps
aimed eventually at slicing up a given territory – which cannot but alter competition
mechanisms. Indeed, with regard to these drugs information and promotion activities
make up one of the main areas in which pharmaceutical businesses usually compete.
Based on the above considerations, our Authority considered it appropriate for
the provisions on collection of sales data concerning refundable drugs to be supplemented by the specification of limitations and precautions with regard to the possibility of providing private entities with data that are collected pursuant to law. Firstly, it was stressed that the assignment of data concerning physicians and patients
should be expressly ruled out. Additionally, as for sales data, it should be required that
they be only transferred in aggregated format so as to prevent establishing, whether
directly or indirectly, the positions of competing businesses within a limited geographic area; the minimum aggregation level should consist in the geographic area
corresponding to a province, or else to the individual local health care agencies.
This shows how difficult it is to set clear-cut boundaries between data that
should be protected in order to safeguard market competition, and data that should
be disseminated to facilitate consumers’ “shift” and therefore enhance businesses’
adoption of aggressive competition policies.
The privacy issue in connection with confidential data and information is also to
be taken into account as regards competition proceedings, where it is to be considered
both jointly with and as related to other values deserving protection.
A first topic to be considered has to do with the way in which privacy regulations
may interfere with processing confidential information in connection with competition-related proceedings. Privacy regulations do not interfere directly with confidentiality and access regulations included in antitrust laws. This first argument cannot be
disputed, in my view, especially if one considers that Act no. 675/1996 practically
leaves unprejudiced the provisions on data communication and dissemination by
public bodies (Section 27(2)) as well as those regulating access to administrative
records (Section 43(2)).
Secondly, the confidentiality issues that are relevant with regard to competition
matters have to do mostly with confidential business information disclosed by businesses that are involved in antitrust proceedings. That is to say, they have to do with
data that cannot be classed directly among the so-called core privacy data – i.e. “sen-
Giuseppe Tesauro - Economic Competition: Advantages of Data Protection
223
sitive” data, which are related to human dignity and protected directly by the Constitutional Charter, being aptly the subject of enhanced safeguards under Act no.
675/1996. This does not mean that confidential information of legal persons is not
taken into consideration – in fact, it falls under the scope of application of the data
protection Act; however, if right to privacy and right to defence happened to be in
conflict – as may be the case in competition-related proceedings -, the impact of the
attempt to strike a balance between those rights should be regarded as less devastating
than that possibly resulting from a conflict involving sensitive data related to dignity
of individuals.(2)
Having said this, the provisions specifically applying to privacy in connection
with competition issues are to be taken into account mainly with regard to access issues. Within the framework of antitrust proceedings, the right of “defendant” to access documents collected in the preparatory phase is widely recognised, it being no less
than the logical consequence of the parties’ right of defence; however, this right should
be reconciled with other interests deserving protection, such as the confidentiality of
personal and/or business information that may be disclosed by the parties themselves,
the complainants or third parties.
National laws are wholly modelled after Community legislation. In particular,
the relevant principles underlying the latter were highlighted in the Notice on right of
access to documents acquired in the course of antitrust proceedings(3), where the Commission provided a full picture of the relevant provisions by systematising principles
developed in Community case law concerning this subject-matter.(4)
National law is grounded on basically similar principles. To start with, the relevant provisions particularise the general rules laid down in Section 22 of
Act no. 241/1990 on openness of administrative proceedings. A feature of antitrust
proceedings consists in the need to reconcile opposing interests – on the one hand the
parties’ right of defence, whose direct consequence is the abovementioned right of access, on the other hand the need to ensure respect for other interests deserving protection – such as confidentiality of personal/business information that may be disclosed by the parties to the proceeding or else acquired by the Authority exercising its
own investigational power. The fact that competition-related provisions particularise
the general rules referred to above was upheld by administrative courts in several decisions and eventually enshrined in the amended text of Section 23 of Act 241/1990
(further to Section 4(2) of Act no. 265/1999).
As for the entities concerned, the right of access is granted first and foremost to
the parties acting as “defendant” in a proceeding, such parties using this right as a tool
(2) Having said this, perhaps the confidentiality requirements applying to business information might be grounded – albeit
less directly – on constitutional principles by referring to ownership law and freedom of enterprise.
(3) COMMISSION NOTICE on the internal rules of procedure for processing requests for access to the file in cases pursuant to Articles 85 and 86 of the EC Treaty, Articles 65 and 66 of the ECSC Treaty and Council Regulation (EEC) No 4064/89, published
in OJEC of 23.01.97 (no. C 23/3)
(4) See, in particular, the Decision of 29 June 1995, Solvay v. Commission, Case T-30/91.
224
Da costo a risorsa - Attività produttive e protezione dei dati personali
to exercise the rights of defence. Furthermore, the other parties to the proceeding
claiming legally enforceable rights are entitled to access the documents included in the
case file. Here reference is made basically to entities representing private and/or public interests as well as to consumer associations, which may suffer direct, immediate,
present harm on account either of the infringements that are the subject of the proceeding or of the measures taken upon conclusion of the proceeding (see Section
13(1) and Section 7 of Presidential Decree no. 217/1998). Basically, our lawmakers
have identified legitimation to access in the harm possibly suffered by an entity either because of the infringements being investigated or on account of the measures that may be taken once the proceeding by our Authority is finalised.
As for the substantive matter, three categories of document liable to secrecy rules
are referred to in our law after the model set forth at Community level – i.e. confidential information, including records containing information disclosing the identity
either of the information providers or of individuals intending to remain anonymous
as well as certain categories of information that is supplied to the Commission on condition that it is kept confidential; ii) business secrets, meaning information that is
commercially valuable, whose disclosure may be prejudicial to a company in economic terms, and iii) internal notes, i.e. any drafts prepared by officers in order to
evaluate and develop the contents of documents to be used in the preparatory phase
as well as any correspondence with other institutions (Section 13(5)). Whereas the
right of access may never be enforced with regard to the latter category – which is also the case at Community level - , disclosure of the relevant documents is allowed to
a certain extent with regard to the former two categories; the extent of disclosure is actually different in the individual case. As regards, in particular, confidential information, an “affirmative” access principle applies that may be derogated from on an exceptional basis – therefore, access is allowed, as a rule, insofar as it is necessary to ensure due process.(5) Conversely, with regard to business secrets a sort of enhanced protection is provided for – access being denied, as a rule, except where the information
can provide items of evidence in connection with an infringement, or else essential
items of information for a business to defend itself, in which case access is permitted
with regard to such items.(6) In other words, the different wording used in the two provisions referred to here would point to the lawmaker’s deliberate intention of ensuring a sort of enhanced protection exclusively with regard to business secrets. In practice, we seek to balance the opposing interests (privacy vs. access) in dealing with documents for which a request of classification has been made.
(5) Under Section 13(2) of Presidential Decree no. 217/98, “If a document contains confidential information of a personal, business, industrial or financial character with regard to individuals and businesses involved in the proceedings, the right of
access shall be granted, in whole or in part, insofar as it is necessary to ensure due process”.
(6) Under Section 13(3) of Presidential Decree no. 217/98, “Documents containing business secrets may not be accessed. If they
can provide items of evidence of an infringement, or else essential items of information for a business to defend itself, access shall be
granted with regard to said items”.
Giuseppe Tesauro - Economic Competition: Advantages of Data Protection
225
The Anonymous Consumer
Herbert Burkert(1)
Contents: I. Introduction – II. What is the “Anonymous Consumer” – III. Why should
we have the Anonymous Consumer? – IV. Does the Anonymous Consumer Make Sense
Business-wise? – IV.1. Is the Anonymous Consumer technically possible? - IV.2. Are there
still any useful business purposes for non-personal data? – IV.3. Is anonymous data as
valuable as personal data? – V. Why do we see so few “Anonymous Consumer” models,
and how can we have more of them? – VI. Summing up
I. Introduction
I intend to approach the issue of the “Anonymous Consumer” by posing four
simple questions and looking for brief but not so simple answers:
(1) What is the Anonymous Consumer?
(2) Why should we have the Anonymous Consumer?
(3) Does the Anonymous Consumer make sense - business-wise?
And - finally - should the last two questions have been answered in the affirmative, why do we see so few models of the “Anonymous Consumer” and how may
this situation be amended?
II. What is the Anonymous Consumer?
A consumer is any natural person who in the meaning of Art. 2e of the Directive 2000/ 31 is
“acting for purposes which are outside his or her trade, business or profession.”(2)
The Anonymous Consumer then is a consumer the data on whom, if there is
any, cannot be regarded as “personal data” in the meaning of Art. 2 a) of the Directive 95/46 (3), because this data, if any, he or she can no longer be identified ...
“directly or indirectly, in particular by reference to an identification num(1) President, Research Centre for Information Law, University of St. Gallen.
(2) Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000, on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce), Official Journal 17 July 2000, No. L 178 p.1.
(3) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal of the European
Communities of 23 November 1995 No L. 281 p. 31.
226
Da costo a risorsa - Attività produttive e protezione dei dati personali
ber or to one or more factors specific to his [or her] physical, physiological,
mental, economic, cultural or social identity.”
Without returning to the debates of the past on the limits of identification and
what can really be perceived as “anonymous” in view of the increasing amount of
additional knowledge that is available in computer systems today(4), it should suffice
for the moment to remember that while to decide whether data is anonymous is a
binary decision, this decision has to take into account a large number of “environmental” variables.
III. Why should we have the Anonymous Consumer?
This question may sound surprising because of its simplicity. If laws require
the “Anonymous Consumer” then, of course, we should have the “Anonymous
Consumer”.
However, behind the question there seems to be a fundamental dilemma of data protection:
Data protection is about informational self-determination, and self-determination implies choice. In this context it would be the choice between remaining, becoming or being anonymous and resting identifiable. If the “Anonymous Consumer” is required by law then such choice would be eliminated by the paternal decision of the law maker. Taking away such a choice would de-legitimize the very
own normative position of a law maker implementing data protection.
Such reasoning, however, would be based on a fallacy, and the normative position can easily be re-legitimized simply by re-questioning the notion of “choice”
and by recalling the basic requirements of “choice”:
- How frequent are the situations in which a consumer has a real choice between anonymity and identification?
- How frequent are the situations in which a consumer can make an educated decision between anonymity and identification?
- How frequent are the situations in which a consumer can exercise his or
her preference regardless of his or her previous decision?
Not very frequent, indeed. - In view of such limitations of choice data protection legislation has wisely supplemented the self-determination principle with a
number of other safeguards, like e.g. the data processing principles for data quality
and quantity. One of these principles is the “minimum principle” requiring that
when designing information handling systems the first question should be whether
personal information is needed at all, and if it is such information should be han(4) See already: Burkert, Herbert: Das Problem des Zusatzwissens. In: Kaase, M. et al. (eds..); Datenzugang und Datenschutz.
Konsequenzen für die Forschung. Frankfurt am Main 1980, 170-176.
Herbert Burkert - The Anonymous Consumer
227
dled as sparingly as possible. Only very recently, the “minimum principle” has only very recently been restated in Recital 30 of Directive 2002/58/EC(5):
“ (30) Systems [...]should be designed to limit the amount of personal data necessary to a strict minimum. [...]Where [...] activities cannot be based
on aggregated data, they should be considered as [...] services for which the
consent of the subscriber is required.”
We may therefore summarize: Precisely because choice, as real choice, plays
such an important role in the self-determination value system of data protection we
do need the “Anonymous Consumer”. The “Anonymous Consumer” remains fully
consistent with the normative requirements of data protection.
Normative positions, however, have to acknowledge economic forces. This is
necessary not to give in into the futility of enforcement in view of such forces, but
in order to get a better understanding of the probabilities and conditions of enforcement so that better suited tools of enforcement can be employed.
Such tools would have to take into account “the law of natural resistance to
law”; or to put it positively, such tools have to consider the attractiveness of the regulatory concept they represent. The next question therefore is:
IV. Does the Anonymous Consumer Make Sense Business-wise?
This is a very broad question; obviously there are different factors to be considered in different business environments. We will stay here on a more general level.
On that level the concept of the “Anonymous Consumer” is occasionally qualified as an absurdity because - very simply - deliveries to real people need real world
addresses and real payments from real people to real people have to be settled. However, such a simplistic view neglects technical and organizational opportunities. To
understand these opportunities better, it seems useful to break down the initial
question into three sub-questions:
- Is the “Anonymous Consumer” technically (and/or organizationally) possible (4.1 below)?
- If so, are there also reasonable business uses for anonymous consumer data (4.2 below)?
- And, finally, are such uses of anonymous data economically equivalent to
the use of personalized data (4.3 below)?
(5) Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Official Journal of 31 July 2002, L 201, p. 37.
228
Da costo a risorsa - Attività produttive e protezione dei dati personali
IV.1. Is the Anonymous Consumer technically possible?
In a different context(6) we have described the concepts of “Privacy Enhancing
Technologies”. Such technologies (i.e. ensembles of technical and organizational
measures) make it possible to interact with persons as individual entities without,
however, revealing the personal identity of these persons.
Some such measures could e.g. easily be implemented (and are already being
partially implemented) to solve the delivery and payment problem: Easily accessible places like e.g. filling stations could be designated as delivery points where customers would pick up the goods they have purchased online. Customers would
identify themselves via code numbers they have received from the selling company
rather than by revealing their personal identity. Forms of payments have already
been tested in which e.g. banks act as trusted third parties ensuring payments for
deliveries without revealing the identity of the customer to the selling company.
On a more general level several approaches could be imagined to create
“Anonymous Consumers”. In business transactions
- identifiers could be destroyed after a transaction to make any new matching of identifiers and identified object impossible;
- identifiers could be entrusted to third parties or trusted entities within
business operators or consumer organizations acting behind “Chinese
Walls”;
- and finally identifiers could be left with the consumer.
All these concepts invite technical and organizational imagination; some of
these concepts, as indicated above, have already been implemented. With increasing
processing speed, miniaturization, higher compression rates, and stronger processing
power we can also well imagine a number of innovative engineering solutions which
would work particularly well in the context of “Anonymous Consumer” designs.
So, basically, the Anonymous Consumer is both technically and organizationally possible.
IV.2. Are there still any useful business purposes for non-personal data?
This question is best answered by another question: Is there useful planning
with (anonymous) statistical data? If not, we should close our statistical offices. - In
fact statistical data is useful precisely because it is anonymous: It is the anonymity
of the data which helps to ensure (although it is no absolute guarantee) its validity.
Data mining applications are using anonymous data to identify consumption
patterns and improve production and logistics. Websites assign identifiers for opti(6) Burkert, Herbert: Privacy Enhancing Technologies.: Typology, Critique, Vision. In: Agre, Philip E.; Rotenberg, Marc
(eds): Technology and Privacy: The New Landscape. MIT-Press. Cambridge 1997, 125-142.
229
Herbert Burkert - The Anonymous Consumer
229
mization purposes without tracing the identity.
So there are sufficiently wide areas in which anonymous data is useful for business purposes.
IV.3. Is anonymous data as valuable as personal data?
To state it clearly: Consumers who have chosen to remain anonymous cannot
be reached as easily with customer targeted information. Other measures of outreach
would, of course, still be possible. “Anonymous Consumers” could even still be the
object of improved and continuous customer relationship models; with, however, the
final choice of being reached resting with the customer. In terms of marketing response, such a design would , of course, reduce the probability of reach which in turn
might change the effort/effect-ratio of direct customer relationship models.
The profitability of business organizations, however, does not depend on the
profitability of a single activity or a group of activities but on the overall profitability of the entity. Privacy considerations and considerations of customer choice are,
of course, part of any comprehensive cost-benefit-analysis of a company. The problem of privacy in such models (this applies for security considerations as well) is that
it enters calculations more as a soft than as a hard figure. Soft figures are figures
which require individual cost (and benefit) assessments based on individual perceptions which in turn are based on a number of factors on which it is difficult to
achieve at least inter-subjective consent.
Businesses, again with strong differences among business areas, have over the
last years put a stronger emphasis on the benefits of consumer privacy, at least judging from advertisement campaigns; although such a statement would need closer
scrutiny since at times, particularly banks and insurance companies read privacy
simply as confidentiality towards third parties with out necessarily endorsing an
“Anonymous Consumer” concept for their own operations.
In summary - while anonymous data is by far not synonymous with useless data the outcome of an evaluative comparison largely depends on the privacy input
into the cost-benefit analysis.
V. Why do we see so few “Anonymous Consumer” models, and how can
we have more of them?
We have stated so far
- that the “Anonymous Consumer” is technically and organizationally possible;
- that the “Anonymous Consumer” is still useful in the business context, al-
230
Da costo a risorsa - Attività produttive e protezione dei dati personali
though there are questions about his or her comparative value to the “Identified Consumer”;
- and that availability of the “Anonymous Consumer” model is a normative
necessity.
Against these observations it is striking that there are so few models in operation and if they are they are usually not offered as an equivalent choice.
We have already indicated one of the possible explanations:
- The comparative value of anonymous information is seen as doubtful.
We can assume there are other “environmental” factors at work in this situation. We tentatively list some of them
- The perhaps most often used argument is that the consumer does not
want it. And where there is no demand, there is no supply. This argument
is in contrast with consistent results in opinion polls over the last years,
which return privacy as very highly valued. This result in turn is, of course,
in contrast with very many so-called real-life decisions where consumers
constantly seem to give up their privacy in exchange for easy comfort. However, this contrast rather seems to prove that there are no equally comfortable anonymous solutions available to allow real time decisions to be in
tune with long term preferences which then would finally turn the demand
problem into a supply problem.
- Another element is, of course, still a lack of awareness. One of the standard text books on marketing(7) published after the general European directive does not contain references to privacy related issues although it carries
a remarkable section on “marketing and society”. There is also - judging
from the available sources - very little experience with the use of Privacy Enhancing Technologies in the context of marketing.
- Businesses may be subject to a fallacy as regards the effectiveness of personalized marketing which may lead to a tendency to overrate the benefits
of identification and underestimate the benefits of privacy.
- There are other elements in the business environment, outside the direct
control of businesses which discourage the concept of the “Anonymous
Consumer”. There are areas where consumers have to identify themselves
for public policy reasons. These obligations should not be confounded e.g.
with age verification requirements. Such requirements could be fulfilled by
technical and organizational means - using Privacy Enhancing Technology
approaches like digital signatures.
- Consumer Protection is sometimes juxtaposed with Privacy Protection
(7) Kotler, Philip; Armstrong, Gary; Saunders, John; Wong, Veronica: Principles of Marketing. The European Edition. Prentice Hall: London etc. 1996. - Boone, Louis E.; Kurtz, David L.: Contemporary Marketing , 9th ed. 1999 introduces the issue as an internet (technology) related problem in a small 5 line section in its chapter on social and regulatory issues (p. 86).
Herbert Burkert - The Anonymous Consumer
231
and - would in such a constellation - indeed discourage the implementation
of “Anonymous Consumer” models. Again, however, we meet with habits
but not with necessities of thinking: Appropriate use of organizational and
technological imagination has and will design consumer protection friendly privacy devices. An anonymous charge card e.g. with printout facilities
would provide better means of itemized cost control than detailed records
kept at business organizations.
In essence then, this list basically leaves us with the initial observation: The
comparative value of identifiable consumer information is regarded higher than the
value of anonymous information and - as a result of this, no sufficient “Anonymous
Consumer” models are produced for the market.
To change this situation - against the background of the normative requirements - a cost relevant incentive, possibly in terms of “hard” figures, for the creation
of “Anonymous Consumer” models has to be created.
Several such incentives to increase the observance of data protection have been
discussed in various contexts; e.g. the offer to undergo privacy audits and to ease
other supervisory measures in exchange. I assume incentives of a more substantial
nature are needed to change the outcome of internal cost/benefit-assessments. In
parallel to similar current reflections on information security(8), I suggest - particularly against the background of the current regulatory situation in the European
Union - to reflect more on measures to substantially increase the costs of privacy infringements in terms of hard figures by increasing fines, civil damages, introducing
punitive damages, and facilitating the transfer of costs of privacy investigations to
the investigated party. Since such costs enter cost assessments still only as risk figures, which in turn are the product of the expected disadvantage and the probability of being held responsible, such measures have to be accompanied by facilitating
privacy infringement procedures.
Since almost thirty years now data protection agencies in Europe have constantly emphasized their educative rather than their interventionist function. It is in
this spirit that at the European Commission Workshop on Data Protection, in October 2002, during the session “Better Compliance: Guidance, Enforcement and
Self-Regulation” , Mrs Susan Gold, Chair for the UNICE Data Protection Working Group had re-emphasized the general assumption:
“In order to ensure compliance, the best sanction is the fear of bad publicity and peer pressure. For all organisations the threat of negative publicity
in relation to data protection is more than sufficient to encourage, and
(8) See: Schneier, Bruce: Fixing Network Security by Hacking the Business Climate. June 2002. Available at :
http://www.counterpane.com/presentation4.pdf [last verified 10 February 2003).
232
Da costo a risorsa - Attività produttive e protezione dei dati personali
hopefully to ensure, compliance.”(9)
Unfortunately, as we have seen with other business regulations in the not so recent past, this is hardly sufficient. Such considerations, as the one quoted above, do
unfortunately not enter cost/benefit analyses as hard figures.
On the other hand supervisory authorities in the United States have passed
substantial fines or transferred considerable sums of investigation costs to investigated parties. It is obvious that a “penalty” oriented approach is not an overall solution to every problem and that the European approach has certainly helped to
raise awareness for privacy issues. The recent US approach on the other hand clearly offers ways how to introduce privacy into internal business equations more effectively. It can also not be neglected that there are fundamental differences in the
legal environment between most of the European countries and the possibilities and
opportunities of US law on these matters, and it is an open question whether and
to what effect and with which costs such elements are transferable from one legal
culture into another.
Again, however, it has been the European Union which at various occasions
has made a point of upholding privacy protection as a universal principle and has
strived to help this principle gain effect in a process of regulatory convergence, as
represented e.g. by the safe harbor approach trying to bridge US and European
Union concerns. It is about time that the European Union realizes that convergence
works into both directions and that there are elements in the US approach which
would deserve at least closer scrutiny.
In a nutshell: Art. 24 of the Directive 95/46 is in urgent need of a reappraisal.
VI. Summing up
So in summing up the answers: Yes, we should have the “Anonymous Consumer”; consumers do want to have a true choice and consumers should have a true
choice. This is part of the value system on which we operate and law is there to enforce it. The “Anonymous Consumer” is technically and organizationally possible.
The “Anonymous Consumer” model, however, is still not sufficiently attractive as a
business model. This situation could be amended - if in the process of regulatory
convergence the balance of the cost/benefit analysis could be slightly tilted in favor
of privacy by introducing some new cost factors for non-compliance.
(9) http://europa.eu.int/comm/internal_market/en/dataprot/lawreport/speeches/gold_en.pdf - page 5 of her summary.
Herbert Burkert - The Anonymous Consumer
233
Prevenzione e risarcimento dei danni
Pierluigi Monateri(1)
Nel mio intervento affronterò tre punti.
In primo luogo farò riferimento ad alcuni casi decisi dalle Corti, per chiarire alcuni concetti che credevo elementari e che invece ieri, nel discorso di Etzioni, ho visto ancora confusi, come lo sono credo volutamente nei discorsi di Posner o di altri.
Quindi passerò a un secondo punto che è quello di affrontare l’economia della privacy, come ha fatto ieri Gellman, per vedere quali sono le storture tipiche che
il discorso economico subisce quando ci si rivolge alla privacy, ovvero come il discorso normale dell’economista viene piegato in considerazioni che, normalmente,
non si fanno, in virtù dell’oggetto particolare della privacy.
Infine arriverò a considerare la privacy come fattore strategico nella competizione globalizzata che oggi esiste fra Europa e America.
Quindi partirò da un punto molto elementare, nel senso di cose che dovremmo sapere, e le affronterò dal punto di vista del legalese, come ha detto Etzioni. Sicuramente il legalese è noioso, ma è fatto per affrontare il mondo in modo preciso.
Certamente spesso il legalese è usato per raggirare il prossimo, però sempre ... con
precisione! E allora incominciamo col dire che la questione della tutela della privacy
non ha nulla a che fare con l’onore e l’identità personale, e, soprattutto ovviamente non ha nulla a che fare col public interest alla rivelazione di dati per evitare che
dei reati siano commessi. La privacy in sé ha anche poco a che fare con la tutela dell’onore quale diritto a non vedersi attribuire fatti non veri e infamanti. Allo stesso
modo essa si differenzia dal diritto all’immagine e all’identità, i quali, ovviamente,
valgono come diritto a non vedersi attribuire fatti e opinioni che non ci appartengono anche se non sono infamanti. In questi casi siamo sempre nell’ambito del rispetto della verità, di ciò che comunque è vero, sia o meno infamante.
La riservatezza di per sé, invece, concerne proprio il problema della privativa
sui fatti della propria vita, indipendentemente dal fatto che siano infamanti o meno, o altro; si tratta proprio della definizione di un diritto di proprietà, diciamo così, sui fatti della propria vita, anche se avvenuti in pubblico. Fatti neutri, indipendentemente dai loro riflessi morali o sociali, onde lo stesso nome e indirizzo o, appunto, le proprie preferenze alimentari, di consumatore di libri e così via.
In tale ottica analizzerò solo tre casi tra cui l’ultimo che Buttarelli ci ha fatto presente ieri, ed è ovvio in questo discorso che se c’è una questione di public interest il
diritto o meno di privativa sui propri fatti indifferenti viene meno, per cui questi fat(1) Università degli Studi di Torino - Italia
234
Da costo a risorsa - Attività produttive e protezione dei dati personali
ti devono essere rilevati, onde non c’è più possibilità di uso ideologico di questi esempi per contrastare il diritto alla privacy.
Cominciamo dal caso del tenore Caruso, per passare a quello degli eredi Petacci e per finire con il caso della Bnl che è stato deciso recentemente dal tribunale
di Orvieto.
Il caso Caruso è stato deciso dalla Corte Suprema nel ’56, laddove il tenore Caruso si lamentava perché in un film venivano rappresentati alcuni fatti della sua vita privata e famigliare: si vedeva il tenore da bambino che rompeva una brocca e il
padre lo picchiava; si vedeva il padre perseguitato dai propri creditori; si vedeva il
tenore che dopo i fischi meditava il suicidio sulle scogliere di Bari; si vedeva il tenore che abbracciava una donna all’epoca dei fatti libera, ma sposata all’epoca della
proiezione del film. Quindi si può dire che fossero tutti fatti indifferenti, ma gli eredi Caruso si lamentavano della loro divulgazione. La Corte Suprema stabilì in una
sentenza che é ancora scritta in un bellissimo italiano, anche se totalmente sbagliata, che, chi non ha saputo o voluto tenere celati i fatti della propria vita, non può
pretendere che il segreto sia mantenuto dalla discrezione altrui. Ora, questa è la classica ipotesi dal punto di vista economico, in cui non si ha alcuna titolarità sui fatti,
ma un loro semplice “possesso”, onde nel momento in cui perdiamo il possesso dei
fatti allora questi diventano liberi e sono commercializzabili.
Questa posizione è cambiata nel caso Petacci del ’63. Senza stare ora a narrarne i fatti basti ricordare che la Corte Suprema ha riconosciuto che esiste una titolarità sui fatti della propria vita privata, una titolarità ben al di là del semplice possesso, come vedremo, nel senso che se anche se ne perde il controllo, e questi vengono divulgati si può pretendere che gli altri non li divulghino ulteriormente, che è
poi la posizione che è stata assunta dal legislatore.
Il caso più recente del tribunale di Orvieto del 2002, che riguarda la Bnl, è particolarmente interessante per noi in quanto applicazione della legge sulla privacy. In
tale caso si trattava di alcuni fogli sparsi lasciati sul davanzale di una finestra della
banca, fra i quali si trovava la posizione debitoria di alcuni soggetti. Un terzo, che
per caso conosce questi soggetti, rinviene tali fogli sparsi con le notizie che riguardano la loro esposizione debitoria e li avvisa. Costoro fanno azione per la violazione della loro privacy e chiedono un risarcimento di 600 mln di vecchie lire.
Il tribunale riconosce la sussistenza della violazione della privacy che deve essere in questi casi tutelata, e, rispetto a tanti discorsi sofisticati che abbiamo fatto,
possiamo apprezzare la dura rozzezza della realtà italiana. Giacchè, ovviamente, al
di fuori dell’Italia a nessuna banca verrebbe in mente di trattare i propri clienti come le banche italiane fanno, e se mai succedesse, quella banca sarebbe penalizzata,
ad esempio negli Stati Uniti con dei punitive damages che la metterebbero out of
business. Peraltro, nella fattispecie i dati sull’esposizione debitoria degli attori era-
Pierluigi Monateri - Prevenzione e risarcimento dei danni
235
no stati ricavati pure in modo illecito, ma erano poi stati distrattamente abbandonati sul davanzale.
Il Tribunale ha stabilito un risarcimento di ora 25.000,00 euro per ciascuno degli attori a titolo di danno morale. Invero nella decisione non c’è alcun ragionamento su come si arriva a questa cifra, quindi il problema vero è ovviamente che noi
non abbiamo un ragionamento su come arrivare a giustificarla. 25.000,00 euro è
tanto o poco? Dal punto di vista della sanzione della Bnl è niente. Tuttavia si potrebbe forse adottare una teoria hayekiana e sostenere che una cifra, un prezzo, ci
comunicano sempre molte più informazioni di quelle che sappiamo dire a parole,
onde di fronte ad una cifra monetaria abbiamo delle impressioni che poi non sappiamo verbalizzare completamente, e forse dal punto di vista del danno morale italiano classico lo standard di 25.000,00 euro per il foglietto abbandonato sul davanzale rappresenta una somma adeguata, una somma che noi potremo ritenere adeguata anche se non sappiamo spiegare il perché, così come con un mero ricorso all’equità non l’ha saputo spiegare neanche il Tribunale. Ovviamente disponiamo di
criteri generali sul risarcimento del danno morale, determinati dalla Cassazione, ed
essi sono la densità della sofferenza subita dalla vittima, la gravità del fatto dannoso, la presenza di dolo, colpa o concorso di colpa, e addirittura la condizione economica delle parti.
In particolare, in base a tale ultimo criterio, si potrebbe addirittura giungere a
dei danni potenzialmente punitivi, giacchè se la parte che ha cagionato la violazione della privacy è molto ricca, mentre l’attore è molto povero, il criterio delle condizioni economiche delle parti, in base alla precedente sentenza della Corte di Cassazione n. 1371 del ’67, permetterebbe di arrivare ad un risarcimento che deve essere sensibile per il soggetto che ha provocato il danno.
Ma veniamo ad affrontare l’economia della privacy, in quanto, dopo tutto, la liability cioè le regole di responsabilità civile, non sono che un riflesso giuridico di considerazioni che poi devono avere a che fare con l’economia dei beni che tuteliamo.
Orbene in vari discorsi americani, e nella stessa voce privacy che Posner ha redatto per il dizionario Palmgrave di Law & Economics edito da Newman, si mette
addirittura in discussione che ci possa essere una titolarità sui fatti indifferenti, dal
momento che tale titolarità non sarebbe efficiente.
Io credo che alla fin fine Posner abbia ragione, perché se fosse efficiente l’America tutelerebbe la privacy molto di più di quello che facciamo noi. Non ho mai
visto, infatti, l’ordinamento americano sposare una teoria inefficiente. Ma ciò vuol
dire che molte cose che ci vengono raccontate sul fatto che invece tutelare la privacy
è efficiente, e fa bene al sistema economico, forse rientrano nei discorsi ideologici,
forse sono discorsi di falsa coscienza.
Però, secondo me, Posner ha torto dal punto di vista dei ragionamenti norma-
236
Da costo a risorsa - Attività produttive e protezione dei dati personali
li, e cercherò di dimostrarlo molto brevemente.
Naturalmente noi possiamo considerare questa risorsa, chiamata privacy come
libera, o come affidata ad un titolare, poi possiamo decidere se questo titolare è chi
detiene l’informazione, il consumer, ad esempio, o invece chi investe per avere quelle informazioni, quindi ad esempio l’impresa.
Può la privacy essere una risorsa libera?
Solo le risorse che non hanno un valore economico possono essere libere, altrimenti, se hanno un minimo di valore economico non possono essere libere, altrimenti non verrebbero allocate in modo efficiente.
Ora, evidentemente, i fatti che per così dire costituiscono il dominio di una risorsa di privacy hanno un valore economico, altrimenti non verrebbero raccolti, distribuiti, e non verrebbero commercializzati.
Quindi la privacy non può essere libera, onde può essere solo di colui che la
detiene all’inizio, cioè il consumer, oppure può essere dell’impresa.
Allora se noi diciamo che é di colui che la detiene, ovviamente avremo una allocazione normale, cioè la allocazione mediante contratto, perché se i vari soggetti
privati hanno la titolarità sui fatti della loro vita, allora questa può venire allocata
mediante contratto, e noi sappiamo che questo è il modo più efficiente per allocare le risorse, è il modo per raggiungere la frontiera paretiana.
Però Posner non dice così, dice che in questi casi invece occorre che la risorsa
sia attribuita a chi ha investito tempo, denaro e costi per procurarsi quella risorsa,
ovvero è andato a procurarsi i dati di varie persone, le informazioni su di loro, le ha
collezionate e quindi ha creato un bene.
Questo ragionamento significa che i privati non hanno un diritto sulle informazioni che li concernono, mentre queste sono possedute legalmente dalle imprese
che hanno investito per procurarsele.
Tale ragionamento va benissimo, ma rappresenta la teoria del valore-lavoro.
Vi è da chiedersi, allora, perché rispetto alla privacy colui che impiegato il lavoro per ottenere la risorsa se ne approria: se ciò vale per la privacy, perché non vale per tutte le risorse scarse? Se il ragionamento di Poster vale per la privacy, allora
le terre debbono venire distribuite ai contadini, e i macchinari devono appartenere
al proletariato.
I cultori dell’economia neo-classica hanno ripetuto fino alla nausea che “nessun pasto è gratis”, e nondimeno ci vengono poi a raccontare che le informazioni
sono la risorsa principale della nuova economia, e che tale bene essenziale può essere gratis per l’impresa!
Dai più grandi maestri del mercato apprendiamo non c’è una cosa come un free
lunch, ma scopriamo che invece esistono delle cose come le free-infos.
Ciò è già di per sé buffo, ma diventa veramente paradossale se sosteniamo con-
Pierluigi Monateri - Prevenzione e risarcimento dei danni
237
temporaneamente che le infos come risorsa spettano a chi ha investito lavoro per
procurarsele. Questa è una allocazione marxista delle risorse che va molto bene, ma
sicuramente non è la allocazione mediante il contratto di mercato.
Delle due l’una: o bisogna riconoscere che il contratto non è il modo più efficiente per allocare le risorse, o si deve concludere che sul punto i maggiori economisti deviano il discorso economico per giungere ad un risultato che non è in linea
con le premesse comunemente assunte della teoria economica.
Se tali premesse fossero seguite si giungerebbe de plano ad affermare che esiste
una titolarità sulla privacy, e che è proprio tale titolarità che assicura una sua allocazione efficiente in base al contratto, giacchè essa sola assicura che la risorsa graviti verso gli usi socialmente più vantaggiosi.
In caso diverso ci dovremmo accontentare di utilizzi subottimali delle risorse
connesse.
Perché avviene questa deviazione dalle premesse?
Cerchiamo di vederlo analizzando, per finire, il contesto strategico della privacy.
Secondo me aveva ragione Gellman all’inizio quando diceva che non si può separare la politica dall’economia della privacy.
Io ovviamente credo che in teoria, adottando un qualunque modello consueto,
è efficiente proteggere la privacy, perché è semplicemente una questione molto rozza
di calcolare quanto ciascuno di noi investirebbe per tutelarsi contro la divulgazione
e l’espropriazione dei propri fatti, rispetto a quanto invece deve pagare l’impresa semplicemente per chiedere il consenso e collazionare questa informazione.
Siccome in teoria i costi di autotutela di tutti i soggetti potenzialmente coinvolti sarebbero molto alti, allora è più economico tutelare la privacy.
In pratica, però, questo non avviene, perché uno dei paradossi è che questo costo che i consumatori avrebbero ad autotutelarsi non viene pagato. Ovvero sebbene
nei questionari i consumatori dimostrino una forte preferenza per la tutela della loro privacy, in pratica essi non sono disposti ad attivarsi per la sua tutela. Quindi in
realtà il costo è teorico
L’autotutela diffusa, che porta a concludere a favore della tutela della privacy, è
un costo che in pratica non viene pagato, e quindi, dal punto di vista della business
efficiency, risulta più conveniente abbassare ulteriormente i costi delle imprese non
tutelando la privacy, e quindi esonerandole dai costi associati alla gestione dei diritti di privacy dei consumatori.
La società nel suo complesso in realtà ci guadagna a non far pagare le acquisizioni di dati all’impresa, perché, ammessa la tutela della privacy, l’impresa deve effettivamente pagarne i costi associati, mentre i consumatori non pagano il loro costo di autotutela, perché in realtà non si autotutelano, quindi in realtà una società
che tutela di meno la privacy affronta costi sociali complessivi inferiori.
238
Da costo a risorsa - Attività produttive e protezione dei dati personali
Credo che tale differenza tra i costi fittizi dell’autotutela e i costi reali dell’impresa in regime di tutela legislativa della privacy debba venire esplicitamente assunta, e non nascosta nelle pieghe ideologiche del dibattito, mediante operazioni maldestre di stortura dei ragionamenti consueti.
Veniamo così veramente al nocciolo della competizione globale tra America e
Europa giacchè a me sembra evidente che, sul punto, la cittadinanza americana, una
volta tanto, nel mercato globale delle idee, si pone come una cittadinanza di seconda classe.
Peraltro ciò avviene in un’area strategica come quella dei diritti di cittadinanza
dei consumatori, che rappresentano la vera essenza della cittadinanza globalizzata.
L’atteggiamento americano rappresenta però una sfida insidiosa, poiché si tratta
di una cittadinanza di seconda classe, ma più efficiente, come abbiamo dimostrato.
Da un lato una race to the bottom nel campo della cittadinanza rappresenta una
sicura sciagura possibile nel mondo della globalizzazione. Dall’altro lato standard
troppo elevati di cittadinanza possono rendere i sistemi che li sostengono troppo deboli nel mondo della competizione globale.
Ormai non è più possibile realizzare la cittadinanza in un solo paese.
Ciò significa o dover rinunciare ai propri standard, o provare a farli trionfare a
livello di convenzioni sovra-nazionali.
In entrambi i casi la sfida sulla cittadinanza tra Europa e America è soltanto
agli inizi.
Pierluigi Monateri - Prevenzione e risarcimento dei danni
239
Prevention of and Remedies for Damage
Piergiuseppe Monateri(1)
I am going to deal with three main issues in my presentation.
Firstly, I will refer to a few court decisions in order to clarify concepts that I
considered to be basic, whereas I realised that they are still blurred – as shown by
Professor Etzioni’s presentation yesterday – and they are probably knowingly so as
regards Posner’s and other scholars’ writings.
I will then deal with another issue – I will try and address privacy economics,
as Mr. Gellman did yesterday, in order to highlight the flaws typically affecting economic considerations whenever privacy issues are taken into account – that is to say,
how privacy-related peculiarities result into twisting economic principles to serve
considerations that otherwise would not be contemplated.
Finally, I will deal with privacy as a strategic factor in the globalised competition currently existing between US and Europe.
Let me start from a basic consideration, i.e. from something we all should be
aware of. I am going to address this from a “legalese” viewpoint, to quote Prof. Etzioni. Undoubtedly legalese is boring, however it has been developed to deal with
worldly circumstances accurately. Undoubtedly legalese has been also developed to
fool our neighbours, however with legalese you can fool them accurately. Let us start
from the concept, therefore, that privacy protection is in no way related to personal reputation and identity – above all, it has obviously nothing to do with public interest in data disclosure to prevent commission of certain offences. Indeed, privacy
as such is minimally related to protection of one’s honour in terms of the right not
to be associated with untrue, defamating events/statements. Similarly, it is different
from the right to one’s image and identity, which is to be construed as a person’s
right not to be associated with events and opinions that are unrelated to that person – regardless of defamation. In these cases the focus is on respect for truth, for
what is fundamentally true whether or not it provides information.
Conversely, privacy as such is related exactly to monopoly over facts and circumstances of one’s own life regardless of whether they may be defamating; it is related to the establishment of ownership rights, so to say, in respect of facts and circumstances of one’s own life, even though they may have occurred in public. Such
facts and circumstances are neutral, i.e. they are considered independently of their
social and/or moral effects – this is why they include one’s name and address, as well
(1) Turin University - Italy
240
Da costo a risorsa - Attività produttive e protezione dei dati personali
as food preferences, reading habits, and so on.
Given these premises, I am going to deal with only three cases including the latest one mentioned by Mr. Buttarelli yesterday. Obviously, if public interest is at stake,
the monopolistic right over one’s facts and circumstances no longer applies – therefore, the examples I will be referring to may not be used to object to privacy rights.
I will start from tenor Caruso’s case, to discuss then the Petacci estate case and
finally, the BNL-bank case, which was recently decided upon by Orvieto court.
The Caruso case was dealt with by the Supreme Court in 1956. Mr. Caruso
claimed that a film depicted certain events of his private and family life: the tenor
was shown when, as a child, he broke a pitcher and was beaten by his father; then
the film showed his father being harassed by creditors, and the tenor who, after being hooted, contemplated suicide on Bari sea-front rocks; the tenor was then shown
embracing a woman that was not married at that time, although she was married
when the film was released. Therefore, it might be argued that all these circumstances were indifferent facts, however the Caruso heirs complained against their
being disclosed. In its decision – which is written splendidly in Italian, though completely wrong –, the Supreme Court ruled that whoever has been unable or unwilling to keep circumstances related to one’s own life confidential has no title to demand that others should keep those same circumstances a secret. Well, this is a typical economic view, according to which one has no ownership rights in respect of
the information concerning certain circumstances – being merely “the holder” of
the information. Therefore, immediately one ceases being the holder, the information becomes freely available and may be marketed.
A different stance was taken in the Petacci case of 1963. Without dwelling on
the relevant details, let me only point out that the Supreme Court recognised the
existence of ownership rights in respect of circumstances related to one’s own private life – such rights being wider in scope than those related to possession, in that
if you lose control over the information related to those circumstances, and the information is subsequently disclosed, you may demand that the others do not disclose it further – which is actually the stance taken by lawmakers.
The most recent case decided upon by Orvieto court in 2002, which concerned a bank (Bnl), is especially of interest for us as it is an instance of application
of the data protection act. The case had to do with some loose sheets of paper that
had been left on a windowsill outside a bank agency – among which information
on a few customers’ outstanding debts was included. A third party who happened
to be acquainted with those customers found the misplaced sheets with the information on the customers’ debts and informed the persons concerned. The latter
sued the bank on account of breach of privacy and claimed damages for a total of
600 million Liras.
Pierluigi Monateri -Prevention of and Remedies for Damage
241
The court ruled that there had been breach of privacy, which should have been
safeguarded. Compared with so many sophisticated considerations we have made so
far, here one can appreciate the harsh, rough reality of Italy’s situation. Indeed, no
bank outside Italy would ever dream of treating its customers the way Italian banks
currently do; should it ever happen, that bank would be punished, for instance in
the States, by the so-called punitive damages, which would place it immediately out
of business. Additionally, in the case at stake the information on the plaintiffs’ outstanding debts had been collected unlawfully – to be then recklessly left out on a
windowsill.
The Court awarded damages for a total of 25,000 euros to each plaintiff, on
account of non-pecuniary damage. It should be stressed that no reference is made
in the decision to the criteria used for calculating such amount; therefore the actual issue to be addressed here consists in the fact that we do not know yet how to account for it. Are 25,000 euros a lot of money, or not? They are a trifle if regarded
as punitive damages for the Bnl-bank. However, one might apply a Hayekian approach by arguing that any figure, any price do communicate much more information than what is conveyed by words – therefore, when confronted with money figures one gets an impression that cannot be fully described in words. Perhaps if one
considers the amount of non-pecuniary damages typically awarded by Italian
courts, 25,000 euros for having left some sheets of paper on a windowsill might be
regarded as adequate compensation – even though one cannot explain why, indeed
the court itself was unable to account for its decision and merely referred to fairness
considerations. Of course there are general criteria applying to compensation for
non-pecuniary damage – they have been set forth by the Court of Cassation and include the degree of suffering experienced by the victim, the seriousness of the damage, the presence of intention, negligence or contributory negligence and the parties’ economic status.
In particular, based on the latter criterion one might actually envisage potentially punitive damages: if the party that caused the breach of my privacy is very
rich, whilst I am quite poor, the criterion related to the parties’ economic status
could allow awarding damages that are substantial also with regard to the defendant’s assets – pursuant to the precedent set by the Court of Cassation’s decision no.
1371/1967.
Let us now address the issue of privacy economics, since – after all – liability
is nothing else but the legal reflection of considerations that have to do with the
economics of the goods we wish to protect.
Well, in several US texts as well as in the “Privacy” page written by Prof. Posner for Palmgrave’s Law & Economics dictionary, published by Newman, the existence of ownership rights in respect of mere indifferent facts is actually questioned
242
Da costo a risorsa - Attività produttive e protezione dei dati personali
– since such rights would be allegedly inefficient.
I believe that Prof. Posner is right, all things considered: indeed, if the above
approach were efficient, America would protect its privacy much more than we do.
I have never seen an inefficient theory being supported by the US legal system.
However, this means that many things that are said as to the cost-effectiveness of
protecting privacy, which would be beneficial for the economic system, are actually a matter of ideological stance – perhaps they reflect a false conscience.
However, in my opinion Prof. Posner is wrong if the standard line of reasoning is followed – and I am going to show it briefly.
Obviously, one can regard this resource called privacy either as free or as committed to a controller; one may then decide whether the controller is he who holds
the information, for instance a consumer, or maybe he who invests to get that information, for instance an entrepreneur. May privacy be a free resource?
Only resources devoid of economic value may be free; otherwise, if they have
a minimum economic value, they may not be free because they would not be allocated effectively.
Now, it is obvious that the facts making up – so to say – the domain of a privacy resource do have some economic value – otherwise, they would not be collected, circulated and marketed.
Therefore, privacy may not be free: it may only be owned either by him who
held it at the beginning, i.e. the consumer, or by the entrepreneur.
If privacy resources are owned by him who holds them, this means that they will
be allocated in a standard manner, i.e. via a contract: if different private entities hold
ownership rights in respect of the circumstances concerning their lives, then such
rights may be allocated on a contractual basis – and we know that this is the most
effective way for resource allocation, allowing the Paretian limit to be reached.
However, this is not what Prof. Posner said. He said that in these cases it is necessary for the resource to be allocated to him who has spent his time and money to
get that resource – who has obtained the data concerning several individuals: he who
has collected the information concerning them and has given rise thereby to a good.
Based on this line of reasoning, it can be concluded that private entities have
no rights in respect of the information concerning them, which is legally owned by
the companies that have invested to get that information.
This is perfectly fine – only, it is exactly an instance of the work-value theory.
Thus, one might wonder as regards privacy why he who has worked to get a
resource should become the owner of such resource – if this applies to privacy, why
should it not apply to all scarce resources? If Posner’s reasoning applies to privacy,
then all land should be distributed to peasants, and machines should belong to proletarians.
Pierluigi Monateri -Prevention of and Remedies for Damage
243
Supporters of neo-classical economics have been repeating ad nauseam that
“there is no such thing as a free lunch” – still, they cheekily tell us that information
is the main resource of the new economy, and that this fundamental good may be
available for free as regards businesses!
The greatest market gurus tell us that there is no such thing as a free lunch, but
then we discover that there really exist free infos.
This is funny in itself, however it becomes paradoxical if one maintains, at the
same time, that who has invested his work to get information is entitled to own
such information. This is a Marxist allocation of resources, which is perfectly fine
– however, this has positively nothing to do with allocation by means of market
agreements.
It is either this way or that way: either we acknowledge that contracts are not
the most effective means to allocate resources, or we should conclude that the greatest economists are departing from a logic line of reasoning regarding this subject
matter to achieve results that are not in line with standard economic tenets.
If these tenets were fully complied with, one could not but conclude that ownership rights in respect of privacy do exist; indeed, it is exactly the existence of such
rights that can ensure effective allocation of the privacy resource on a contractual
basis, since it is the only way to ensure that this resource is made to serve the socially most beneficial purposes. Otherwise, one should put up with less than optimal uses of the relevant resources.
Why should one deviate from those tenets?
Let us try to understand it by analysing, in the end, the strategic context of
privacy.
In my opinion, Mr. Gellman was right when he said that privacy policies
should not be kept separate from privacy economics.
Obviously I think that, theoretically, protecting privacy by means of any of the
conventional models is effective – it is quite simply a matter of calculating how
much each of us would invest to protect himself against disclosure and dispossession of one’s own facts as compared with what a business is required to pay in order to simply request a person’s consent and collect the relevant information.
Given that the self-protection costs to be incurred by all the entities potentially concerned would be quite high, it is more cost-effective to protect privacy.
However, this is not what actually occurs. One of the main paradoxes consists
in the fact that the costs consumers would have incurred to protect themselves are
not paid. That is to say, even though consumers do appear to markedly prefer privacy protection based on the questionnaires they are requested to fill in, in fact they
are not ready to take any steps to ensure such protection. Therefore, the costs theoretically related to widespread self-protection, which would lead one to conclude
244
Da costo a risorsa - Attività produttive e protezione dei dati personali
that it is better to protect privacy, are actually costs that go unpaid – therefore, in
terms of business efficiency, it is more cost-effective to further reduce business costs
by not protecting privacy, i.e. by exempting businesses from the costs related to
managing consumers’ privacy rights.
Indeed, society as a whole does profit from failing to require that businesses
should pay for acquiring information. Having recognised the need to protect privacy, a company will have to actually pay the costs this entails – whereas consumers
do not pay their self-protection costs, since they actually do not protect themselves. Therefore, in a society where privacy is less protected overall social costs are
actually lower.
I believe that this difference between fictitious self-protection costs and real
costs incurred by businesses whenever privacy is protected by law should be taken
into account explicitly rather than remain hidden in the ideological folds of this discussion because of the awkward attempt at twisting standard reasoning patterns.
If we acknowledge this difference explicitly, we come to grips with the core of
the global competition between America and Europe. Indeed, it is quite evident to
me that, for once, American citizenship in the global marketplace of ideas is to be
regarded, from this viewpoint, as a second-rate citizenship.
And this is occurring in a key area such as that related to consumers’ citizenship rights, which are the veritable essence of globalised citizenship.
However, the American stance poses a tricky challenge: though second-rate,
this citizenship is actually more efficient, as we have already shown.
On the one hand, a race to the bottom in respect of citizenship is undoubtedly a possible evil in the globalised world; on the other hand, too high a citizenship
standard may weaken the systems supporting such standard in the globalised competition race.
It is no longer possible to limit citizenship to a single country – which entails
either waiving one’s own standards, or attempting to impose them via supranational conventions.
In both cases the citizenship challenge between Europe and America has just
begun.
Pierluigi Monateri -Prevention of and Remedies for Damage
245
Analisi economica del diritto alla riservatezza
Marco Maglio (1)
Sommario: 1. Quanto vale la privacy? – 2. I rapporti tra analisi economica del diritto
e riservatezza – 3. La classificazione dei costi della privacy - 4. Il nodo della clausola del
bilanciamento di interessi – 5. L’efficienza delle regole di data protection – 6. La ricerca del consenso dell’interessato – 7. Possibili interventi per favorire l’efficacia della tutela – 8. Il rischio intrinseco nell’analisi economica – 9. Le opportunità dell’analisi economica del diritto: la trasformazione della privacy da costo statico ad investimento dinamico – 10. La nobile e mobile frontiera della privacy
1. Quanto vale la Privacy?
Quanto vale la privacy? Mi rendo conto: questa è una domanda provocatoria,
che contiene in sé alcuni elementi di forte ambiguità. Eppure siamo abituati a misurare ogni cosa e a privilegiare quello che riteniamo di grande valore. “Ogni cosa
ha un prezzo”, si sente dire spesso con un po’ di cinismo e la vita quotidiana ci offre frequenti dimostrazioni che confermano la tendenza ad una pericolosa sovrapposizione tra valori etici e valori economici.
Per fortuna il diritto alla riservatezza mal sopporta questo genere di confusioni: è un presupposto della nostra libertà – ormai credo sia chiaro a tutti - e, in quanto tale, il suo valore è inestimabile.
Forse per questo motivo, quando si parla di riservatezza sono frequenti le discussioni sui limiti da assegnare alla privacy, sui sistemi per tutelarla e per sanzionarne le violazioni mentre ogni valutazione che attenga al valore (stavo per dire al “prezzo”) da attribuire a questo diritto non ci sembra rilevante, e per certi versi ci inquieta. Non possiamo però ignorare che anche la nostra riservatezza si inserisce in
un contesto sociale fittamente attraversato da flussi economici e la mia domanda
iniziale voleva invitare a questa considerazione, con un pizzico di sano realismo.
In effetti, come diceva un personaggio shakespeariano, l’origine delle cose ne
condiziona il destino: se questo è vero non deve sorprendere che la radice etica della
privacy abbia portato a sviluppare la riservatezza come un rigido complesso di norme di comportamento, utilizzando le forme ed i metodi della scienza giuridica.
Coerentemente con questo approccio, nella storia secolare della privacy, finora
ci si è preoccupati di fissare dei principi generali, di tradurli in regole giuridiche formalizzate e di stabilire meccanismi e procedure attraverso le quali tutelare questo di(1) Università degli studi di Parma - Italia
246
Da costo a risorsa - Attività produttive e protezione dei dati personali
ritto, che è anche un profondo e diffuso valore sociale. L’immediata conseguenza di
questa impostazione è che la discussione prevalente in materia di privacy si anima attorno alla ricerca in astratto dell’equilibrio tra diritti e doveri, tra obblighi e sanzioni.
Vorrei però cimentarmi con un esercizio di saggezza pratica, che credo sia una
delle aspirazioni cui deve tendere l’attività del giurista, e provo con una semplificazione estrema a ridurre alla radice l’essenza del meccanismo giuridico sul quale si basa la protezione dei dati personali.
Da questa semplificazione emerge che questa tutela si traduce in un fatto preciso: nella facoltà individuale di scegliere quale ambito di circolazione attribuire alle proprie informazioni personali. Esercitando questo potere di scelta ognuno di
noi, come è stato autorevolmente osservato, è chiamato ad essere garante di se stesso.
La definizione del livello di privacy nasce da una scelta essenzialmente individuale,
pur con tutte le eccezioni e le garanzie autoritative previste dall’ordinamento. Certo è eccessivo parlare a questo riguardo di “autonomia privata”, come si usa fare nel
diritto dei contratti, ma è chiaro che le decisioni in materia di privacy passano attraverso valutazioni individuali.
Cosa succede nella pratica? Mi sarei aspettato che il buon senso comune sollecitasse la curiosità di analizzare in che modo queste scelte individuali vengono esercitate in concreto. Ma probabilmente aveva ragione Cartesio quando affermava con
ironia che “il buon senso è la cosa del mondo meglio distribuita: infatti perfino coloro
che nelle altre cose difficilmente si accontentano, non ne desiderano più di quel che ne
hanno”. Così mi sembra che la purezza della teoria abbia finora evitato contaminazioni con le esigenze della ragion pratica, anche se il buon senso avrebbe suggerito
una maggior attenzione ai comportamenti effettivi dei destinatari delle norme. Si
conferma la classica contrapposizione che la tradizione giuridica anglosassone descrive bene con la formula: law in the books vs. law in action.
Ma resta la questione di fondo: dato che la privacy si lega inscindibilmente ad
una scelta individuale, secondo quali criteri queste scelte individuali vengono effettuate? E quali conseguenze producono queste scelte individuali rispetto al benessere
complessivo della società? In altri termini: quali benefici e quali sacrifici comporta, per
l’individuo e per la collettività, riconoscere e proteggere la riservatezza individuale?
Per dare una risposta a queste domande l’approccio giuridico tradizionale da
solo non mi sembra sufficiente per cogliere la complessità del problema. Va integrato con una ricostruzione che esamini se le regole esistenti siano in grado di indirizzare le scelte individuali verso la massimizzazione del benessere collettivo e sappiano quindi incentivare i comportamenti efficienti, tanto da parte di coloro ai quali i dati personali si riferiscono, quanto da parte dei soggetti che trattano tali informazioni. Questa prospettiva credo possa essere utilmente esplorata con gli strumenti classici dell’analisi economica del diritto.
Marco Maglio - Analisi economica del diritto alla riservatezza
247
Certamente non vanno trascurati, per una corretta ricostruzione dei meccanismi di scelta individuale, anche altri elementi che esulano da valutazioni di carattere esclusivamente economico. Non va ad esempio dimenticato che il meccanismo
del consenso per la tutela dei dati personali è chiamato ad operare in quella che la
moderna sociologia qualifica come “società orizzontale”, fortemente influenzata dal
consumismo nei suoi miti e nelle sue strutture. Il consumo è oggi un linguaggio sociale, qualcosa che tende ad aumentare i desideri degli individui piuttosto che a soddisfarli. Nel mondo contemporaneo si assiste ad una dematerializzazione della realtà e l’attenzione dell’uomo è distolta dal mondo naturale e concentrata sulla televisione, sul mondo della comunicazione che è diventato un valore assoluto, un obiettivo in sé. Credo che sarebbe ingenuo pensare che tutto questo non abbia conseguenze sull’utilizzo dello strumento del consenso da parte di ognuno di noi e sulle
scelte che esso ci impone di compiere.
Anche le valutazioni psicologiche che orientano le scelte individuali vanno accuratamente tenute presenti e mi piace segnalare l’esperienza di Daniel Kanheman
e John Cole premiati proprio in questi giorni con il Premio Nobel per l’Economia.
La lezione di questi due studiosi è anzitutto di carattere metodologico e riguarda il
ruolo dell’osservazione empirica nello sviluppo delle scienze umane: aiutarci a capire che componenti irrazionali influenzano le nostre decisioni e tenerne conto quando si elaborano modelli astratti che descrivono i comportamenti individuali.
Sociologia e psicologia hanno quindi il loro peso nell’esame dei meccanismi che
portano alle scelte individuali. Ma certamente la prospettiva introdotta dall’analisi
economica del diritto alla riservatezza è stata finora trascurata rispetto ad un tema che
invece sollecita un interesse sempre crescente, non solo sul piano dei diritti rivendicati, ma anche su quello delle conseguenze subite dalla libera iniziativa economica.
Peraltro va messo in evidenza, come ricordavo in apertura, che questa sovrapposizione di valutazioni economiche rispetto a un valore sociale e culturale come la
privacy rappresenta una provocazione in re ipsa: lo osservava, già vent’anni fa, chi si
è occupato di questo stesso tema.
2. I rapporti tra analisi economica del diritto e riservatezza
Infatti il contributo dell’analisi economica del diritto alle teorie dei diritti della personalità è stato limitato e solitamente accompagnato dal sospetto di essere o
dissacrante o inutile.
La privacy ha attirato occasionalmente l’interesse degli economisti a partire dalla fine degli anni Settanta; risalgono a quegli anni alcuni lavori di Richard Posner e
un convegno su The Law and Economics of Privacy(2). Anche in Italia l’eco di questi
(2) Gli atti del convegno, coordinato dal Center for the Study of the Economics and the State dell’università di Chicago, sono
stati pubblicati nel 1980, in un fascicolo monografico del Journal of Legal Studies.
248
Da costo a risorsa - Attività produttive e protezione dei dati personali
dibattiti d’oltreoceano ha lasciato traccia in un seminario sul diritto all’identità personale promosso nel 1981 dal Centro di Iniziativa Giuridica Piero Calamandrei.
Posner, dal quale non si può prescindere per capire come siano nati i rapporti
tra Economics and Privacy, considera la riservatezza non come un bene o valore in
sé, ma piuttosto come un bene o un valore intermedio, strumentale rispetto alla
produzione di reddito, e più in generale di benessere. Dopo questa premessa, Posner
esamina la nozione di privacy sotto quattro profili: seclusion, innovation, confidentiality of communication, concealment of personal facts(3).
Complessivamente da quest’analisi emerge un quadro della privacy ricco di
ombre e di sfumature negative. Probabilmente questo ha contribuito a relegare l’analisi economica della privacy nello scaffale delle questioni fastidiose. Credo che a
distanza di vent’anni questo diritto abbia invece dimostrato una ben diversa valenza positiva rispetto alle previsioni provocatorie di Posner.
A distanza di oltre vent’anni da quel tentativo, credo sia possibile un diverso
utilizzo degli strumenti economici in particolare perché essi possono aiutare a guardare alle conseguenze delle regole. In quest’ottica le scelte operate dai giuristi non
vengono negate, ma sono valutate ed indirizzate in base a criteri di efficienza. Utilizzando gli strumenti economici, in particolare quelli dell’analisi costi/benefici e
dell’allocazione delle risorse secondo criteri di efficienza, le regole acquistano una
giustificazione legata all’efficacia con cui tutelano i valori in base ai quali sono state formulate.
Proprio sul terreno delle scelte individuali, che sono il cuore del sistema di protezione dei dati personali, si colloca il punto di convergenza dell’analisi giuridica e di
quella economica: le regole di protezione dei dati personali, ricostruite con i metodi
dell’analisi economica del diritto, si traducono in un meccanismo attraverso il quale
ogni singolo soggetto determina quale livello di riservatezza deve essere attribuito alle informazioni che lo riguardano, e quindi come esse debbano venire distribuite (gli
(3) In particolare la seclusion è la volontà di ridurre le relazioni sociali, il che da un punto di vista economico è segno di egoismo: se le transazioni economiche creano utilità per i terzi (ciò che la scienza economica definisce surplus del consumatore),
lo stesso può valere anche per le relazioni umane che stanno fuori dal mercato, in ogni caso chi si ritira dal mondo riduce il
proprio contributo al benessere della società. Nel discorso di Posner la privacy acquista al contrario una valenza positiva quando diventa strumentale per lo svolgimento di un lavoro intellettuale, ad esempio come segreto professionale; oppure se contribuisce a proteggere le innovazioni tecnologiche: infatti, in questo caso specifico, se l’informazione diviene di pubblico dominio, essa perde in tutto o in parte il suo valore economico; pertanto, per incoraggiare la ricerca e l’innovazione è essenziale
garantire all’inventore il segreto, oppure i cosiddetti diritti di privativa. Inoltre, un certo grado di confidentiality può essere
economicamente giustificato al fine di garantire la segretezza delle comunicazioni e della corrispondenza. Posner esamina infine il controllo da parte dell’individuo sulle informazioni che lo riguardano definendo questa ipotesi concealment of personal
facts. L’interesse ad evitare la circolazione di notizie personali come ad esempio precedenti penali, o una condotta morale difforme dagli standard comuni, è strettamente connesso al desiderio di diffondere di sé un’immagine positiva, che permetta di
instaurare relazioni sociali (rapporti di amicizia, legami affettivi, rapporti di lavoro) a condizioni favorevoli: l’individuo si “vende” sul mercato delle relazioni sociali allo stesso modo in cui un produttore vende i suoi prodotti, ed è portato quindi ad evidenziare le proprie qualità e ad occultare i difetti; d’altro canto, ed esattamente per gli stessi motivi, anche i terzi possono avere un interesse apprezzabile a conoscere informazioni personali sulle persone con cui vengono a contatto a vario titolo.
Marco Maglio - Analisi economica del diritto alla riservatezza
249
economisti parlerebbero, in questo senso, di allocazione di una risorsa scarsa).
Per condurre questa analisi, centrata sulle scelte invidiali, credo sia utile partire da un esame dei costi che tutti i soggetti (tanto il singolo quanto la collettività)
sono chiamati a sostenere per adeguarsi al meccanismo di tutela previsto dalla normativa di data protection. Infatti, i costi, che la scienza economica qualifica come
la spesa necessaria per ottenere qualcosa, sono una delle variabili dalle quali dipendono tali scelte.
3. La classificazione dei costi della privacy
Per poter muoversi in questo contesto credo sia importante formulare alcune
valutazioni generali sulla natura dei costi legati alla tutela della riservatezza. In senso generale pongo in evidenza due considerazioni:
A) La prima è di carattere pregiudiziale: i criteri di calcolo di tali sacrifici individuali sono tutt’altro che univoci e caratterizzati da una forte ambiguità soggettiva.
A tale proposito credo sia sufficiente accennare al dibattito apertosi nel corso del
2001 negli Stati Uniti sulla valutazione dei costi legati all’approvazione di una legislazione in materia di privacy nei sistemi di commercio elettronico e in Internet. Le
cifre indicate dai vari partecipanti alla discussione variavano da 1 a 36 miliardi di
dollari, a seconda delle variabili esaminate da chi proponeva questi calcoli. Le polemiche legate a queste ricostruzioni hanno lasciato traccia in Internet ma non hanno
contribuito a far chiarezza su una questione essenziale. Credo che, alla luce di questa esperienza, sia fondamentale individuare un metodo attraverso il quale calcolare
univocamente i costi della privacy, per poterli correttamente valutare nel quadro delle scelte individuali. Ma per potersi cimentare in questa operazione non mi sembra
si possa prescindere da una classificazione dei costi in base a criteri oggettivi.
B) Da questo deriva la seconda considerazione che ha carattere sostanziale ed
è legata appunto alla necessità di distinguere tra loro i costi della privacy. Mi cimento con questo tentativo di classificazione e provo ad individuare le categorie di
costi in relazione a tre specifici criteri:
1) i soggetti che sopportano tali costi
2) il tempo in relazione al quale sono sostenuti tali costi
3) gli effetti derivanti dai costi
1) Dal punto di vista soggettivo possiamo parlare di:
- costi individuali: sono i costi sostenuti tanto dall’interessato per esercitare
i suoi diritti di riservatezza, quanto dal titolare per adeguarsi alla protezione dei dati personali;
- costi sociali: sono i costi che la collettività sopporta per garantire il rispetto della riservatezza individuale. In questo contesto rientrano i costi di or-
250
Da costo a risorsa - Attività produttive e protezione dei dati personali
ganizzazione che lo Stato sostiene per rispondere alla domanda di privacy
dei cittadini.
2) Dal punto di vista cronologico va osservato che i costi possono essere
- preventivi o di prevenzione: per evitare che si verifichino violazioni della
privacy;
- successivi o di correzione: per porre rimedio a violazioni che si siano già
verificate;
Può essere utile qualche approfondimento, soprattutto dal punto di vista dei
titolari del trattamento che dispongano di organizzazioni complesse.
Se consideriamo i costi preventivi necessari per garantire a questi soggetti il rispetto delle normative in materia di privacy vanno indicati essenzialmente:
- L’inserimerimento di risorse umane da destinare alla gestione delle procedure in materia di privacy
- Lo sviluppo e l’aggiornamento della procedura interna in materia di privacy
- La formazione e l’aggiornamento del personale
- Il controllo e l’audit delle attività di gestione della privacy
- L’adozione di strumenti tecnologici ed informatici che garantiscano la protezione dei dati personali
- La comunicazione interna per diffondere le privacy policies
- La relazione diretta con i soggetti cui si riferiscono i dati personali trattati
Se valutiamo i costi successivi al verificarsi di contestazioni derivanti dal mancato rispetto della privacy, dobbiamo distinguere
a) Costi di ristrutturazione e riadeguamento dei dati alle esigenze di protezione della privacy.
b) Costi derivanti dai rapporti con soggetti posti al di fuori dell’organizzazione interna con riferimento a:
- Sanzioni amministrative
- Risarcimenti dei danni
- Riduzione del valore delle azioni della società
- Danno rispetto alla reputazione pubblica dell’azienda
- Riduzione della percezione del valore del marchio aziendale
- Perdita potenziale di opportunità economiche
Attraverso l’analisi dei costi di correzione e dei costi di prevenzione è possibile
individuare l’indice di rischio che un’ organizzazione affronta rispetto al trattamento dei dati personali e l’indice di investimento che deve sostenere per ridurre adeguatamente questo rischio.
3) Dal punto di vista degli effetti derivanti dai costi distinguiamo:
- costi di transazione cioè i sacrifici patrimoniali veri e propri derivanti
dalla scelta effettuata
Marco Maglio - Analisi economica del diritto alla riservatezza
251
- costi di opportunità ossia le rinunce che ogni soggetto è disposto a sostenere in conseguenza della propria scelta
Finora il dibattito sui costi della privacy si è sviluppato tenendo come punto di
riferimento esclusivo i costi di transazione, evidenziando solo l’impatto negativo nascente dall’esistenza di costi monetari.
Credo che invece andrebbe valorizzata la riflessione sui costi opportunità perché sono quelli che incidono più direttamente sul meccanismo di tutela. Vale allora la pena di approfondire questo aspetto specifico.
Che cos’è un costo-opportunità? È il costo della rinuncia a una possibile alternativa. Ad esempio, se stasera decidete di andare al cinema, il costo opportunità è
dato dalla rinuncia a stare a casa con i propri cari (se l’alternativa a uscire è stare in
casa). Il costo opportunità è pertanto rappresentato dal valore che viene dato all’alternativa migliore alla quale si rinuncia adottando un certo comportamento. Poiché
individui diversi hanno alternative diverse a disposizione, sopportano anche costiopportunità diversi.
Credo che sia soprattutto sul versante dei costi-opportunità che occorre condurre l’analisi per capire in che modo il meccanismo di tutela dei dati personali incida rispetto alle scelte individuali.
Infatti va tenuto presente che l’interessato posto di fronte alla scelta di concedere o meno il consenso al trattamento dei dati personali, compie una valutazione
dei costi-opportunità derivanti da quella decisione, comparando i benefici nascenti
dalle possibili alternative. Se decide di limitare la circolazione dei suoi dati personali rinuncia all’opportunità di entrare in contatto con chi gli ha chiesto il consenso,
ma in questo modo rafforza il proprio livello di riservatezza. Al contrario, se sceglie
di consentire il trattamento, riduce il livello di riservatezza dei propri dati, ma aumenta le possibilità di entrare in contatto con altri soggetti.
Allo stesso modo, il titolare di un trattamento che deve decidere se chiedere all’interessato il consenso per ulteriori iniziative rispetto ai suoi dati, fa una valutazione in termini di costi-opportunità. La mancata richiesta ridurrà i costi derivanti
dalla gestione dei consensi ma ridurrà anche l’opportunità di entrare nuovamente
in contatto con l’interessato.
4. Il nodo della clausola del bilanciamento di interessi
Peraltro l’urgenza di affrontare, con certezza di metodi e di calcolo, il capitolo
dei costi della privacy non è data solo da valutazioni che mirano all’efficienza del sistema. Preme la necessità di interpretare con coerenza una precisa previsione normativa, contenuta nella direttiva comunitaria del 1995, che va sotto il nome di
“clausola di bilanciamento degli interessi”.
252
Da costo a risorsa - Attività produttive e protezione dei dati personali
Il principio su quale si fonda questa clausola è semplice: per poter valutare la
legittimità di un trattamento dei dati occorre comparare gli interessi di chi vuole
utilizzare liberamente questi dati e quelli di colui al quale questi dati si riferiscono.(4)
Certamente i criteri attraverso i quali valutare questo bilanciamento sono molteplici e non riguardano esclusivamente la sfera economica. Ma non credo che si possa
prescindere dal riferimento ai costi (sia quelli di transazione, sia quelli di opportunità) per definire se la tutela del diritto individuale alla riservatezza comporti una sproporzione rispetto ad un diverso interesse potenzialmente in conflitto con tale diritto.
Quindi, anche rispetto all’applicazione del principio di bilanciamento di interessi, la corretta valutazione dei costi e dei vantaggi comparati è essenziale per l’adeguato utilizzo di questa, che è una vera e propria clausola generale nella teoria del
trattamento dei dati personali
5. L’efficienza delle regole di data protection
Da queste riflessioni nasce una domanda ulteriore: quale regolamentazione
giuridica della privacy va nella direzione di una migliore efficienza allocativa? Il nodo da sciogliere in relazione all’efficienza della tutela della riservatezza resta quello
generato dalla necessità di armonizzare nel contesto del massimo benessere colletti(4) Da questo punto di vista, per meglio comprendere l’essenza del fenomeno, può essere utile proporre alcune riflessioni di
diritto comparato che diano conto del modo in cui questa clausola è stata finora recepita ed applicata in alcuni ordinamenti giuridici omogenei.
L’idea che gli interessi del titolare del trattamento dei dati e quelli della persona cui si riferiscono i dati debbano equilibrarsi
nasce in Germania, nei Paesi Bassi, in Austria e in Finlandia, Paesi che per primi hanno conosciuto la clausola di Bilanciamento degli Interessi.
In tutti gli Stati Membri che conoscono la clausola del Bilanciamento degli Interessi, il legislatore considera proibito il trattamento di taluni dati senza il consenso della persona interessata, e autorizza invece, senza necessità di altrui consenso, il trattamento di dati considerati generici e quindi non invasivi. Il trattamento dei dati personali, senza il consenso del diretto interessato, è vietato solo se riguarda i dati sensibili, che sono principalmente quelli specificati nell’Art. 8 della Direttiva Europea.
Occorre pertanto definire quale sia l’interesse legittimo del titolare del trattamento e quello della persona cui si riferiscono i
dati.
Negli Stati Membri dell’Unione Europea che hanno recepito nei propri ordinamenti il Bilanciamento degli Interessi, tutti gli
specifici interessi economici ragionevoli sono considerati legittimi. Ma è il titolare del trattamento a dover valutare la finalità dell’operazione. In questa analisi comparativa diventa pregiudiziale definire correttamente l’impatto economico legato alle due posizioni che si devono confrontare.
Vale la pena in questo senso ricordare quanto ha affermato il Tribunale Civile Federale di Germania (Bundesgerischtshof, BGH)
nel 1986:
“L’espressione interesse giustificato richiede una valutazione dell’importanza e delle conseguenze che la rivelazione e l’uso dei dati
personali significano per l’interessato in contrapposizione agli interessi del titolare del trattamento. Pertanto, tipo, contenuto e significato dei dati debbono essere valutati in base allo scopo per il quale essi vengono raccolti ed al costo sociale derivante dal loro
mancato utilizzo.
Soltanto se tale valutazione, ispirata al principio costituzionale della proporzione, non dà motivo di presumere che la conservazione dei dati per gli scopi prefissati potrebbe influire negativamente sugli interessi giustificati della persona interessata, tale conservazione dei dati è ammessa.”
(BGH NJW 86, 2505)
Marco Maglio - Analisi economica del diritto alla riservatezza
253
vo le scelte in materia di privacy, che sono scelte strettamente individuali. Sarebbe
probabilmente utile se all’approccio giuridico, che suggerisce una valutazione puramente legata all’esercizio di un diritto soggettivo, si affiancasse anche una riflessione orientata in termini di ricerca del maggior benessere possibile, non solo nei confronti del titolare del diritto, ma anche di tutti gli altri soggetti.
Da questo punto di vista il contributo dell’analisi economica del diritto, se saprà evitare osservazioni eminentemente provocatorie, potrà essere particolarmente
utile per aprire nuove prospettive al dibattito che si andrà sviluppando nei prossimi
anni. L’evoluzione della tecnologia e dei metodi di comunicazione commerciale tende inesorabilmente a trasformare i dati personali in merce, dotata di un valore intrinseco. L’esigenza di tutela tende quindi a crescere, ma per garantirne l’efficacia
non si potrà prescindere da valutazioni che tengano conto anche della matrice economica della privacy, che si affianca a quella etica originaria.
In questo senso nasce una riflessione ulteriore, in base alla quale la privacy non
è più soltanto un diritto negativo, consistente nel dovere collettivo di astenersi passivamente da comportamenti lesivi della riservatezza. Essa invece assume le connotazioni tipiche del diritto civico(5) ed è una pretesa giuridicamente tutelata di prestazioni (di facere e di non facere, secondo il linguaggio dei giuristi) poste a carico
della collettività. In questa nuova prospettiva i costi della data protection, sia pubblici che privati, sono destinati inevitabilmente a salire.
Questo peraltro è un elemento che fa parte della fisiologia di un sistema efficiente e induce a guardare verso il futuro con questa consapevolezza: i diritti, intesi
come posizioni giuridicamente protette, esistono non solo nella misura in cui un determinato ordinamento decide di riconoscerli e tutelarli, ma dipendono anche dalle risorse che la società è disposta a destinare a tale scopo.
6. La ricerca del consenso dell’interessato
In termini economici mi sembra non si possa ignorare che il meccanismo di
funzionamento della privacy è condizionato dalla comparazione tra i costi-opportunità dell’interessato e quelli del titolare del trattamento.
Se il vantaggio del titolare del trattamento derivante dal rispetto delle norme
di data protection si somma a quello dell’interessato si verifica un riequilibrio del sistema in cui l’aumento del livello di privacy non dipende più solo dalla scelta dell’interessato e dall’investimento di risorse da parte dell’Autorità, ma viene sollecitato dallo stesso titolare. Il risultato è che si attenuerà la pressione che viene esercitata sull’interessato per ottenere il suo consenso al trattamento dei suoi dati.
Infatti, da questo punto di vista va tenuto presente che i meccanismi sempre
(5) Secondo le categorie classiche di Jellinek
254
Da costo a risorsa - Attività produttive e protezione dei dati personali
più raffinati che permettono di trasformare gli estranei in amici e gli amici in clienti (come vuole lo slogan di successo, usato da Seth Godin, il creatore del permission
marketing), non sono un elemento rassicurante. Il singolo fa una valutazione essenzialmente egoistica rispetto alle conseguenze sociali che produrrà la sua scelta in materia di privacy. Oltre a questo, credo sia ingenuo proporre una naturale convergenza tra i sostenitori della privacy ed i sostenitori del permission marketing.
Le cose non stanno in questi termini: emerge al contrario una pericolosa tendenza alla mercificazione del consenso che rischia di compromettere l’effettiva tutela della privacy ed il futuro sviluppo del mercato della comunicazione interattiva.
Chi raccoglie dati personali per finalità commerciali è portato a spingere alle
estreme conseguenze, in modo spesso sotterraneo e con sottili strategie psicologiche,
il principio della centralità del consenso individuale, come strumento per la definizione del livello di privacy e per l’esercizio del conseguente diritto di autodeterminazione informativa. Il consenso, così svilito, può diventare merce di scambio (secondo un meccanismo che, banalizzando, si esprime in questi termini: “se mi dai il consenso all’uso dei tuoi dati personali, ti faccio partecipare ad un concorso a premi o ti
regalo un gadget”), ed in questa sua mercificazione rischia di perdere il ruolo di garanzia, che pure i meccanismi di protezione della data protection gli attribuiscono.
Questo è un indubbio pericolo, che avevano già colto, circa trent’anni fa i primi commentatori delle allora neonate teorie sulla data protection in Europa: il consenso da solo non basta per garantire effettivamente la tutela piena della riservatezza.
La legge italiana contiene significative tracce di questa impostazione. Pensiamo
ad esempio al regime che caratterizza la gestione dei dati sensibili, per i quali, al consenso scritto dell’interessato, si deve affiancare l’autorizzazione del Garante per la
protezione dei dati personali.
E la stessa funzione del Garante, che ha meritoriamente sollecitato ed organizzato questo Convegno, non è semplicemente quella che, secondo una formula statunitense che trovo particolarmente felice, definirei di sporting theory della giustizia. Il
Garante non è solo un arbitro che verifica che i contendenti in gioco rispettino le regole fissate dal legislatore. Egli ha, per espressa previsione normativa, un ruolo attivo
di promozione della legge, di indagine e di prevenzione di possibili violazioni.
Riportando queste considerazioni sul piano normativo credo che occorra affrontare la vera questione di fondo: l’individuazione di meccanismi che aumentino
l’interesse ad assumere comportamenti privacy oriented da parte di tutti. Il presupposto di questo ragionamento è che la privacy è un valore trasversale la cui affermazione porta benefici condivisi che riguardano tanto i singoli quanto la collettività, tanto i cittadini quanto le imprese ed i soggetti pubblici, e in senso lato la persona intesa sia come individuo sia come soggetto sociale.
Il problema centrale quindi è quello di verificare se sia possibile riequilibrare il
Marco Maglio - Analisi economica del diritto alla riservatezza
255
meccanismo di tutela alleggerendo la pressione che oggi inevitabilmente grava sull’interessato.
7. Possibili interventi per favorire l’efficacia della tutela
Attraverso quali leve può essere raggiunto questo risultato? Ne indico alcune,
senza pretese di completezza ma solo per sollecitare un dibattito aperto su questo argomento:
1) Prevenzione: gli abusi nel trattamento dei dati personali spesso avvengono all’insaputa dell’interessato. I cosiddetti trattamenti occulti vanificano il
ruolo di controllo del consenso. Va quindi rafforzata l’attività di prevenzione di queste violazioni
2) Controllo: il ruolo di controllo dell’Autorità Indipendente può permettere di
attenuare e regolamentare la pressione che viene esercitata dai titolari del trattamento sul singolo interessato per ottenere il suo consenso all’uso dei dati.
3) Sanzioni: l’applicazione di sanzioni pecuniarie e di rimedi risarcitori e
punitivi potrà indurre i titolari del trattamento a formulare più prudentemente le loro valutazioni circa i vantaggi comparati derivanti dalla violazione delle norme poste a tutela della riservatezza.
4) Bilanciamento degli interessi: una corretta applicazione della clausola del
bilanciamento degli interessi potrà attenuare la pressione esercitata sull’interessato per convincerlo a concedere il consenso (o per carpirlo a sua insaputa, come pure talvolta avviene).
5) Incentivi: l’individuazione di profili premiali che incrementino i vantaggi dei titolari del trattamento, collegati al rispetto delle regole, può indurre
una maggiore propensione al rispetto della riservatezza anche da parte dei
titolari stessi. Non so se sia vero l’assunto di fondo di un bel libro di Stephen Holmes e Cass Sunstein – “Il costo dei diritti” – in base al quale la libertà dipende dalle tasse, ma probabilmente la leva fiscale, mediante sgravi,
deduzioni e detrazioni di imposta, può essere di aiuto per incentivare il rispetto della privacy altrui e disincentivare le violazioni. Lo stesso discorso
vale per la semplificazione degli adempimenti amministrativi legati alla protezione dei dati che si potrebbe concedere, in senso premiale, solo ai titolari di trattamento che si adeguano a standard elevati di riservatezza. Anche
strumenti di certificazione che dichiarino pubblicamente il rispetto delle
procedure di privacy sono uno strumento dal forte contenuto incentivante,
che le imprese in particolare potrebbero usare per elevare il loro rapporto di
fiducia con il consumatore.
Ma prima di affrontare il tema degli strumenti di tutela del diritto, al quale
256
Da costo a risorsa - Attività produttive e protezione dei dati personali
siamo giunti con questa riflessione, sarà importante comprendere in che modo si
realizza la dinamica dei dati personali all’interno di un sistema economico. Si tratterà di fare valutazioni essenzialmente legate alla microeconomia, utilizzandone
schemi e criteri.
Seguendo la tradizionale impostazione dell’analisi microeconomica (che è appunto lo studio dell’allocazione di risorse scarse rispetto a scelte alternative) è possibile analizzare le dinamiche generate dalla tutela dei dati personali attraverso cinque aspetti:
1. come vengono effettuate le scelte del consumatore rispetto alla domanda
di privacy (e quindi come un consumatore tipo, vincolato da un reddito determinato, scelga tra i diversi livelli di privacy messi a sua disposizione);
2. come vengono operate le scelte in materia di privacy dalle società e imprese commerciali (in quest’ottica si potrà descrivere come l’impresa decida
a quale livello di privacy sia accettabile adeguarsi, che investimenti sostenere per garantire la riservatezza dei clienti e quanto spendere per ottenere il
loro consenso al trattamento dei dati);
3. come interagiscono tra loro imprese e consumatori (combinando la teoria del consumatore e dell’impresa si possono analizzare le decisioni degli
uni e delle altre verificando se siano coordinate attraverso il movimento dei
prezzi di mercato, nell’individuazione del punto di equilibrio e quale sia
quindi il livello di privacy accettabile in un mercato efficiente);
4. come si strutturano l’offerta e la domanda di privacy nel processo produttivo (analizzando come incidono domanda ed offerta nell’ambito dei
fattori di produzione: lavoro, capitale e capacità imprenditoriale);
5. come si organizzano i mercati e come possono raggiungere l’efficienza
nell’allocazione delle scelte dei soggetti economici in materia di privacy.
Certamente questo apre nuove prospettive di analisi, che dovrà essere condotta con grande rigore scientifico e con la capacità di valorizzare i risultati conseguiti
finora dalla ricerca giuridica.
8. Il rischio intrinseco nell’analisi economica
Peraltro va messo chiaramente in evidenza un rischio: la sovrapposizione di valutazioni di carattere economico rispetto ad un diritto fondamentale come la privacy si presta a fraintendimenti e confusioni che è necessario scongiurare. Ma credo che non sarebbe corretto ignorare questa prospettiva di analisi alla quale siamo
chiamati dallo sviluppo del sistema sociale e tecnologico entro il quale avviene il
flusso dei dati personali.
Mi sembra anzi che questa sia una sfida alla quale non possiamo sottrarci. An-
Marco Maglio - Analisi economica del diritto alla riservatezza
257
che a costo di affrontare passaggi rischiosi o complessi. Certamente non va ignorato che su questo tema si affolleranno nei prossimi anni gli interventi di quelli che
Yves Dezalay ha definito, con straordinaria efficacia, i mercanti del diritto.
Esistono autentiche multinazionali del diritto che intervengono per la ristrutturazione dell’ordine giuridico internazionale, perseguendo interessi particolari che
nulla hanno a che spartire con la tutela dei principi generali, determinati attraverso
le regole democratiche. La privacy è un piatto troppo ricco perché su questo argomento non si esercitino le pressioni della cosiddetta business community.
Con l’orgoglio del giurista, non credo che un argomento così trasversale possa
essere definito esclusivamente attraverso considerazioni legate alla relazione tra costi e benefici. Penso tuttavia che la scienza giuridica non è mai solo forma e non si
esaurisce nella definizione di diritti e di doveri. E sono convinto che i veri problemi che il giurista è chiamato ad affrontare e risolvere sono, intimamente, questioni
che attengono alla coscienza sociale. Per raggiungere questo scopo occorre valutare
anche l’impatto economico che le regole determinano, ed esaminare con rigore il
grado di efficienza delle norme nel perseguimento dell’interesse generale.
9. Le opportunità dell’analisi economica del diritto: la trasformazione della privacy da costo statico ad investimento dinamico
L’accostamento tra categorie giuridiche ed economiche non presuppone però
l’adesione alle posizioni di quanti, soprattutto oltreoceano, affermano che le regole
giuridiche si evolvono necessariamente verso soluzioni efficienti. Il ricorso agli strumenti analitici della microeconomia serve invece ad individuare gli incentivi e i vincoli che condizionano i comportamenti dei privati. E una maggiore consapevolezza
della logica economica sottesa a quelle condotte, quindi, è in grado di offrire un notevole contributo all’interpretazione e all’eventuale adeguamento delle regole.
C’è poi un’ulteriore considerazione da fare rispetto all’evoluzione del nuovo
mercato globale. La pluralità di regole e le differenze di approccio rispetto ai temi
della circolazione dei dati personali rischia di generare la stessa confusione ed incomprensione di linguaggi che, secondo la leggenda, caratterizzava il mondo di Babele. Recuperare i dati economici della discussione può favorire l’affermazione di un
linguaggio condiviso, principalmente ma non solo, tra le due sponde dell’Atlantico
e porre le basi per un approccio più consapevole di entrambi i punti di vista. L’auspicio è quello di far emergere una crescente “attenzione incrociata” – come sono
abituati a dire i comparatisti – basata sul reciproco rispetto, tra le posizioni che
emergono nelle varie aree continentali. Credo che senza questa riflessione la strada
per raggiungere la globalizzazione delle garanzie in materia di privacy, vero obiettivo di questo processo, sarebbe più difficile.
258
Da costo a risorsa - Attività produttive e protezione dei dati personali
Non vedo all’orizzonte una prospettiva di deregulation per la privacy ma sono
certo che non mancheranno coloro che, anche utilizzando strumentalmente l’analisi economica, invocheranno l’esigenza di liberare il mondo imprenditoriale da quelli che un luogo comune del lessico contemporaneo qualifica “lacci e lacciuoli”, con
immagine volutamente polverosa. E non mancheranno neanche coloro che, per dar
spazio alle esigenze dell’economia, invocheranno di fare a meno delle regole e delle
ragioni del diritto. Invito a diffidare di questi richiami alla liberalizzazione.
Questo è un pericolo che va denunciato a chiare lettere e proprio per scongiurarlo credo sia essenziale che l’analisi economica del diritto faccia chiarezza nel futuro dibattito sulla riservatezza e offra il suo contributo a questo settore della ricerca giuridica. Occorre quindi che anche in quest’analisi economica del diritto alla riservatezza, i fondamenti giuridici sui quali poggia la privacy vengano mantenuti e
difesi. L’obiettivo è quello di configurare una visione armoniosa della privacy che
possa trasformarsi da costo statico a investimento dinamico, per incentivare la crescita di valore delle risorse e favorire lo sviluppo economico generale: una privacy ben
temperata, se così posso dire.
10. La nobile e mobile frontiera della privacy
Si delinea così anche per la privacy un fenomeno evolutivo che ha caratterizzato lo sviluppo della teoria generale della responsabilità civile e che ormai appartiene
al lessico dei giuristi italiani: la nobile frontiera della privacy, nobile perché riguarda
un diritto fondamentale, avanza a causa dell’evoluzione della tecnologia e della società, diventando quindi una mobile frontiera in costante spostamento. Siamo chiamati a inseguire la privacy in questo ampliamento dei suoi confini. Per raggiungerli
credo sia indispensabile evitare, da parte di tutti, arroccamenti su posizioni consolidate ed aprirsi a nuove prospettive. Per affrontare questo viaggio credo sia importante tenere conto che non è il possesso della conoscenza, della verità irrefutabile, a caratterizzare l’uomo di scienza, ma la ricerca critica persistente e inquieta della verità.
Con entusiasmo e passione, ricordo sempre a me stesso quello che Karl Popper
osservava, descrivendo come procede il progresso scientifico. Sulla base di quella lezione credo che anche per la privacy sia corretto dire: la ricerca non ha fine.
Marco Maglio - Analisi economica del diritto alla riservatezza
259
An Economic Analysis of the Right to Privacy
Marco Maglio (1)
Contents: 1. How much is privacy worth? - 2. Relations between the economic analysis
of law and privacy – 3. Privacy cost classification – 4. The issue of the interest balance
provision – 5. The efficiency of data protection rules – 6. The pursuit of the data subject’s consensus – 7. Possible actions for more effective protection – 8. The intrinsic risk
of economic analysis - 9. The opportunities offered by the economic analysis of the right
to privacy: changing privacy from a static cost to a dynamic investment - 10. The noble
and mobile frontier of privacy
1. How much is privacy worth?
How much is privacy worth? I realize that this is a provocative question, which
implies strong ambiguity. However we use to measure everything and to prefer what
we attach a greater value to. “Everything has a price” is an often quoted, somewhat
cynical slogan and daily life frequently confirms a trend towards a dangerous overlap of ethical and economic values.
Luckily, the right to privacy is not too prone to this kind of confusion: it is a
prerequisite for our freedom– I think this is clear enough to everybody by now –
and, as such, invaluable.
This is probably why, when talking about privacy, arguments often start on
the limits privacy should have, as well as on the systems to protect it and to punish breaches, while any estimated value (I was about to say “price”) attributable to
this right seems irrelevant - and disquieting to some extent. It may not be ignored,
however, that privacy falls within a social context that is pervaded with economic
flows, and the opening question is aimed at stimulating this thinking, with a bit
of healthy realism.
Indeed, as one of Shakespeare’s characters said, the origin of things conditions
their destiny: if this is true, it should not be surprising that the ethical foundation
of privacy has resulted into seeing this concept as a rigid set of behavioural rules, using the forms and methods of juridical science.
Consistent with this approach, in the centuries’ long history of privacy, the
main concern has been so far to set general principles, to translate these into formal
legal rules, and to establish mechanisms and practices to protect this right, which is
also a deep and widespread social value. As an early result of this process, the main
(1) Parma University - Italy
260
Da costo a risorsa - Attività produttive e protezione dei dati personali
discussion on privacy focuses on an abstract pursuit of the balance between rights
and duties, between obligations and penalties.
However, I would like to exercise some practical wisdom, which is probably
something a lawyer’s activity should aim at, and try, very simply, to get down to the
basic root of the juridical mechanism personal data protection is based on.
This simple approach shows how such protection translates into a precise fact,
namely the individual opportunity to choose the extent to which one’s personal data may circulate. By exercising this power of choice, each of us, as observed by outstanding authors, is asked to be “his/her own guarantor”. The definition of the privacy level results from a basically individual choice, even considering all the exceptions and authoritative guarantees provided for by the law. It is certainly an exaggeration to talk about “private autonomy” in this respect, a term used in contract
law, but privacy-related decisions clearly depend on individual considerations.
What happens in practice? I would have expected common sense to stimulate
a wish to analyze how these individual choices are made in practice. But Descartes
was probably right when he ironically stated that “common sense is the best-distributed item in the world: in fact, even those who are hardly satisfied with other
things, never wish for more of it than they have.” Thus, I think that pure theory has
so far prevented any contaminations with the needs dictated by reason, even if common sense would suggest greater care for the actual behaviour of the subjects of
rules. This confirms the classical opposition that the juridical Anglo-Saxon tradition
effectively describes as: “law in books vs. law in action.”
Still the main point remains: privacy is inseparably linked to an individual
choice, of which consensus is the expression. But what are the criteria on which this
individual choice is based? And how does this individual choice affect the general
well-being of society? In other words: what benefits and what sacrifices does it imply - for an individual and for the community - to acknowledge and protect individual privacy?
An answer to these questions may not be provided using a traditional juridical
approach alone, which seems unprepared to take stock of such a complicated problem. To integrate this approach, it should rather be decided whether the existing
rules may direct individual choices towards a maximized general well-being, and
thus promote efficient behaviours both by the data subjects and by the data controllers. I think this perspective may be usefully analyzed using the Law and Economics methods.
For an appropriate review of individual-choice mechanisms, other factors
should be considered that escape any mere economic assessment. It should be noted, for example, that the consensus expressed in view of personal data protection is
adopted within the so called “horizontal society” – as defined by modern sociology
Marco Maglio - An Economic Analysis of the Right to Privacy
261
– whose myths and structures are strongly influenced by consumerism. Consumption today is a social language, something that tends to increase, rather than satisfy
individual wishes. Reality is dematerialized in today’s world, and man’s attention is
diverted from nature and focused on television, on the media world, that is by now
an absolute value, a goal in its own right. It would be naive to think that this has
no impact on the use of the consensus instrument by each of us and on the choices that this forces us to make.
Psychological assessments direct individual choices and should also be taken
into account. I would like to refer to the experience of Daniel Kanheman and John
Cole, Nobel Prize winners in 2002 for Economy. Their lesson is first and foremost
on methods, and concerns the role of empiric observation in the development of
human sciences, i.e. to help us understand that irrational factors influence our decisions, and should be taken into account when abstract models are defined to describe individual behaviours.
Sociological and psychological principles definitely play a role in the review of
the mechanisms by which individual choices are made. But the perspective introduced by the economic analysis of the right to privacy has certainly been neglected
so far, in favour of a point that arouses, instead, growing interest in the claimed
rights, as well as in the consequences produced by free economic initiatives.
As stated above, however, it should be noted that these overlaps of economic assessments and such a great social and cultural value as privacy are strongly provocative as such, as observed by anyone discussing this issue as early as twenty years ago.
2. Relations between the economic analysis of law and privacy
The economic analysis of law, in fact, has only contributed to theories on the
rights to personality to a limited extent, usually combined with the feeling of being
desecrating or useless.
Since the late Seventies, privacy has occasionally been the object of the interest of economists. Some of the works by Richard Posner and a meeting on “The Law
and Economics of Privacy”(2) date back to those very years. The echo of these overseas
debates left its mark also in Italy, in a workshop on the right to personal identity
promoted in 1981 by the Piero Calamandrei Centre for Juridical Initiative.
Posner’s work is a mandatory reference to understand the origin of relations between Economics and Privacy. He considers privacy not so much as an asset or a
value as such, but rather as an intermediate asset or value, instrumental to income
and, more generally, to the production of well-being. After this introduction, Pos(2) The proceedings of the meeting, co-ordinated by the Center for the Study of the Economics and the State of Chicago University, were published in 1980, in a monography enclosed in the Journal of Legal Studies.
262
Da costo a risorsa - Attività produttive e protezione dei dati personali
ner analyzes the notion of privacy in four respects: seclusion, innovation, confidentiality of communication, and concealment of personal facts(3).
This analysis outlines privacy as something full of shadows and negative connotations. This is probably one of the reasons why the economic analysis of privacy has often been dismissed as a mere nuisance. I believe that, twenty years later, this
right has demonstrated a clearly different positive value compared to Posner’s
provocative predictions.
Twenty years after that attempt, I feel that the economic instruments may be
used differently, not least because they may help consider the consequences of the
rules. This is no denying the lawyers’ choices, which are rather assessed and directed according to efficiency principles. Using the economic instruments, particularly
for the cost/benefit analysis and for resource allocation according to efficiency principles, the rules are justified to the extent they effectively protect the values according to which they have been expressed.
The juridical and the economic analyses converge in the domain of individual
choices, which represent the core of the personal data protection system: personal data protection rules, defined according to the economic analysis of law, are translated
into a mechanism by which each individual decides about the level of privacy that
should be granted to his/her personal data, and therefore how the same should be
disclosed (economists would define this action as the allocation of a scanty resource).
This analysis, focussing on individual choices, should best start from a review
of the costs that all parties (both individuals and the community) have to incur to
adapt to the protection mechanism provided for by data protection rules. The costs
defined by economic science as necessary to obtain something, in fact, represent one
of the variables these choices are made upon.
(3) Seclusion, in particular, is the wish to restrict social relations, which is a sign of selfishness from the economic viewpoint:
if economic transactions result into a profit for third parties (referred to in economic science as “consumer surplus”), the same
may also be true for the human relations that take place outside the market; however those that keep away from social life
reduce their contribution to social well-being. In Posner’s lecture, on the other hand, privacy acquires a positive value when
it becomes instrumental to the performance of an intellectual activity, for example as a professional secret; or if it helps protect technological innovation. In this case, in fact, any piece of information that becomes available to the public loses all or
a part of its economic value. Therefore, in order to promote research and innovation, the inventor should be ensured the secrecy, or the so-called sole rights. In addition, confidentiality may, to some extent, be economically justified in view of ensuring the secrecy of communications and mail. Posner finally analyzes the individual’s control on his/her own data, and defines this assumption as concealment of personal facts. The interest in preventing the circulation of personal data, such as
criminal records or a moral conduct that does not comply with general standards, is closely related to the wish to convey a
positive image of one’s self, which allows to establish social relations (friendship, emotional links, business relations) under
favourable conditions: the individual “sells” himself/herself on the market of social relations like a manufacturer sells his products, and is therefore inclined to enhance his/her qualities and to conceal defects. On the other hand, third parties too may,
for the very same reasons, be significantly interested in receiving information on the people they meet for various purposes.
Marco Maglio - An Economic Analysis of the Right to Privacy
263
3. The classification of privacy costs
I think it is important, in this context, to express a few general considerations
on the nature of the costs related to privacy protection. Two of these are particularly important:
A) The first has a mandatory character: the criteria to calculate such individual
sacrifices are all but unique, and characterized by strong subjective ambiguity. In this
respect, just consider the debate carried out in 2001 in the United States on the assessment of the costs related to the approval of a privacy legislation for e-commerce
and Internet trading systems. The amounts mentioned by the parties involved
ranged from US$1 to 36 billion, according to the variables considered by those that
submitted these calculations. The arguments related to these figures left their mark
on the Internet, but never helped explain a basic matter. In the light of this experience, I deem it crucial to identify a way by which privacy costs may be uniquely calculated, in order to assess them correctly within the framework of individual choices. But this process requires a classification of costs based on objective criteria.
B) Hence the second consideration, which is more substantial and related to the
need to make a distinction between privacy costs. I will try to suggest a possible classification and to identify several cost categories according to three specific criteria:
1) the parties that incur such costs,
2) the time with respect to which such costs are incurred, and
3) the effects resulting from such costs.
1) From a subjective viewpoint, costs may be either:
- individual, i.e. incurred both by the data subject to exercise his/her rights
to privacy and by the data controller to abide by personal data protection
rules, or
- social, i.e. incurred by the community to ensure respect for individual privacy. These include the organizational costs incurred by the State to satisfy
the citizens’ demand for privacy.
2) From the chronological viewpoint, costs may be either:
- preventive or for prevention, to avoid any privacy breaches, or
- subsequent or corrective, to remedy any breaches that have already occurred.
Some in-depth analysis may be useful, especially from the viewpoint of the data controllers that operate within complicated organizations.
The preventive costs required to ensure that these parties comply with privacy
regulations basically provide for the following:
- the provision of human resources to take care of the management of privacy-related practices;
- the development and update of an internal privacy practice;
264
Da costo a risorsa - Attività produttive e protezione dei dati personali
- staff training and updating;
- the supervision and auditing of privacy management activities;
- the adoption of technological and IT tools ensuring personal data protection;
- internal communication to disseminate privacy policies;
- direct relations with the subjects of the processed personal data.
The costs subsequent to any claims resulting from non-compliance with privacy rules include:
a) costs for the reorganization and readjustment of data to privacy protection requirements,
b) costs resulting from relations with parties outside the corporate organization, with reference to:
- administrative penalties,
- damage reimbursement,
- share value reduction,
- damage to the company’s public reputation,
- reduction of the corporate brand’s perceived value,
- potential loss of economic opportunities.
An analysis of correction costs and prevention costs allows to identify the risk
a company has to take with respect to personal data processing and the investment
the company has to make to reduce this risk accordingly.
3) Based on cost-related effects, costs may be either:
- transaction-related costs, i.e. the actual economic effort resulting from
the choice made, or
- opportunity-related costs, i.e. what every individual is prepared to give
up as a consequence of his/her choice.
The confused discussion on privacy costs has developed so far with transaction-related costs as the only reference point, while only stressing the negative impact produced by the existence of monetary costs.
On the other hand, I believe that opportunity costs deserve more consideration, since they affect the protection mechanism more directly. It is then worth analyzing this particular aspect.
What is an opportunity-related cost? It is the cost of giving up a possible alternative option. Using the juridical categories of the buying and selling agreement,
it may be defined as the price of renunciation. For example, if you decide to go to
the cinema tonight, the opportunity-related cost results from your giving up to stay
at home with your family (if the alternative to going out is staying in). The opportunity-related cost is therefore the value attached to the better alternative that is given up by adopting a certain behaviour. Since different individuals have different op-
Marco Maglio - An Economic Analysis of the Right to Privacy
265
tions, they also bear different opportunity-related costs.
I think the analysis of opportunity-related costs is most important to understand how the personal data protection mechanism affects individual choices.
It should be noted, in fact, that whenever the data subject is asked to choose
whether to grant his/her consensus to personal data processing, he/she estimates the
opportunity-related costs resulting from such decision by comparing the benefits of
the possible alternative options. If the data subject decides to restrict the disclosure of
his/her personal data, he/she gives up the opportunity to get in touch with the party
that asked for the consensus, while improving, at the same time, his/her privacy. On
the other hand, if he/she decides to consent to processing, he/she reduces the privacy
of his/her data, but increases the opportunities to get in touch with other parties.
Similarly, whenever a data controller asks the data subject for consensus to further initiatives involving his/her data, it estimates the opportunity-related costs. No
request will reduce the costs resulting from consensus management, but will also reduce the opportunities to have new contacts with the data subject.
4. The issue of the interest balance provision
On the other hand, the need to tackle privacy-cost issues with sure methods
and calculations does not only depend on an assessment of the system’s efficiency.
A consistent interpretation of clear legal provisions, contained in the 1995 EC directive, called “interest-balance provision,” should also be provided.
The principle on which this provision is founded is a very simple one: in order to assess whether a data processing activity is legitimate, the interests of those
who want to use this data freely should be compared against the interests of the subject of such data.(4)
Multiple criteria are used to assess this balance, and they are not limited to the
(4) For better understanding of this phenomenon, it may be useful to make reference to comparative law, to explain how
this provision was implemented and enforced so far in some homogeneous legal systems.
The idea that the interests of the data controller and of the data subject should be balanced started in Germany, in the
Netherlands, in Austria, and in Finland. These countries were the first to acknowledge the Interest Balance provision. In all
the Member States that are familiar with the Interest Balance provision, the legislator prohibts that some data be processed
without the consensus of the data subject and authorizes, instead, with no need for consensus, the processing of general, and
therefore noninvasive, data. Personal data processing without the consensus of the data subject is only prohibited for sensitive data, as specified in Art. 8 of the European Directive.
The legitimate interests of the data controller and of the data subject should then be defined.
In the EC Member States that implemented the Interest Balance provision in their legal system, all reasonable specific economic interests are considered as legitimate. But the data controller should assess the purposes of the activity. In this comparative analysis, it is crucial to provide a correct definition of the economic impact of both positions that need to be compared.
It is worth referring, in this respect, to the statement made by the Civil Federal Court of Germany (Bundesgerichtshof,
BGH) in 1986:
266
Da costo a risorsa - Attività produttive e protezione dei dati personali
economic domain. However, I think reference should be made to costs (both transaction-related and opportunity-related) to define whether the protection of the individual right to privacy is disproportional compared to a different interest that is
potentially in conflict with such right.
Thus, the correct evaluation of compared costs and benefits is crucial to the
appropriate application of this provision, which has a true general character within
the personal data processing theory, also with respect to the enforcement of the interest-balance principle.
5. The efficiency of data protection rules
Another question arises from these considerations: what juridical regulation of
privacy goes along the way of better allocation efficiency? The main issue with respect to effective privacy protection is generated by the need to harmonize strictly
individual privacy-related choices in view of maximum social well-being. The juridical approach, suggesting an assessment only based on the exercise of a subjective
right, may be usefully combined with some thinking aimed at pursuing maximum
well-being, both for the owner of the right and for all the other concerned parties.
If capable of avoiding provocative remarks, the economic analysis of law may
be very helpful in opening up new perspectives for the discussion that is going to
take place in the next few years. The development of technology and business communications inevitably tends to turn personal data into goods with an intrinsic value. The need for protection therefore tends to grow, but its effectiveness may only
be ensured by taking into account the economic side of privacy, along with its original ethical side.
In this respect, a further idea emerges, by which privacy is no longer just a negative right represented by the general duty to passively refrain from acting in such
a way as to harm it. On the other hand, it takes the typical characters of civic law(5)
and becomes a juridically protected claim for services (facere or non facere, in the
legal jargon) the community is in charge of delivering. In this new perspective, data protection costs, both public and private, are inevitably bound to rise.
This is physiological for an effective system, and leads to look at the future
“The phrase justified interest requires an assessment of the importance and of the consequences that the disclosure and the
use of personal datta imply for the data subject, as opposed to the interests of the data controller. Therefore, the type, the
contents, and the meaning of the data should be assessed according to the purpose of its collection, and to the social cost resulting from its non-use.
Only if this assessment, inspired by the constitutional principle of proportion, does not cause a reason to assume that data
storage for the stated purposes may negatively affect the justified interests of the concerned party, is such data storage allowed.”
(BGH NJW 86, 2505)
(5) According to the classical categories of Jellinek
Marco Maglio - An Economic Analysis of the Right to Privacy
267
with the certainty that a right, meant as a juridically protected status, does not only exist as long as a given legal system decides to acknowledge and protect it, but also depends on the resources a society is prepared to devote to this purpose.
6. The pursuit of the data subject consensus
In economic terms, it may not be ignored that privacy works according to a
comparison between the opportunity-related costs for the data subject and for the
data controller.
If the data controller’s advantage resulting from compliance with data protection rules is added up to the data subject’s advantage, a balanced system is established, by which an increased privacy does no longer just depend on the data subject’s choice and on the resources invested by the Authority, but is rather solicited
by the data controller itself. The result is a reduced pressure on the data subject to
obtain his/her consensus to personal data processing.
It should be noted, in this respect, that the increasingly accurate mechanisms
by which strangers become friends and friends become customers (as from the successful slogan used by Seth Godin, the creator of permission marketing) are not reassuring. An individual makes selfish assessments of the social impact of his/her
choice on privacy. In addition, it is too naive to suggest that a natural convergence
exists between privacy advocates and permission marketing advocates.
But this is not the point: instead, this consensus dangerously turns into a commodity, and this may jeopardize actual privacy protection and the future development of an interactive communication market.
Those who capture personal data for business purposes tend to take the principle of the central importance of individual consensus to extremes - often in a subtle way and using psychological strategies - as a tool for definition of the privacy level and for the exercise of the resulting right to information self-determination. Consensus, thus debased, may become a traded product in relations between the data
controller and the data subject (according to a mechanism that may be simply described as follows: “if you consent to the use of your personal data, I’ll let you take
part to a sweepstake or give you a gadget”) and lose, in the process, the guarantee
value data protection mechanisms attach to it.
This undisputed risk had already been perceived about three decades ago by
commentators on the then new data protection theories in Europe: consensus,
alone, is not enough to effectively ensure full privacy protection.
This principle left significant marks in the Italian law, such as the regime
characterizing sensitive data processing, by which the written consensus of the data subject should be supported by an authorization issued by the personal data pro-
268
Da costo a risorsa - Attività produttive e protezione dei dati personali
tection Authority.
The function of the independent authority for privacy protection is not only
the one that could be defined, according to a very effective US formula, as the
sporting theory of justice. The Authority, in fact, is not only a referee ensuring that
the players comply with the rules set by the legislator. Instead, by law, it plays an active role in enforcing the rules and investigating and preventing any breaches.
Once these comments are reported to the legal framework, the true basic matter should be solved, namely the identification of mechanisms by which everyone
may have an interest in adopting privacy-oriented behaviours. The basic assumption of this reasoning is that privacy is a transversal value that, if established, may
bring shared benefits to the individuals and the community, to private parties and
public companies and entities and, more generally, to the person meant both as an
individual and as a social subject.
The main issue is then to decide whether the protection mechanism may be
balanced by reducing the inevitable pressure on the data subject to obtain his/her
consensus.
7. Possible actions for more effective protection
A number of levers are available to accomplish this. With no claim of being exhaustive, I will mention a few, to stimulate an open debate on the matter:
1) Prevention: personal data processing abuses often occur without the data subject being aware. A so-called secret processing thwarts the role of
control over consensus. An action should then be promoted to prevent
such breaches.
2) Control: the supervisory role of the Independent Authority may help reduce and regulate the pressure exerted by the data controllers on individual
data subjects to obtain their consensus to data use.
3) Sanctions: the enforcement of money penalties and indemnification or
punishing systems may lead data controllers to use greater caution in expressing their assessment on the comparative benefits resulting from a
breach of privacy protection rules.
4) Interest balance: the correct enforcement of the interest balance provision
may reduce the pressure on the data subject to convince him/her to grant
his/her consensus (or to take such consensus without the data subject being
aware, as it happens sometimes).
5) Incentives: the identification of awarding profiles increasing the benefits
for the data controllers related to compliance with the rules, may develop
the latter’s willingness to respect privacy. I am not sure whether the basic as-
Marco Maglio - An Economic Analysis of the Right to Privacy
269
sumption of a great book by Stephen Holmes and Cass Sunstein – “The
cost of rights” – is true, by which freedom depends on taxes, but the tax
leverage, through allowances, deductions, and tax exemptions, may probably help promote respect for other people’s privacy and discourage breaches. The same is true for a simplified exercise of the administrative duties related to data protection, that could be granted, as a reward, to the data controllers that comply with high privacy standards. Certification tools publicly stating compliance with privacy principles are also strongly motivating,
and companies in particular may use them to improve consumer loyalty.
But before discussing the instruments for right protection, to which our discussion has brought us, it is important to understand how personal data dynamically fall within an economic system. Micro-economic schemes and criteria will be
used for this purpose.
Following the traditional principles of micro-economic analysis (i.e. the study
of the allocation of scanty resources to alternative options), the dynamics generated
by personal data protection may be analyzed in five respects:
- how consumer choices are made in the light of the demand for privacy
(and therefore, how a typical consumer, bound by a given income, chooses
between the different levels of privacy available);
- how choices are made with respect to privacy by companies and business
enterprises (in this respect, a description may be provided of how the company decides what privacy level is acceptable for it, which investments it
should make to ensure customer privacy, and how much it should spend to
obtain customer consensus for data processing);
- how companies and consumers interact with each other (combining the
consumer and company theory, the decisions of both these groups may be
analyzed to check their co-ordination through the fluctuation of market
prices, while identifying a balance point and therefore the privacy level that
is acceptable in an efficient market);
- how the supply and demand for privacy are defined in the manufacturing
process (analyzing how demand and supply affect production factors:
labour, capital, and entrepreneurial skills);
- how the markets are organized and how they may effectively allocate economic entity choices with respect to privacy.
This certainly opens up new perspectives for an analysis, which should be carried out with great scientific accuracy and with the ability to valorize the results
achieved so far by juridical research.
270
Da costo a risorsa - Attività produttive e protezione dei dati personali
8. The intrinsic risk of economic analysis
One risk should be taken into account, however: the overlap of economic assessments on a fundamental right like privacy is bound to cause misunderstanding
and confusion that need to be avoided. But I think it would be unfair to ignore this
analytical perspective, which is called for by the development of the social and technological system within which personal data flows.
I feel, instead, that this is a challenge we need to take, even at the cost of having to cope with dangerous or complicated issues. It should be noted that the actions of the people that Yves Dezalay effectively described as the merchants of the
law will develop in great numbers in the next few years.
There are true multinationals of the law that act in view of restoring the international juridical system, while pursuing special interests that have nothing to do
with the protection of general principles, determined on the ground of democratic
rules. Privacy is too much of a highlight to keep away the pressures of the so-called
business communities.
With the pride of a lawyer, I do not think that such a cross-disciplinary issue
may be tackled through cost-benefit considerations only. On the other hand, I also
think that juridical science is never just formal, and does not end with a definition
of rights and duties. And I am sure that the true problems a lawyer needs to tackle
and solve are intimate matters that involve social consciousness. To achieve this, the
economic impact of the rules should be assessed, and their efficiency should be examined in pursuing the general interest.
9. The opportunities of the economic analysis of law: changing privacy
from a static cost to a dynamic investment
The combination between juridical and economic categories, however, does
not imply an approval of the viewpoints of those that - especially overseas - state
that juridical rules necessarily develop towards effective solutions. The analytical
micro-economic instruments are rather used to identify the incentives and constraints that influence individual behaviours. A greater awareness of the economic
logic behind those behaviours may therefore significantly help interpret and possibly adapt to the rules.
Still with respect to the development of the new global market, the multiple
rules and the different approaches to personal data circulation issues may generate
the same confused and misunderstood languages that, according to legends, characterized the Babel world. Specifying the economic data involved in the discussion
may promote the introduction of a shared language, mainly, but not only, between
both shores of the Atlantic ocean, and lay the foundations for a more conscious ap-
Marco Maglio - An Economic Analysis of the Right to Privacy
271
proach to both viewpoints. A growing “cross-attention” should emerge – as experts
in comparative studies use to say – based on mutual respect, between the opinions
expressed in the different continents. I think that, without this, the road to globalized privacy guarantees – the true goal of this process – would be harder to reach.
For the near future, I see no perspective for privacy deregulation, but I am sure
that some people will use the economic analysis for their instrumental purposes and
will state the need to release the entrepreneurial world from its constraints. Others
will state they can do without the rules and the reasons of the law, to give more
room to economic needs. I strongly recommend that you beware of these claims for
liberalization.
This risk should be clearly reported and, in order to avoid it, I think it is crucial for the economic analysis of law to clarify the future debate on privacy and offer its support to this branch of juridical research. In this economic analysis of the
right to privacy, the existing legal framework needs to be preserved and protected in
view of outlining a harmonious view of privacy, which may turn from a static cost
to a dynamic investment, in order to increase the value of resources and promote
economic development: a well-tempered privacy, if I may say so.
10. The noble and mobile frontier of privacy
A development is then under way, also for privacy, that has characterized the
development of the general theory of civil liability, and that belongs by now to the
jargon of Italian lawyers: the noble frontier of privacy - noble because it concerns a
fundamental right - comes forward thanks to technological and social developments, thus turning into an ever-shifting mobile frontier. Privacy needs to be pursued as its borders are expanded. To achieve this, I think we all need to refrain from
taking up consolidated defensive positions and open up to new perspectives. It is
important to consider, in this process, that a scientist is characterized not so much
by knowledge, by the undisputed truth, as by a critical, continuing, and restless
search for the truth.
With enthusiasm and passion, I always remind to myself the words by which
Karl Popper described the progress of scientific development. Based on that lesson,
I think it is fair to say, with respect to privacy, that “research never ends”.
272
Da costo a risorsa - Attività produttive e protezione dei dati personali
Privacy in a Business: An Operational Model
Douwe Korff (1)
Contents: 1. Introduction - 2. The problems with data protection - 3. Know thyself (in
six steps) - 4. Reflect - 5. Conclusion: cost and benefits
1. Introduction
Before making some remarks on how businesses can apply data protection
rules in practice (somewhat grandly referred to as the presentation of an “operational model” in the programme), I would like to make a few brief general comments, partly related to earlier presentations.
First of all, I would like to note that “data protection” is a concept that extends
beyond “privacy” and “private life”. It is not solely concerned with limiting intrusions into our private matters, with ensuring that no-one holds more data on us
than is necessary for their legitimate activities. That is only part of it. But data protection extends beyond this. It deals with the use of data in relationships between
the individual and other social actors, private and public. It seeks to ensure that the
data are indeed used only for a “legitimate”, defined purpose; that they are limited
to what is “necessary” and “relevant” in relation to that purpose; that they are obtained and processed properly, fairly and lawfully; and that the individual has a
measure of control over the process. In broad terms, data protection therefore serves
to enhance lawfulness, social propriety and fairness in relationships, insofar as these
relationships involve the use of data. This means that sometimes more, or better data may be needed. Privacy may concern the “right to be left alone”. Data protection
concerns the right to be properly treated. This wider scope of data protection has
clear implications. It means that the rules are not just aimed at reducing data. It also means that there must be a heavy emphasis on process, as well as substance. It also means that data protection (or at least elements of data protection) should be extended to legal persons. Companies don’t need privacy. On the contrary, in many
ways they should be forced to open themselves to outside, State and non-governmental, inspection. But they do deserve to be properly treated. A false credit report
can seriously damage a business, as much as an individual. To that extent, data protection should be available to the former as much as to the latter.
Secondly, data protection relates to fundamental rights, and in particular to
both the right to private and family life and the right to freedom of information and
expression (Arts. 8 and 10 of the European Convention on Human Rights). It has
been said at the conference that the rules on when a person’s privacy may be inter(1) Professor of international law, London Metropolitan University
Douwe Korff - Privacy in a Business: An Operational Model
273
fered with are unclear. However, because of this human rights basis of data protection, we can discern the principles that apply. They have been extensively elaborated in the case-law of the European Court of Human Rights. Put simply, they first
of all recognise that the systematic collecting and collating of information on a person intrudes into that person’s freedom: they constitute “interferences” with a person’s private life. Secondly, they therefore require that any such activities be:
(a) lawful (i.e. must be in accordance with positive law);
(b) legitimate (i.e. serve a legitimate purpose); and
(c) “necessary” to serve that purpose.
The requirement that restrictions on fundamental rights (such as, in casu, processing of personal data) must be “lawful” also means that the legal rules in question must be (aa) published; (ab) detailed; and (ac) not such as to allow “arbitrariness” - which basically means that they must not allow excessive discretion in their
application.
The principle that processing must be “legitimate” implies that there is a test
of what I may call “societal necessity” and propriety: not everything that is “lawful”
(i.e. not forbidden by law) is “legitimate”. Processing which improperly interferes
with a person’s privacy and freedom is not “legitimate”, even if it is “lawful”.
The test of “necessity”, moreover, involves in particular an assessment of the
“proportionality” of any interference. In terms of data protection, it means we must
ask whether the purpose that is supposed to be served by data collecting and –use even if it is lawful and legitimate - is such as to outweigh the intrusion in a person’s
private sphere inherent in such activities.
In addition, it is crucially important to note the procedural aspect of human
rights protection. By this I mean that under international human rights law, it is not
sufficient to stipulate the requirements listed above, at (a) – (c). Rather, these must
be backed up by:
(d) supervision; and
(e) remedies that are available to individual data subjects.
This is not the place to discuss these matters at length. Rather, I would just like
to make two points. First of all, I hope the above may counter remarks that the framework for the application of data protection is too vague. I agree that the specific legal
rules are complex and often ambiguous. But in my opinion, the gist, the thrust of the
rules is clear, and the above principles provide a clear set of standards by which data
protection legislation, and its application and enforcement, can be judged.
Secondly, in respect of the latter two points (points (d) and (e)), it must be noted that State supervision can never “police” the billions of processing actions that
take place every day. At most, the data protection authorities can hope to expose the
worst abuses. And individuals, too, cannot hope to properly exercise control over
274
Da costo a risorsa - Attività produttive e protezione dei dati personali
their data, or the processing of their data: “informationelle Selbstbestimmung” is a mirage. Rather, data protection - fair processing of personal data - must be embedded
in the ethos of State and corporate actors if it is to be effective.
This presentation is concerned with data protection and businesses, i.e. with
the private sector. However, in this introduction I may note two more general matters. First of all, we are moving to the era of “ubiquitous computing”: virtually all
we do, say, or write (or [e-]mail, or “text”) is captured. There is a strong temptation,
on the part of both private and public actors, to try and seek access to these evermore-revealing data. The US Government has even formally adopted a “Total Information Awareness” programme in its so-called “war on terrorism”. Businesses
may try to obtain “total information” on people to sell products or services.
Both attempts are (a) doomed to fail and indeed (b) likely to be counter-productive. They are doomed to fail for two reasons. First of all, attempts by government authorities to use “profiles” to catch highly untypical exceptions just do not
work - even if the data are reliable. As one expert told me: “you just catch oddballs”.
Secondly, data, and the quality of data, are and is directly linked to the context in
which the data are provided, collected and used. If I dont like airline meals with
(certain kinds of ) meat in them, I may tell them that I am a vegetarian, or indeed
a Jew or a Muslim. I (or my childen) may fill in consumer questionnaires by saying
I earn massive amounts of money, and take five holidays a year, in the hope of being sent catalogues of expensive sports cars and luxurious hotels in exotic places.
Companies may not mind such mis-statements too much, as long as their marketing remains largely unaffected. However, State agencies relying on such data may
arrest innocent people (and not just innocent oddballs, either). Worse, they may
think such raw data will enable them to spot the guilty. Real criminals or terrorists
will not find it too difficult to escape such crude Rasterfahndung.
Secondly, abuse of data will be exposed - and is the most certain way to ensure
that people will be more reluctant to part with their data, or more tempted to provide incorrect data. “Total Information Awareness” just means that ubiquitous computing is being turned into unbiquitous surveillance. Data subjects - individuals will not accept it, and will try to evade it. The upright citizen will do so because he
feels he should not have to bare all before the State or mighty corporations. The
criminal will do it to escape detection. The terrorist will do it to avoid capture until it is too late. If ubiquitous surveillance will lead to avoidance action by individuals - as I believe it will - it will have defeated itself. Both the State and business can
only do what they are supposed to do on the basis of trust. In a police context this
is called, in England (where I live) “policing by consent”. The British police has long
since recognised that policing without consent is not only oppressive, it is also ineffective and indeed counter-productive, even in the fight against terrorism (al-
Douwe Korff - Privacy in a Business: An Operational Model
275
though this lesson may have to be re-learned by the security services who now appear to be in the ascendency).
The same applies to business. In the era of ubiquitous computing, the private
sector should avoid the temptation of trying to grab as much data as possible, from
wherever they can get it. They will merely obtain a load of rubbish - useless, inaccurate data. And they will alienate the customer. I will conclude below, in the main
part of my presentation, that compliance with data protection is not really difficult
or demanding. Here, I may already add that it also makes good business sense.
2. The problems with data protection
The above is not to say that there are no problems with data protection. On
the contrary, data protection legislation is awkward, and often fails to deal with “the
real world”. Thus, data protection rules were written for simple operations:
- they assume there is always one controller;(2)
- they assume controllers obtain data from one source; and
- they focus on operations in one country.
In practice, commercial operations can be very complex; they do not correspond to this simple approach:
- they often involve several entities, with different legal status (such as wholly-owned subsidiaries; legally independent but effectively linked companies;
agents; etc.);
- they use data from many different sources and wish to exchange those data, in particular within a group of companies; and
- they are increasingly transnational - inherently so with regard to the Internet.
Furthermore, in spite of transitional rules in the national and European
rules, there are problems with old, inherited (“legacy”) systems and with acquisitions and mergers.
The first and main point I want to make in this presentation is that companies
must address these issues squarely: they must try to find solutions - that is: ways of
operating in compliance with the rules - first and foremost by and for themselves.
They should not either actively evade the law: that would merely lead to exposure
and opprobrium - and loss of consumer confidence and business - later on. Nor
should they wait until the national supervisory authority catches up with them.
First of all, because that would involve such exposure and loss of confidence. But
also because the best (initial) judge of what is needed to comply with data protec(2) The EC framework directive on data protection contains one, difficult exception to this, in the highly problematic provision on “applicable law” - but even in that context fails to resolve the issues.
276
Da costo a risorsa - Attività produttive e protezione dei dati personali
tion principles and rules is - must be - the data user, the company (or group of companies) concerned. This presentation intends to give an insight into how this can be
done. In it, I draw on extensive experience in advising corporate and not-for-profit clients, ranging from Readers’ Digest, Cendant Corporation and Euromoneys plc
to Amnesty International and the UN High Commissioner for Refugees. What I
will try and do is show how a purposeful, but common-sense, approach to the issues can result in pragmatic solutions which both allow companies to process (and
share) personal data for their legitimate business purposes, and to respect the privacy and other rights of their customers and potential customers.
3. Know thyself (in six steps)
In order to comply with data protection rules, companies must first of all assess (“self-audit”) their operations in the light of data protection. They must describe (for themselves) their own operations in data protection terms. In my experience, this first self-assessment is the single most important action that must be taken towards data protection compliance.
In carrying out this description, in making this assessment, companies must
not assume that a purely legal description of the relationship between the different
entities, or between the companies and the data subjects, is sufficient for data protection purposes. Thus, for instance:
- whether one company (e.g. a mother company) or another company (e.g.
a daughter company) is to be regarded as the controller of a specific operation does not depend on their formal status within the company (mother
or daughter, subsidiary, wholly-owned, etc.) but on the actual, practical
arrangements;
- “consent” obtained in a contractual context may not be valid for data protection purposes; and
- an agreement between companies (even within one group) to exchange
data, even if valid in terms of contract law, may not be sufficient to allow
such exchanges.
The self-assessment or internal description should take place in six steps, in the
following sequence:
The first step in the assessment should be a close examination (and writing up)
of the Purposes for which the company (or group of companies) uses personal data.
In this, companies should:
- assess Each separate, distinct personal data processing operation: whether operations are separate depends on whether they serve different purposes;
- think about the specificity of the description of the purposes in question:
Douwe Korff - Privacy in a Business: An Operational Model
277
you may be tempted to use broad descriptions, but informing data subjects
in vague terms (e.g. “commercial purposes”) may not be sufficient in several ways to meet the informing-requirements of the law, or to obtain consent; it is best to be precise whenever practicable, especially about secondary uses and disclosures of data; and
- check what is meant by “personal data”: this sometimes includes data on
legal persons (this is the case in Italy, for instance); it may also depend on
whether the data are used with reference to the data subjects: this can be
quite a difficult matter with regard to sound and image data (as obtained,
for instance, through cctv cameras, or biometric identifiers), or statistical
data, for example.
The second step in the process requires a company to specify who “determines”
the purposes of any processing operation: this entity must be regarded as the controller. In order to do so, for complex operations, you will need to look closely at the
real activities of all the entities involved (e.g., in a group of companies) You should
try to specify the role of the other companies involved: they could be controllers with
respect to some operations, and processors with regard to other operations.
Having determined who is the controller and who is (or are) processor(s) with
regard to each distinct processing operation, you can (for transnational operations)
determine which national law applies to the separate processing operations. However: beware! In spite of an attempt by the EC data protection directive, in practice,
the national laws may show positive or negative conflicts; the different laws in the
EU Member States still (regrettably) often define their territorial applicability differently.
The purpose(s) specified for each operation determine(s) the application of
many relevant data protection rules:
- whether the data are collected for (a) legitimate purpose(s);
- if they are processed for a secondary purpose, whether that purpose is
compatible with the primary purpose;
- whether the data are adequate or inadequate, relevant or irrelevant and excessive or not excessive in relation to the purposes concerned;
- whether the data are accurate or inaccurate in view of the purposes concerned;
- whether, and if so, how often, the data should be up-dated;
- how long the data may be retained;
- what information should be provided to the data subjects (depending on
the specificity of the purposes and also whether the purpose is - or the purposes are - obvious or not);
- etc.
278
Da costo a risorsa - Attività produttive e protezione dei dati personali
For the third step, it must be attempted to specify the criterion or lawful basis
for each separate processing operation. For companies, this will generally be one of
the following:
- consent;
- contract;
- a legal obligation imposed on the controller (the company); or
- the “balance” criterion
Quite different, and very specific, requirements arise in respect of each of these
criteria: you must therefore carefully check whether you meet them:
- consent must be free, specific, informed and unambiguous (and for sensitive data, explicit and often in writing);
- contractual or pre-contractual stipulations about uses of personal data
may not be valid if they are unrelated to the main purpose of the contract;
- controllers must check whether they are really obliged to process (e.g. to
disclose data to a public authority) under some legal rule; and
- the “balance” criterion requires a careful assessment of the interests of both
the company and the data subjects - if possible, it is much better to obtain
the consent of the data subjects.
Fourthly, you must check whether you meet the other substantive requirements of
the applicable national law (or laws!), in particular as regards:
- the stricter rules or criteria for the processing of “sensitive data”;
- the informing of data subjects (and the specificity of the information) generally;
- the informing of data subjects of their rights in particular; and
- the granting of data subject rights: the right of access and correction; the
general right to object; the specific right to object to direct marketing
(whereby you must take into account the different requirements relating to
different technologies used for direct marketing - mail, fax, telephone, email - and the differences between different countries in this respect); and
the right not to be subjected to fully automated decisions based on “personality profiles”.
Once again, you must check these matters separately, for each distinct processing operation (defined by reference to its purpose, as explained above in the first step).
For the fifth step, you must check how you ensure security and confidentiality
of personal data, both within your company (or group of companies) and as concerns processors or agents. To this end, you must:
- check the physical security of your data;
- check whether you are limiting access to personal data on a “need-toknow” basis; and
Douwe Korff - Privacy in a Business: An Operational Model
279
- review what formalities you have put in place to ensure compliance (e.g.,
confidentiality clauses in employees’ contracts; in contracts with agents; in
contracts with other companies; and in intra-group agreements).
It is important to stress that the formalities just mentioned are not limited to
measures relating to outside contractors: you must also look at any rules or agreements that have been adopted within your company, or within your group of companies. You must also of course take special care with regard to on-line transmissions of data.
Finally, as the sixth step, you must check the notifications you have made to the
national data protection authority (or to different national authorities!) with regard
to your personal data processing operations: were they (and are they still) accurate?
4. Reflect
Now take a rest - and think about whether you should make new, and possibly
different arrangements within your company or group of companies, as concerns
your processors or agents, and as concerns your relationship with your data subjects
(in particular, your customers) - for instance:
- you may wish to assign responsibility for certain processing operations to
different entities within your company, or within your group - but remember that this may mean that different entities become the controller, and
perhaps even that a different law applies;
- you may wish to re-think how (and in how much detail) you inform your
data subjects;
- you may want to base certain operations on a different basis (e.g., on consent in stead of on the “balance” criterion, or vice versa);
- you may (usually should) revise - or where none exist, draw up - detailed
contracts or intra- or inter-company agreements reflecting the (possibly
new) arrangements, to reflect the (new?) arrangements
In this, there are some “dos” and “donts” (and perhaps a “perhaps”):
- do ensure that someone within your company or group of companies is
given overall responsibility for data protection - and give that person appropriate authority, and lend him your ear!
- do consult with your national data protection authority (or in appropriate
cases, with the relevant data protection authorities) - they are usually most
helpful!
- do consult with your national (and where appropriate, European) trade association - they are usually most knowledgeable!
280
Da costo a risorsa - Attività produttive e protezione dei dati personali
- perhaps hire a consultant to get you started and/or to train and assist your
in-house data protection official (but often this will not be necessary if you
adhere to the above and your operations are not too complex).
- don’t dissimulate: you can make new arrangements, but they must be real
ones, not facades!
5. Conclusion: cost and benefits
If you carry out the above exercise, you will know what you need to know to
arrange your data processing operations in such a way as to comply with any relevant (applicable) data protection rules. There may be practical issues you may want
to address - for instance, how to move from certain practices and certain databases,
which are not yet fully data protection compliant to practices and systems which do
fulfil the legal requirements. There may also be questions as to whether a particular
operation is in accordance with the relevant rules.
But at least you will have been able to remedy matters which could be remedied
without great cost or effort. And at least you now know where the problems are, and
will have an idea of how you would like to address them. As noted above, at 4, you
can now discuss these matters rationally and in a practical way with the data protection authority (or authorities), if needs be after having first consulted your trade association. You will find that the authorities will be positive to you, once they realise
you have tried, and are trying, to comply with the law. They are generally quite willing to discuss ways of bringing your practices and databases in line over time (provided the time-line isn’t too long). They are willing to discuss the wording of information-paragraphs in contracts, forms and on websites in a practical and open way.
It is extremely rare - I would almost say, unheard-of - for a bona fide company to be
unable to make practical, acceptable arrangements in consultation with the authorities. In other words: you can comply with data protection laws and –rules, without
this undermining proper business practices or the possibility to make a profit.
Not trying to make this effort, by contrast, can be costly. It will expose you to
enforcement action on the part of the authorities and the courts - who, if you haven’t
at least tried to bring your own house in order, will not be as helpful as they would
otherwise be. And remember that deliberately violating data protection law is costly:
the data protection authorities and the courts can impose severe sanctions. They can
fine you, or they (or the courts) can order you to cease certain operations, or to re-collect (or worse, destroy) data, or to retrospectively obtain the consent of your data subjects, or to re-design your databases (all of which is even more costly than fines). Most
costly of all: data subjects will abandon companies who violate their rights - they are
becoming increasingly aware of their rights and interests in this field.
Douwe Korff - Privacy in a Business: An Operational Model
281
Conversely, complying with data protection law is not as difficult as it may
seem - it just has to become part of your corporate thinking and ethos; it also does
not necessarily cost very much if carried out with common sense and in consultation with the authorities, trade associations and where appropriate consumers or
clients. And above all: making data protection and respect for the rights of your data subjects (in particular, your customers) part of your ethos and image is a major
benefit - increasingly, consumers are basing their choices on how they think the
companies they deal with treat them. Overall, data protection compliance is therefore
a benefit, not a cost to industry.
282
Da costo a risorsa - Attività produttive e protezione dei dati personali
Infomediazione come strumento dei consumatori
Carlo Formenti (1)
Nei modelli teorici che descrivono l’evoluzione dei rapporti sociali nell’epoca
di Internet gli scenari cambiano a seconda che l’accento venga posto prevalentemente sui fattori economici, politici, o culturali. Ma la letteratura sociologica concorda su un punto: la comunicazione a rete favorisce l’individualizzazione dei rapporti sociali a ogni livello, dalla famiglia al lavoro, alla politica. Manuel Castells(2)
parla di “privatizzazione della socialità”, o di “individualismo in rete”, riferendosi alla crisi – che le nuove tecnologie non hanno provocato ma sicuramente accelerato
– che investe la famiglia patriarcale, le forme tradizionali di rappresentanza politica
e sindacale, l’associazionismo fondato sull’appartenenza a comunità locali, categorie
professionali, ecc. Sembra dunque riemergere una tendenza di lungo periodo già
evidente nelle prime fasi del processo di modernizzazione - basti pensare alla dissoluzione delle forme tradizionali della famiglia e della comunità locale concomitante con il processo di formazione del mercato capitalistico nell’Inghilterra del XVII e
XVIII secolo. A una prima ondata nella direzione della frantumazione-atomizzazione delle relazioni sociali, accompagnata dalle politiche legislative del neonato statonazione, aveva tuttavia fatto seguito una lunga fase in controtendenza: per contrastare gli effetti devastanti dell’accumulazione primitiva sulle condizioni di vita della popolazione, lo stato inizia quella lunga marcia di istituzionalizzazione del mercato capitalistico destinata a durare un secolo e mezzo e a culminare con la nascita
del Welfare(3). Fu in quel periodo che maturarono le forme istituzionali della moderna democrazia e nacquero quei corpi intermedi – partiti politici, sindacati, associazioni professionali, organismi di rappresentanza, ecc. – che hanno ridisegnato
modalità e regole dell’appartenenza dopo il crollo delle comunità tradizionali. Ma
con i processi di deregulation economica degli anni ’80 e con il successivo decollo
della New Economy(4) si è rimesso in moto il processo di atomizzazione: come era capitato alle comunità tradizionali, le moderne forme di aggregazione sociale entrano
a loro volta in crisi, lasciando l’individuo a tu per tu con le impersonali potenze di
una tecnologia e di un mercato sempre più “globalizzati”.
La teoria neoliberista interpreta tale evoluzione come realizzazione dell’utopia
(1) Giornalista - Italia
(2) Cfr. Manuel Castells, La Nascita della società in rete, Università Bocconi Editore, Milano 2002. Vedi anche Galassia Internet, Feltrinelli, Milano 2002.
(3) Cfr. K. Polanyi, La grande trasformazione Le origini economiche e politiche della nostra epoca, Einaudi, Torino 1974.
(4) Per il rapporto fra deregulation e decollo della New Economy vedi K. Ohmae, Il continente invisibile, Fazi, Roma 2001.
Carlo Formenti - Infomediazione come strumento dei consumatori
283
del “mercato perfetto”, formulata più di due secoli fa da Adam Smith: l’avvento di
Internet consente di mettere sullo stesso piano venditori e compratori, in uno scambio “trasparente” in cui entrambi i contraenti accedono alle stesse informazioni. Al
tempo stesso stati-nazione e corpi intermedi perdono presa nei confronti di un “individuo sovrano”(5) che si trova ora nelle condizioni di offrire le proprie prestazioni
lavorative, di vendere e comprare beni o servizi, di scegliere soci e alleati al di fuori
di qualsiasi controllo politico, fiscale, ideologico. Ma questo modello, che ha contribuito ad alimentare il mito di una progressiva e irreversibile “disintermediazione”
delle relazioni economiche (tutti scambiano tutto con tutti, senza bisogno di ricorrere a intermediari) non descrive adeguatamente la complessa realtà della Network
Society. In particolare, l’approccio “economicista” sottovaluta la portata e la consistenza dei legami comunitari di nuovo tipo che le reti di computer hanno consentito di sviluppare. L’individualismo in rete, sostiene Castells(6) – sulla scia di Rheingold(7) e altri autori - non si riduce a una raccolta di individui isolati, ma configura
un modello sociale di nuovo tipo, un sistema di relazioni sociali “centrato” sull’individuo. Gli individui selezionano cioè i loro rapporti sulla base delle proprie affinità e costruiscono reti di legami personali in grado di garantire socialità, supporto,
informazione, senso di appartenenza e identità sociale. Ancorché diversi sia da quelli delle comunità tradizionali che da quelli delle moderne relazioni sociali, questi
nuovi legami non sono affatto “deboli”: la loro indipendenza da vincoli territoriali
e il fatto di affondare radici in un humus culturale fatto di affinità elettive li rende,
se mai, più solidi e duraturi. I rapporti fra Network Society e New Economy, insomma, cambiano in relazione al punto di vista adottato: nella teoria neoliberista lo scenario si articola su due figure fondamentali, l’individuo da una parte e il mercato
globale fondato sulle tecnologie di rete dall’altra, mentre tutti i “filtri” politici, sociali e culturali che si interpongono fra tali figure tendono a sparire (si potrebbe dire che il mercato incorpora la rete, configurandola come strumento capace di realizzare l’utopia del mercato perfetto). Dal punto di vista “culturalista” Internet – o
meglio le relazioni sociali fondate sulla rete – influenzano al contrario il mercato più
di quanto il mercato influenzi Internet, e questo perché i filtri fra individuo e mercato, invece di sparire, si moltiplicano, assumendo la forma di quelle comunità virtuali che costituiscono il terreno su cui si decide il successo o il fallimento di qualsiasi modello di business.
La seconda tesi appare più credibile ove si consideri che il capitalismo, nel momento in cui parte alla conquista di Internet, ha da tempo abbandonato il modello
fordista, fondato sulla produzione di massa di beni e servizi per un pubblico indif(5) Cfr. J. D. Davidson, W. Rees-Mogg, The Sovereign Individual, Simon & Shuster, New York 1997.
(6) Cfr. op. cit
(7) Cfr. H. Rheingold, Comunità virtuali. Parlare, incontrarsi, vivere nel cyberspazio, Sperling & Kupfer, Milano 1994.
284
Da costo a risorsa - Attività produttive e protezione dei dati personali
ferenziato. Il processo di terziarizzazione, lo spostamento dell’enfasi dalla produzione al consumo, l’attenzione per i mercati di nicchia, ecc. trasformano cultura e organizzazione delle imprese, inducendole a concentrare le energie sul controllo del
consumatore più che su quello del lavoratore. Ma controllare il consumatore non significa solo vendergli qualcosa, significa anche e soprattutto istaurare un rapporto
duraturo, fidelizzarlo, coinvolgerlo nella progettazione di beni e servizi. E nel momento in cui nascono le comunità virtuali questa “filosofia” è costretta a compiere
un ulteriore salto di qualità, affrontando una sfida ricca al tempo stesso di opportunità e di rischi. I secondi derivano dal fatto che le logiche di aggregazione delle
comunità virtuali - ad eccezione dei casi in cui queste nascano su iniziativa delle
stesse imprese, come comunità di esperti o appassionati di un determinato prodotto – si rivelano del tutto autonome dalle logiche di mercato (con cui entrano spesso in conflitto). L’elenco degli esempi in merito è nutrito: dal passaparola negativo
sulla qualità di un servizio, alla nascita di circuiti di scambio gratuito di prodotti capaci di mettere in crisi interi settori industriali (vedi il caso Napster); senza dimenticare la circolazione accelerata di informazioni che consente di esplorare un’ampia
gamma di alternative, intensificando la competizione, abbassando i prezzi e indebolendo le relazioni fra cliente e impresa fondate sul marchio. Al tempo stesso, le
comunità virtuali rappresentano una preziosa fonte di informazioni su gusti e preferenze dei consumatori, e nella misura in cui se ne ottiene la fiducia, possono trasformare la natura stessa del rapporto fra cliente e impresa, che da semplice transazione economica si trasforma in una relazione umana che entra in quanto tale nella catena del valore. Al punto che autori come Jeremy Rifkin(8) mettono in guardia
sui rischi di mercificazione delle relazioni umane, mentre è sempre su questo terreno che sorgono le maggiori sfide intorno al problema della privacy.
Questo paradossale intreccio di alleanza e conflitto fra imprese e consumatori
ha attraversato due fasi evolutive. Nella fase aurorale della Net Economy, è prevalsa la
convergenza di interessi: da un lato, le comunità virtuali rappresentavano per le imprese una fonte straordinaria di idee, progetti e suggerimenti, contribuivano a testare e migliorare prodotti e servizi, funzionavano da amplificatore e canale di diffusione di informazioni e notizie relative a merci e marchi aziendali; dall’altro, le imprese offrivano a loro volta alle comunità notizie e informazioni utili, mettevano a
disposizione – spesso gratuitamente – conoscenze e competenze relative all’oggetto
di interesse attorno a cui si era aggregata una comunità, ecc. È la fase che ha alimentato le tesi sullo sviluppo di un’economia della conoscenza in cui “tutti vincono”, perché tutte le parti in causa hanno qualcosa da guadagnare nello scambio reciproco di informazioni(9). È la fase in cui le comunità virtuali funzionano spesso da
(8) Cfr. J. Rifkin, L’era dell’accesso. La rivoluzione della New Economy, Mondatori, Milano 2000.
(9) Cfr. K. Kelly, Nuove regole per un mondo nuovo, Ponte alle Grazie, Milano 1999.
Carlo Formenti - Infomediazione come strumento dei consumatori
285
veri e propri incubatori per le startup. La seconda fase si sviluppa invece quando le
imprese della Net Economy iniziano a diminuire di numero e crescere di dimensioni
- un processo di selezione e concentrazione accelerato dalla crisi economica tuttora
in corso. A mano a mano che alcuni marchi si consolidano e riescono a costruire veri e propri “monopoli di nicchia”, mentre fanno il loro ingresso sul mercato dell’ebusiness i colossi dell’economia tradizionale, le imprese vincenti riescono a concentrare nelle proprie mani enormi data base di informazioni sui propri clienti, ed è a
questo punto che il pendolo comincia a oscillare nella direzione del conflitto.
Per le imprese della Net Economy, la relazione con le comunità virtuali è infatti
in primo luogo un mezzo per arrivare a un fine, che consiste nel raccogliere il maggior numero possibile di informazioni sui singoli membri delle comunità e nel rielaborarle a fini commerciali. La maggioranza, se non la totalità, dei modelli di business sono fondati sulla capacità di raccogliere dati personali che consentano di costruire profili personalizzati dei singoli consumatori, nella speranza di realizzare quel
modello ideale del marketing one to one che consentirebbe di ritagliare i prodotti sulle esigenze specifiche dei singoli individui. Ma è a questo punto che fini e mezzi entrano in conflitto: per “servire” il consumatore, dicono le imprese, dobbiamo sapere tutto su di lui, la rinuncia alla privacy è dunque il prezzo da pagare per chi voglia
ottenere beni e servizi che rispondano effettivamente alle sue esigenze. E tuttavia il
consumatore non è affatto interessato ad accettare questa relazione one to one con le
imprese, ben sapendo che la sua identità, le sue competenze e le sue conoscenze non
le ha costruite da solo, ma acquisite all’interno d’un network di relazioni con gli altri membri della comunità virtuale alla quale appartiene. E la comunità gli ha anche insegnato che, in quanto singolo, la sua relazione con le imprese è asimmetrica:
per quanto Internet consenta al consumatore di acquisire più informazioni sulle imprese di quanto fosse possibile in passato, le imprese continuano a sapere molte più
cose su di lui di quante lui ne sappia sulle imprese. Nella comunità, invece, circolano informazioni e conoscenze che consentono di cercare e trovare ciò che si desidera al miglior rapporto qualità/prezzo, e di emanciparsi così dalla tirannia del marchio. Infine la comunità offre ai propri membri l’opportunità di confrontare le proprie esperienze negative in merito di spamming, coockie, software di tracciamento,
compravendita di dati personali, ecc., e di scambiare tecnologie per proteggersi da
questi flagelli. In una parola, la comunità è il luogo in cui matura la sfiducia nei
confronti dei “tradimenti” delle imprese.
A usare questo termine è Manuel Castells(10), che definisce così la rottura della
solidarietà culturale che aveva caratterizzato la fase aurorale della Net Economy,
quando comunità virtuali e imprese formavano un fronte libertario che si opponeva ai tentativi di controllo governativo nei confronti della Rete. A preoccupare, al(10) Op. cit.
286
Da costo a risorsa - Attività produttive e protezione dei dati personali
lora, non erano i dati che ci si scambiava reciprocamente per favorire lo sviluppo di
tecnologie, reti di relazione e progetti, bensì il desiderio dei governi di riconquistare quelle fette di potere su cittadini e imprese che erano state loro tolte dall’avvento di Internet. Le imprese hanno rotto quel fronte libertario accettando di fornire ai
governi gli strumenti per realizzare i loro programmi di sorveglianza. Ciò è avvenuto sostanzialmente per due motivi: 1) la necessità di strappare leggi più severe a
tutela della proprietà intellettuale, minacciata dai fenomeni di napsterizzazione dei
contenuti - e successivamente la necessità di violare la privacy di utenti e consumatori per identificare eventuali infrazioni alle leggi, 2) la volontà di ottenere mano libera su acquisizione, elaborazione e vendita di dati personali.
Oggi stiamo tuttavia entrando in una terza fase, che si delinea a mano a mano
che le imprese si rendono conto delle conseguenze del deficit di fiducia che esse stesse hanno prodotto, e che sempre più si ritorce contro di loro. Così la Direct Marketing Association, dopo avere osteggiato per anni ogni ipotesi di legge antispam, ha
iniziato a premere sul Congresso americano perché vari un provvedimento contro
le pratiche del marketing selvaggio; così Microsoft lancia la sua strategia Trustworthy
Computing, per neutralizzare le diffidenze che le associazioni dei consumatori avevano espresso nei confronti del servizio Passaport; così Yahoo inserisce tool antispam
nei suoi servizi di posta elettronica; così molte grandi imprese si dicono disposte ad
adottare i principi del permission marketing,(11) e a inviare messaggi promozionali
esclusivamente ai consumatori interessati a riceverli. A provocare simili “pentimenti” sono i dati relativi ai devastanti effetti collaterali delle politiche di marketing più
aggressive e spregiudicate: un rapporto della Federal Trade Commission stima in 18
miliardi le perdite di fatturato nel 2001, provocate dalle transazioni interrotte dai
consumatori, irritati dalla richiesta di fornire i propri dati personali; la rivista Wired
rivela che il 31% dei navigatori americani cambia indirizzo e-mail almeno una volta all’anno per evitare l’invio di posta indesiderata, sottolineando come tale comportamento provochi gravi danni all’e-commerce, rendendo inutilizzabili data base
faticosamente raccolti nel corso di anni; infine si diffonde rapidamente l’uso di tecnologie anticookie, software per mantenere l’anonimato durante la navigazione, filtri antispam, strumenti per effettuare pagamenti anonimi, ecc.
Ma le nuove politiche che le imprese adottano per far fronte a questi problemi
hanno un limite fondamentale: cercano cioè di riconquistare la fiducia dei consumatori a partire dai rapporti con i singoli individui, ignorandone le appartenenze
comunitarie. Questo approccio rivela come non si sia ancora capito che campagne
di immagine e promesse solenni non bastano a convincere i consumatori, i quali,
dopo tante scottature, non sono disposti a verificare sulla propria pelle l’attendibilità di queste rassicurazioni. Detto altrimenti: la fiducia non è un bene che possa es(11) Cfr. S. Godin, Permission marketing. Trasformare gli estranei in amici e gli amici in clienti, Parole di Cotone, Milano 2000.
Carlo Formenti - Infomediazione come strumento dei consumatori
287
sere “prodotto” o “venduto” dalle imprese. È un bene che si genera spontaneamente all’interno delle comunità, e di cui le imprese possono usufruire solo se accettano a loro volta di esporsi al giudizio delle comunità, e non solo a quello dei singoli
consumatori. Arriviamo così al punto: esiste un incentivo economico in grado di favorire questo ulteriore passo? Il concetto di privacy come risorsa può diventare qualcosa di più di un semplice slogan propagandistico? Esiste un modello di business in
grado di inserire la produzione di fiducia nella catena del valore?
Alcuni teorici del marketing, come John Hagel III(12), rispondono positivamente lanciando l’idea degli infomediari. Il concetto di infomediario è iscritto nel tramonto dell’utopia dell’accesso universale e generalizzato allo scibile umano che l’ipertesto elettronico sarebbe in grado di garantire a tutti. Nel momento in cui trasforma in realtà il sogno di Ted Nelson(13), il World Wide Web ne dimostra il limite
intrinseco: la mostruosa inflazione di dati che circolano nelle reti di computer rende difficile accedere a informazioni realmente significative. Motori di ricerca, portali tematici e gli altri filtri elaborati dal giornalismo on line (professione che diverge sempre più dal giornalismo tradizionale, come dimostra il fenomeno dei web
log), rappresentano altrettanti modelli di infomediazione. John Hagel III sviluppa
un ulteriore modello in relazione ai problemi dell’e-commerce; un modello che parte dalla critica ai teorici del mercato perfetto: non è vero che Internet ridimensiona
il ruolo degli intermediari, dando ai venditori l’opportunità di raggiungere direttamente i compratori e viceversa. Anche la ricerca di informazioni commerciali, il
confronto del rapporto qualità/prezzo fra prodotti diversi, la ricerca di dati sui gusti e sulle tendenze dei consumatori, la comunicazione pubblicitaria ecc. richiedono funzioni di intermediazione capaci di governare la spaventosa complessità del
Web. Ecco perché, grazie alle comunità di consumatori che si sono aggregate attorno ai loro network, giganti della Net Economy come Amazon, Yahoo! ed eBay hanno
potuto assumere il ruolo di “certificatori” dell’affidabilità di prodotti e servizi di altre imprese. Ed ecco perché, a mano a mano che gli interessi del marketing e dei consumatori divergono, si fa pressante la domanda di assistenza da parte di un consumatore consapevole di non essere in grado di negoziare con le imprese in quanto
singolo A soddisfare tale domanda, sostiene John Hagel III, dovrebbero essere degli
operatori di fiducia che tratterebbero al posto del consumatore. Il compito di questi “agenti dei consumatori” consisterebbe nel conoscere a fondo desideri, bisogni e
preferenze dei propri clienti, oltre a tutta una serie di dati personali (dal reddito al
profilo anagrafico), per poi mettere a confronto tali informazioni con quelle delle
imprese che operano sul mercato. L’obiettivo di tutto ciò consiste nel creare una sorta di “mercato inverso”: non si parte dalle merci e dai prezzi fissati dalle imprese,
(12) Cfr. J. Hagel III, Net Worth, Apogeo, Milano 2001.
(13) Cfr. T. Nelson, Literary Machine, Muzzio, Padova 1992.
288
Da costo a risorsa - Attività produttive e protezione dei dati personali
bensì dalle esigenze dei consumatori e dalle cifre che costoro sono disposti a spendere per soddisfarle. Per svolgere il proprio ruolo, l’infomediario dovrebbe potere
“spiare” il cliente - ovviamente con il suo consenso e offrendogli l’assoluta garanzia
che nessun altro verrà in possesso dei dati che lo riguardano – in modo da disegnarne un profilo il più accurato possibile. Inoltre dovrebbe fornirgli strumenti
(software, formazione, consulenza, ecc.) utili per proteggerne la privacy. Riassumendo: se il consumatore desidera acquistare un determinato prodotto o servizio,
l’infomediario esplora la rete al suo posto, 1) aiutandolo a spuntare il miglior prezzo possibile, 2) evitandogli di esporsi a qualsiasi richiesta di dati da parte del venditore. In poche parole l’infomediario non vende nulla, si limita a prestare un servizio ricompensato con una percentuale sul prezzo dei beni acquistati. Oppure potremmo dire che l’infomediario vende fiducia: ai consumatori, proteggendoli dalle
violazioni di privacy cui li espone il contatto diretto coi venditori, e alle imprese, alle quali offre opportunità di vendita alle quali non avrebbero potuto accedere a causa della diffidenza dei consumatori.
Una prima osservazione è che questo tipo di servizio viene già svolto, in forme
diverse, da una serie di imprese: basti pensare ai servizi di infomediazione finanziaria offerti dalle banche, oppure alle agenzie di viaggio e ai club del libro. Ancora più
significativo il caso eBay, un marchio che, di fatto, non “vende” altro che fiducia,
nel senso che mette a disposizione dei suoi utenti un ambiente virtuale “protetto”
in cui le transazioni (in questo caso le aste) si svolgono in sicurezza, dove compratori e venditori si sentono al riparo da truffe, raggiri, violazioni di privacy, ecc. Ma
anche i grandi portali come aol, msn e yahoo! svolgono questa funzione di infomediari e garanti delle condizioni di sicurezza e privacy che accompagnano le transazioni online. Ma qui scatta la seconda osservazione: questi “luoghi” del mercato
virtuale coincidono con quei crocevia della rete - gateway (porte) presidiate da gatekeeper (guardiani) - che Jeremy Rifkin(14) denuncia in quanto agenti della mercificazione delle relazioni umane: sia che restino “ibridi”, quali sono attualmente, sia che
evolvano verso le forme di infomediazione “pura” vagheggiate da John Hagel III,
queste imprese controllano modalità e condizioni di accesso degli utenti alla rete.
Ma chi controlla i controllori? È vero che il consumatore isolato non è in grado di
negoziare a causa della dissimmetria informativa che caratterizza il suo rapporto con
le imprese, ma delegando la tutela della propria privacy a una terza parte, con cui si
troverebbe a intrattenere una relazione non meno asimmetrica, non migliorerebbe
la propria situazione. Torniamo dunque al punto di partenza: concepita esclusivamente come modello di business, la produzione di fiducia sembrerebbe restare un
obiettivo impossibile. Arriviamo così al punto: gli interessi economici possono contribuire alla produzione di fiducia, ma non possono sostituire quei fattori politico(14) Op. cit.
Carlo Formenti - Infomediazione come strumento dei consumatori
289
culturali che restano fondamentali per risolvere il problema. La tesi qui avanzata è
che il concetto di infomediario risulta credibile solo nella misura in cui viene concepito come articolazione funzionale delle comunità virtuali.
Di ciò è consapevole lo stesso John Hagel III: non solo perché indica le comunità virtuali fra i più probabili candidati ad assumere il ruolo di infomediario, ma
anche perché prospetta la possibilità che gli infomediari finiscano per svolgere nei
confronti dei consumatori il ruolo che i sindacati svolgono nei confronti dei lavoratori(15). Se milioni di consumatori fossero in grado di parlare con un’unica voce
grazie agli infomediari, la loro capacità di influire sulle politiche aziendali e governative, diventerebbe formidabile, assai superiore a quella di cui dispongono le attuali associazioni dei consumatori. Queste potenti organizzazioni esprimerebbero la
volontà collettiva dei consumatori mettendoli nelle condizioni di incalzare le aziende non solo sui temi della privacy, ma anche in materie come la sicurezza dei prodotti, il rispetto dell’ambiente, la protezione dei dati, i prezzi, gli standard di assistenza, il rispetto dei diritti civili nei paesi in via di sviluppo, ecc. Ovviamente, all’interno di organizzazioni del genere, la produzione di fiducia non rappresenterebbe più un problema.
Una prima formula potrebbe essere quella di un sindacato impegnato anche in
attività commerciali a scopo di autofinanziamento e di pressione negoziale nei confronti delle altre imprese. Un esempio del genere ci viene offerto da un fondo di
pensione come il Calpers (California Public Employees’ Retirement System), sostenuto
dai sindacati e dal Partito Democratico, che opera come una potente lobby in grado di premere su provvedimenti legislativi e politiche aziendali, mentre qualcosa di
analogo potrebbe diventare, qualora decidesse di estendere le proprie attività al settore della Net Economy e di tutelare i propri associati anche sul terreno della privacy,
l’italiana Lega delle Cooperative. Un altro esempio concreto è quello incarnato dalla comunità di utenti e sviluppatori del software open source, al cui interno si sono
sviluppate le competenze che hanno favorito la nascita di imprese (come Red Hat,
SuSe, Caldera, ecc.) che operano nel campo del software, dove gli utenti possono
confrontare la qualità dei vari prodotti attraverso un ampio network di siti, newsgroup, mailing list e web log, dove chi ne è in grado può contribuire a modificare i
prodotti e a migliorarne la qualità e dove, infine, viene dedicata un’attenzione ossessiva alle tecnologie e alle conoscenze necessarie a tutelare la privacy, a difendere
la libertà di parola in rete, ecc. Una terza formula possibile è quella di un’impresa
commerciale capace di “cooptare” al proprio interno una comunità di utenti cui delegare la soluzione del problema della fiducia. È il caso di eBay, il celebre sito di aste
che non ha bisogno di “garantire” la sicurezza del proprio spazio di vendita perché
è la comunità dei suoi utenti a certificare l’attendibilità dei singoli operatori attra(15) Cfr. J. Hagel III, op. cit.
290
Da costo a risorsa - Attività produttive e protezione dei dati personali
verso un sistema di rating autogestito.
Per concludere riassumiamo le tesi fin qui avanzate. 1) L’individualizzazione
dei rapporti sociali che si accompagna allo sviluppo della comunicazione a rete non
provoca la sparizione delle forme di aggregazione intermedie, né la disintermediazione dei rapporti economici, ma opera piuttosto come motore di un nuovo modello di socialità, nel quale l’individuo è al centro di reti di relazioni fondate sulle
affinità di interessi, bisogni, passioni, ecc. che danno vita a comunità virtuali, le
quali sono a loro volta destinate ad avere un peso decisivo nel determinare il successo o il fallimento di qualsiasi modello di business (per dirla altrimenti: Internet
cambia l’economia più di quanto l’economia cambi Internet). 2) Nel rapporto fra
Network Society e Net Economy (cioè fra comunità e imprese) ci sono state due fasi:
nella prima è prevalsa la collaborazione, fondata sullo scambio reciproco di conoscenze e informazioni, nella seconda le imprese hanno “tradito” l’alleanza con le comunità, concentrando le proprie energie sulla raccolta, elaborazione e compravendita dei dati personali dei singoli utenti-consumatori. Questo tradimento ha generato nei consumatori una sfiducia che, assieme ad altri fattori, ha contribuito a mettere in crisi la Net Economy. 3) A mano a mano che le imprese hanno compreso che
il deficit di fiducia si ritorce contro i loro interessi, si sono create le condizioni per
una terza fase: così oggi le imprese cambiano politica, cercando di inserire la produzione di fiducia nella catena del valore; ma quando viene fatto privilegiano le relazioni con il singolo consumatore, mentre si sottovaluta il ruolo delle comunità come luogo in cui possono maturare relazioni più positive fra imprese e consumatori.
4) Per affrontare il problema c’è chi propone un nuovo modello di business, quello
dell’infomediario, che avrebbe il compito di gestire la relazione fra consumatori e
imprese, tutelando le esigenze di privacy dei primi e permettendo alle seconde di ridurre i costi della sfiducia. 5) Pur rappresentando un buon passo in avanti sul piano concettuale, questa ipotesi ha il limite di restare ancorata alla relazione fra impresa e singolo consumatore, e per superare tale limite occorrerebbe concepire l’infomediario non solo come modello di business, ma anche come una nuova forma di
aggregazione sociale, come una comunità che avrebbe, fra i suoi tanti compiti, anche quello di tutelare la privacy dei propri membri. In questo modo, la fiducia entrerebbe nella catena del valore della Net Economy “di riflesso”, nel senso che verrebbe prodotta in altri contesti socioculturali per poi venire “esportata” nel contesto
economico.
Resta da aggiungere che gli scenari appena descritti possono assumere credibilità solo se sostenuti da adeguate politiche governative. Il che può avvenire in forme
diverse: nel contesto europeo, è più facile immaginare un quadro in cui i protocolli negoziali fra imprese e infomediari assumano valore di leggi o regolamenti pubblici (riproponendo il metodo della triangolazione fra imprese, sindacati dei lavora-
Carlo Formenti - Infomediazione come strumento dei consumatori
291
tori e governi); nel contesto americano è più realistico pensare a una situazione in
cui le imprese finiscano per adottare regole di condotta mutuate dall’esperienza degli infomediari, magari elaborando dei codici deontologici. Entrambe le vie, tuttavia, possono funzionare solo in un contesto politico-culturale che inquadri il diritto alla privacy nei diritti fondamentali del cittadino, contesto che, purtroppo, non
può essere dato per acquisito, né tanto meno per scontato.
292
Da costo a risorsa - Attività produttive e protezione dei dati personali
Infomediation as a Consumer Tool
Carlo Formenti (1)
In the theoretical models describing the evolution of social relations in the age
of Internet, the scenario changes depending on whether the stress is placed prevailingly on economic, political or cultural factors. But sociological literature agrees on
one point: communication on the net fosters the detection of social relations at
every level, from the family to labour, to politics. Manuel Castells(2) talks of “denationalisation of sociality”, or “individualism on the net”, referring to the crisis – that
the new technologies have not caused but surely expedited – affecting the patriarchal family, the traditional forms of political and trade union representation, associationism based on membership in local communities, professional classes, etc.
Thus, a trend that has long been evident in the first phases of the modernisation
process seems to be re-emerging. Just think of the dissolution of the traditional
forms of the family and the local community concurrently with the formation
process of the capitalist market in an 17th and 18th century England. A first wave
in the direction of the disruption-atomisation of social relations, accompanied by
the legislative policies of the newly born state-nation, was however followed by a
long stage marked by a countertendency: to counter the devastating effects of primitive accumulation on the life conditions of the population, the state started the
long march of institutionalising the capitalist market that was to last half a century and end with the birth of the Welfare(3). It was at that time that the institutional forms of modern democracy ripened and that those intermediate bodies – political parties, trade unions, professional associations, representative bodies, etc. – were
born, and redesigned the membership modalities and rules after the collapse of the
traditional communities. But the economic deregulation processes in the ‘80’s and
the subsequent take off of the New Economy(4) gave new momentum to the process
of atomisation: as had occurred in traditional communities, the modern forms of
social aggregation in turn reached a crisis, leaving the individual to face the impersonal powers of a growingly “globalised” technology and market.
The neo-liberalist theory interprets such evolution as the achievement of the
“perfect market” utopia, developed more than two centuries ago by Adam Smith:
(1) Journalist - Italy
(2) See Manuel Castells, (The rise of the Network Society) La Nascita della società in rete, Università Bocconi Editore, Milan 2002. See also Galassia Internet, Feltrinelli, Milano 2002
(3) See K. Polnyi, “La grande trasformazione. Le origini economiche e politiche della nostra epoca, Einaudi, Torino 1974.
(4) In respect of the relation between deregulation and take off of the New Economy, see K. Ohmae, Il continente invisibile,
Fazi, Roma 2001.
C a r l o F o r m e n t i - I n f o m e d i a t i o n a s a C o n s u m e r To o l
293
the advent of Internet has placed sellers and purchasers on the same level, in a
“transparent” exchange in which both contracting parties have access to the same
information. At the same time state-nations and intermediate bodies have lost
ground vis à vis a “sovereign individual”(5) who can now offer his expertise, sell and
buy goods and services, choose partners and allies outside any political, tax and ideological control. But this pattern, which has contributed to nurture the myth of a
progressive and irreversible “disintermediation” of economic relations (everyone exchanges everything with everyone, without having to resort to intermediaries), cannot adequately describe the complex reality of Network Society. In particular, the
“economicist” approach underestimates the scope and consistency of this new type
of community links that computer nets have enabled to develop. Individualism on
the net, so says Castells(6) – on the wake of Rheingold(7) and other authors – cannot
be cut down to a collection of isolated individuals, but is a new type of social model, a system of social relations “focused” on the individual. The individuals select
their relations on the basis of their affinities and build nets of personal links that can
ensure sociality, support, information, sense of belonging and social identity. Although different both from those of traditional communities and those of modern
social relations, these new relations are not by far “weak”: their independence from
territorial restraints and the fact of placing one’s roots in a cultural humus made of
elective affinities, makes them, rather, more solid and lasting. Relations between
Network Society and New Economy, in fact, change in relation to the adopted
point of view: in the neo-liberalist theory, the scenario is based on two basic entities, the individual on the one hand and the global market based on net technologies on the other, while all the political, social and cultural “filters” interposing between such entities tend to disappear (we could say that the market embodies the
net, considering it as a tool that can accomplish the perfect market utopia). From a
“cultural” point of view, Internet, or rather social relations based on the net, on the
contrary affects the market much more than the market affects Internet, and this is
because the filters between an individual and the market, instead of disappearing,
have multiplied, taking the form of those virtual communities which constitute the
ground where the success or failure of any kind of business is decided.
The second theory appears to be more credible if we consider that when capitalism launches off to conquer Internet, it will have long abandoned the Ford pattern, based on the mass production of goods and services for an undifferentiated
public. The fordist process, the shifting of emphasis from production to consumption, the attention for niche markets, etc. change the culture and organisation of
(5) See J.D.Davidson, W. Rees-Mogg. The Sovereign Individual, Simon & Simon, New York 1997.
(6) See op.cit.
(7) See H. Rheingold, Comunità virtuali. Parlare, incontrarsi, vivere nel cyberspazio, Sperling & Kupfer, Milano 1994.
294
Da costo a risorsa - Attività produttive e protezione dei dati personali
corporations, inducing them to focus their energies on controlling the consumer
rather than the worker. But to control a consumer does not only mean selling him
something, it also and especially means establishing a lasting relation, making him
loyal and involving him in the development of goods and services. And when virtual communities are born this “philosophy” is obliged to make a further quality
step, standing up to a challenge at the same time rich in opportunities and risks.
The latter stem from the fact that the aggregation logics of virtual communities –
with the exception of cases in which they are born on initiative of the corporations
themselves, as communities of experts or fans of a given product – turn out to be
completely independent from the market logics (with which they are often in conflict). There is a long list of examples of this: from the adverse word-of-mouth on
the quality of a service to the birth of free exchange circuits of products capable of
jeopardising whole industrial sectors (see the case of Napster); without forgetting
the expedited flow of information which enables to explore a wide range of alternatives, intensifying competition, lowering prices and weakening relations between
customers and a company based on trade mark. At the same time, virtual communities represent a precious source of information on the tastes and preferences of
consumers, and to the extent to which one obtains their trust, the nature itself of
relations between client and corporation can be transformed from a simple economic transaction to a human relation which enters, as such, in the chain of value.
This is true to such an extent that authors like Jeremy Rifkin(8) have warned us on
the risk of commodifying human relations, while it is always on this ground that
the major challenges concerning the privacy problem arise.
This paradoxical entwine of alliances and conflicts between corporations and
consumers has crossed two stages in its development. At the dawn of Net Economy, the convergence of interests prevailed: on the one hand, for the corporations
the virtual communities represented an extraordinary source of ideas, projects and
suggestions, contributed to testing and improving products and services, acted as
amplifiers and diffusion channels of information and news concerning goods and
corporation trade marks; on the other, corporations in turn offered the communities news and useful information, made available – often free of charge – their
know how and expertise on the object of interest around which a community had
formed, etc. This is the stage which nurtured the theory on the development of an
economy of know how in which “everyone wins”, because all the parties in cause
have something to gain in the mutual exchange of information(9). It is the stage in
which virtual communities often work as real incubators for the start-ups. The second stage, instead, developed when the number of Net Economy corporations start(8) See j. Rifkin.L’era dell’accesso. La rivoluzione della New Economy, Mondatori, Milano 2000.
(9) See K. Kelly, Nuove regole per un mondo nuovo, Ponte alle Grazie, Milano 1999.
C a r l o F o r m e n t i - I n f o m e d i a t i o n a s a C o n s u m e r To o l
295
ed dropping and their size started increasing – an expedited selection and concentration process of the still on going economic crisis. And while some trade marks
were consolidated and succeeded in building real “niche monopolies”, and while the
colossals of the traditional economy made their entry in the e-business market, the
successful corporations managed to concentrate in their hands huge data base of information on their customers, and it is at this point that the pendulum started to
swing in the direction of conflict.
For Net Economy corporations, their relations with the virtual communities is
in fact in the first place a means for reaching a goal, which consists in collecting as
much information as possible on the individual members of the communities, and
in reprocessing it for marketing purposes. The majority, if not the totality, of business patterns are based on the capacity of collecting personal data and developing
personalised profiles on single consumers, hoping to accomplish the ideal marketing, one-to-one pattern, that would enable to mould products on the specific needs
of single individuals. But it is at this point that the means and ends enter in conflict: in order to “serve” consumers, so the corporations say, we have to know everything on them, the waiver of their privacy is thus the price consumers have to pay
to get goods and services that actually meet their needs. However, consumers are
not interested at all in accepting this one to one relation with corporations, well
aware that their identity, skills and know how were not built all alone, but acquired inside a network of relations with other members of the virtual community
where they belongs. And the community has also taught them that, in as much as
individuals, their relations with corporations are asymmetrical: even if Internet enables consumers to acquire more information on corporations than it was possible
in the past, corporations continue to know many more things on consumers than
consumers know on corporations. In a community, instead, information and know
how circulates to enable members to look for and find what they want at the best
quality/price ratio, and to free themselves form the tyranny of the trade mark. Lastly, the community offers its members the chance of comparing their adverse experience on spamming, cookie, tracing software, personal data sale, etc, and to exchange technologies to protect themselves from these plagues. In one word, the
community is the place where the mistrust in corporation “betrayals” flourishes.
It is Manuel Castells(10) who uses this word. This is how he defines the breach
in cultural solidarity featuring the dawn of Net Economy, when virtual communities and corporations formed a libertarian front to counter governmental efforts to
control the Net. What worried at the time was not the data mutually exchanged to
favour the development of technologies, nets of relations and projects, but the governments’ intent to win back the share of power over citizens and corporations
(10) Op.cit.
296
Da costo a risorsa - Attività produttive e protezione dei dati personali
which they had lost with the advent of Internet. Corporations breached the libertarian front accepting to provide governments the means to accomplish their supervision plans. This basically occurred for two reasons: 1) the need to reap stricter
laws protecting intellectual property, jeopardised by content napsterisation phenomena – and subsequently the need to breach the privacy of users and consumers
to identify possible breaches of law, 2) the intent of obtaining free hand on personal data acquisition, processing and sale.
However, today we are entering a third phase, which is taking shape in so
much as the corporations are realising the consequences of the lack of trust that they
themselves brought about, and that is growingly turning against them. So the Direct Marketing Association, after having opposed any kind of antispam law for
years, started to urge the US Congress to launch a law against wild marketing practises; so Microsoft has launched its Trustworthy Computing policy to neutralise the
diffidence that consumer associations had expressed vis à vis the Passport Service; so
Yahoo has included an antispam tool in its services of electronic post; so many major corporations say they are willing to adopt the permission marketing principles(11),
and send promotional messages exclusively to consumers interested in receiving
them. It is the data concerning the devastating side effects of the more aggressive
and unscrupulous marketing policies that have caused such “feelings of repentance”:
a report of the Federal Trade Commission estimates business losses in 2001 at 18
billions, caused by transactions interrupted by consumers, irritated by the request
of providing their personal data; the magazine Wired reveals that 31% of American
surfers change e-mail address at least once a year to avoid receiving undesired post,
and notes how such conduct causes serious damage to e-commerce, making data
base collected with great effort during the years unusable; lastly, anticookie technology is rapidly spreading: software to remain unnamed during surfing, antispam
filters, tools to make anonymous payments, etc.
The new policies adopted by corporations to tackle these problems have a fundamental limit: they try to win back consumers’ trust by establishing relations with
single individuals, and ignoring the communities where they belong. This approach
shows how they have not yet grasped that image campaigns and solemn promises
are not enough to convince consumers, whom, after having been burned so many
times, are not willing try on their skin the reliability of these reassurances. In other terms, trust is not an asset that can be “produced” or “sold” by corporations. It
is an asset generated spontaneously within the communities, and which can be used
by corporations only if they in turn accept to expose themselves to the opinion of
the communities, and not only to that of individual consumers. Let’s get to the
point then: is there an economic incentive which can favour this further step? Can
(11) See S. Godin, Permission marketing, Trasformare gli estranei in amici e gli amici in clienti, Parole di Cotone, Milano 2000.
C a r l o F o r m e n t i - I n f o m e d i a t i o n a s a C o n s u m e r To o l
297
the concept of privacy as a resource become something more than a simple propaganda slogan? Is there a business model that can include the production of trust in
the chain of value?
Some marketing scholars, like John Hagel III(12), answer affirmatively and
launch the idea of infomediary. The concept of infomediary has been written in the
wane of the utopia of a universal and generalised access to human knowledge ensured to all by an electronic hyper text. When Ted Nelson’s(13) dream is turned into
reality by the World Wide Web, its intrinsic limit becomes evident: the terrific inflation of data flowing in computer nets makes it difficult to access really significant
information. Search engines, theme portals and the other filters developed by online journalism (a profession which growingly diverges from traditional journalism,
as the web log phenomenon shows), represent just as many other models of infomediary. John Hagel III has developed a further model in relation to e-commerce
problems; a model which starts from the criticism of the scholars supporting the theory of a perfect market; it is not true that Internet cuts down the role of intermediary, giving the sellers the chance of directly reaching the purchasers and vice versa.
Even the search for commercial information, the comparison of quality/price between different products, the search for data on consumer tastes and trends, advertising communication, etc. call for intermediation functions capable of ruling the
tremendous complexity of the Web. That is why, thanks to consumer communities
which have arisen around their networks, giants of the Net Economy like Amazon,
Yahoo! and eBay have succeeded in taking on the role of “certifiers” of the trustworthiness of products and services of other corporations. And that is why, an increase in the gap between marketing and consumer interests goes hand in hand with
an increase in the request for assistance on behalf of a consumer aware of not being
able to negotiate with corporations in as much as an individual. John Hagel III, says
that trusted agents should be the ones to meet such demand, and do the business
instead of the consumer. These “consumer agents” should have the task of thoroughly knowing the wishes, needs and preferences of their customers, as well as a
whole number of personal data (from income to personal details), and then compare
this information with the information provided by corporations operating on the
market. The objective of all this consists in creating a kind of “inverse market”: you
do not start from the goods and prices fixed by the corporations, bur rather from
the needs of consumers and the amount they are willing to spend to satisfy them. In
order to play his role, an infomediary should be able to spy his client – obviously
with his consent, and assuring him that no one else will get hold of his data – so as
to sketch out a profile as accurate as possible. Furthermore, he should provide his
(12) See J. Hagel III, Net Worth, Apogeo, Milano 2001.
(13) See. T. Nelson, Literary Machine, Muzzio, Padova 1992.
298
Da costo a risorsa - Attività produttive e protezione dei dati personali
client useful tools (software, training, advice, etc.) to protect his privacy. To sum up,
if a consumer wishes to buy a given product or service, an infomediary explores the
net in his stead, 1) helping him get the best possible price, and 2) avoiding him being exposed to the seller’s request for data. In short, an infomediary does not sell
anything, he just provides a service remunerated with a percentage on the price of
the purchased goods. Or we could say that an infomediary sells trust: to consumers,
protecting them from a breach of privacy they would get if they got in contact with
the sellers, and to corporations, the chance of selling goods, which they would not
have otherwise sold because of the consumers’ diffidence.
My first comment is that this type of service has already been provided, in
different forms, by a number of corporations: just think of the financial infomediation services provided by the banks, or the travel agencies and the book clubs. Even
more significant is the case of eBay, a trade mark that, de facto, sells nothing else
but “trust”, in the sense that it puts a “protected” virtual milieu at the disposal of its
users, where transactions (in this case, the auctions) are carried out without risks,
where the purchasers and the sellers feel protected from frauds, swindles, privacy
breaches, etc. . The major portals too, such as AOL, MSM and Yahoo! perform the
task of infomediary and assure the security and privacy conditions accompanying
online transactions. But here comes my second comment: these “places” of the virtual market coincide with those gateways presided by gatekeepers that Jeremy
Rifkin(14) claims to be the agents commodifying human relations: both if they stay
the “hybrids” that they are now, and if they develop into the forms of “pure” infomediary suggested by John Hagel III, these corporations control the access modalities and conditions of the Net users. But who controls the controllers? Surely an
isolated consumer cannot negotiate due to the information asymmetry featuring his
relation with corporations, but by delegating the protection of his privacy to a third
party, with which he would have a just as asymmetrical relation, he would not improve his position. Then, let’s go back to square one: exclusively conceived as a
business model, the production of trust would seem to be an impossible objective.
Let’s get to the point then: economic interests may contribute to producing trust,
but cannot replace those political-cultural factors which are still essential to solving
the problem. The theory set forth here is that the concept of infomediary is credible only to the extent in which it is conceived as a functional articulation of virtual communities.
This is what John Hagel III is aware of himself: not only because he indicates
the virtual communities as the more probable candidates for taking on the role of
infomediary, but also because he suggests the possibility for infomediaries to end up
performing the role vis à vis consumers that trade unions carry out vis à vis work(14) Op.cit.
C a r l o F o r m e n t i - I n f o m e d i a t i o n a s a C o n s u m e r To o l
299
ers(15). If millions of consumers could talk with one voice thanks to infomediaries,
their capacity to affect corporate and government policies would become terrific, far
greater than that of existing consumer associations. These powerful organisations
would express the collective will of consumers, putting them in the condition of
harassing corporations not only in matters of privacy, but also in respect of the safety of products, environmental and data protection, prices, assistance standards,
compliance with civil rights in developing countries, etc. Obviously, the production
of trust would no longer be a problem within organisations of this kind.
The first solution could be that of a trade union engaged also in trade activities with a view to self-financing and putting pressure on negotiations with other
corporations. An example of the kind comes from a pension fund like Calpers (California Public Employees’ Retirement System), supported by trade unions and the
Democratic Party, which operates as a powerful lobby that can put pressure on legislative provisions and corporate policies. The Italian Lega delle Cooperative could
become something similar, if it decided to extend its activities to the Net Economy
field. Another concrete example is that embodied by the community of the opensource software users and developers, which has developed the expertise that has fostered the birth of corporations (such as Red Hat, SuSe, Caldera, etc.) operating in
the software field, where users can compare the quality of various products through
a wide network of sites, newsgroups, mailing list and web log, where whoever is capable of doing so, can contribute to changing the products and improving their
quality, and where, lastly, obsessive attention is dedicated to technologies and know
how required to protect privacy, defend the freedom of speech on the net, etc.. A
third possible solution is that of a trade company capable of “co-opting” within itself a community of users responsible for solving the problem of trust. It is the case
of eBay, the popular auction site which does not have to “guarantee” the safety of
its selling space because it is the community of its users that certifies the reliability
of individual agents through a self-managed rating system.
To conclude, let’s summarise the theories set forth so far. 1) The depletion of
the social relations accompanying the development of net communication does not
bring about the disappearance of the forms of intermediate aggregation, nor the disintermediation of economic relations, but rather operates as the engine of a new sociality pattern, where the individual is at the centre of a network of relations based
on affinities of interests, needs, passions, etc. that give life to virtual communities,
which are in turn going to have a decisive weight in determining the success or failure of any business pattern (or in other words: Internet changes the economy far
more than the economy changes Internet). 2) In the relation between Network Society and Net Economy (i.e. between communities and corporations) there have
(15) See J. Hagel III, mentioned work.
300
Da costo a risorsa - Attività produttive e protezione dei dati personali
been two phases: in the first phase, a co-operation based on the mutual exchange
of know how and information prevailed; in the second, corporations have “betrayed” the alliance with the communities, focusing their energies on the collection,
processing and sale of personal data of individual users-consumers. This betrayal
generated in consumers a lack of trust that, together with other factors, contributed
to disconcerting the Net Economy. 3) The corporations’ growing awareness that
the lack of trust was turning against their interests has paved the way for a third
phase: today the corporations have changed their policies, and are trying to comprise the production of trust in the chain of value; but this is done by giving priority to their relations with individual consumers, and they underestimate the role of
communities as a place where more constructive relations between corporations
and consumers can develop. 4) A new business pattern has been suggested to solve
the problem: the infomediary, responsible for handling relations between consumers and corporations, protecting the privacy needs of consumers and allowing
corporations to reduce the costs of the lack of trust. 5) Although this, in theory, is
a good step forward, in practise, it has the limit of remaining anchored to relations
between corporations and individual consumers. To overcome such a limit, an infomediary should be conceived not only as a business pattern but also as a new
form of social aggregation, as a community having the task, among others, of protecting the privacy of its members. By so doing, trust would enter the chain of value of Net Economy “as a consequence”, that is, it would be produced in other socio-cultural milieus and then “exported” to the economic milieu.
I would only like to add that the aforesaid scenario can only be credible if supported by adequate government policies. And this can take place in different forms:
in the European context, it is easier to picture a framework where protocols between
corporations and infomediaries take on the value of laws or public regulations (reproposing the method of the triangle between corporations, trade unions of workers and governments); within the American context, it is more realistic to think of
a situation in which the corporations end up adopting rules of conduct reaped from
the experience of the infomediaries, perhaps by developing deontological codes.
Both ways, however, may work only in a political-cultural context embodying the
right to privacy in the fundamental right of citizens. A context that, unfortunately,
cannot be taken for acquired, or even for granted.
C a r l o F o r m e n t i - I n f o m e d i a t i o n a s a C o n s u m e r To o l
301
Building Consumer Trust: Personal Data Protection as a Resource
Mel Peterson (1)
Abstract
Procter & Gamble has recognized the business opportunity presented by providing personalized services and information to its consumers. The majority of
consumers want personalization. Effective personalization depends on consumers
to provide accurate information about themselves and their interests.
But study after study has shown consumers to be concerned about their privacy, and that their concerns either prevent them from providing information or
cause them to provide inaccurate information. To address this issue, Procter &
Gamble has implemented a strong, global data protection program targeted to
build an environment of trust, so that consumers willingly provide accurate information in return for the personalization and services they desire.
Procter & Gamble’s privacy program covers personal information provided by
any individual to P&G, whether it is from online, offline, or wireless sources.
P&G policy is to treat information provided by an individual as that individual’s,
which has been entrusted to P&G’s care. This simple policy leads us to do things
that consumers care about with regard to data protection. P&G research confirms
that consumers appreciate their data being managed according to Fair Information
Practices of notice, choice, access, and security. Viewing information as a borrowed item naturally leads an organization to, for example, implement transparent
notices, and provide choices about how information may and may not be used.
Procter & Gamble has organized internally to deploy its privacy program
throughout the organization. The P&G Privacy Executive reports to the ViceChairman of the Board, and leads the P&G Privacy Council, a team of 30 individuals appointed to lead privacy deployment in their organization. The company has created a “Privacy Central” web site containing all the company’s privacy
guidelines and resources. Online privacy training has been deployed to all employees with a computer account, and privacy self-assessments are deployed periodically to all people who manage databases containing personally identifiable information.
As a result of these activities, P&G has experienced very high participation in
its online and offline direct marketing programs. The majority of people signing
up for our programs give us permission to contact them with additional offers
from other P&G brands – an indication they trust P&G.
(1) Procter & Gamble Company – Usa
302
Da costo a risorsa - Attività produttive e protezione dei dati personali
In summary, viewing privacy as a consumer issue, not just a regulatory or
compliance issue, is paying dividends to Procter & Gamble and to our consumers.
M e l P e t e r s o n - B u i l d i n g C o n s u m e r Tr u s t : P e r s o n a l D a t a P r o t e c t i o n a s a R e s o u r c e
303
304
Da costo a risorsa - Attività produttive e protezione dei dati personali
M e l P e t e r s o n - B u i l d i n g C o n s u m e r Tr u s t : P e r s o n a l D a t a P r o t e c t i o n a s a R e s o u r c e
305
306
Da costo a risorsa - Attività produttive e protezione dei dati personali
M e l P e t e r s o n - B u i l d i n g C o n s u m e r Tr u s t : P e r s o n a l D a t a P r o t e c t i o n a s a R e s o u r c e
307
308
Da costo a risorsa - Attività produttive e protezione dei dati personali
M e l P e t e r s o n - B u i l d i n g C o n s u m e r Tr u s t : P e r s o n a l D a t a P r o t e c t i o n a s a R e s o u r c e
309
310
Da costo a risorsa - Attività produttive e protezione dei dati personali
La Rete: fiducia degli utenti e sicurezza dei dati
Claudio Manganelli(1)
La diffusione dell’utilizzo della rete presenta ormai coefficienti di crescita esponenziali e, malgrado le molte delusioni imprenditoriali al di là e al di qua degli oceani, l’uso della rete é divenuto un must non più esclusivo del mondo imprenditoriale e della socialità tra individui, ma anche una necessità gestionale e di colloquio delle Pubbliche Amministrazioni tra loro, con le imprese, con i cittadini.
L’ istituzione del Ministero per l’innovazione tecnologica ed il piano di finanziamento di oltre 130 progetti di e-governement approvati dal Ministero lo scorso
mese di Ottobre e destinati a far crescere il livello di efficienza degli enti locali, dalle Regioni, alle Province, ai Comuni grandi, medi e piccoli, sino alle Comunità
montane, confermano l’ormai inarrestabile impegno delle Pubbliche Amministrazioni nella improcrastinabile razionalizzazione dei processi amministrativi e nella
volontà di avviare un dialogo più snello ed efficace con i cittadini. Al di là del corpo di norme predisposte in questi ultimi anni e facilitanti questo processo di ammodernamento, hanno da qualche tempo visto la luce alcune tessere fondamentali
per la realizzazione di questa nuova architettura: il documento ed il protocollo elettronico, la firma digitale, la carta nazionale dei servizi; ora questi elementi vanno
diffusi, resi usuali nella vita degli uffici pubblici, delle imprese, dei cittadini.
Le potenzialità del sistema Ict sono ormai pronte ad assorbire l’esplosione dell’innovazione tecnologica.
Un miliardo e forse molti di più p.c. nel mondo, 27 milioni di siti registrati,
più di 2 miliardi di pagine registrate nel più usato motore di ricerca, 30 miliardi di
e-mail giornaliere nel mondo e delle quali si stima un raddoppio nei prossimi quattro anni, questi i numeri sul piano planetario; la situazione italiana sta recuperando
il divario di qualche anno fa: 14 milioni di utenti connessi ad internet, 60 miliardi
di minuti di traffico telefonico dedicato alla rete, 64 miliardi di minuti per la fonia.
Anche in Italia, il sorpasso é vicino. Questi dati sono stati forniti alcune sere fa dal
Ministro Gasparri nel corso di un convegno e sono relativi al 2001. Essi sono la testimonianza che anche in Italia è in corso una marcia decisa verso la nuova economia, ove l’innovazione tecnologica é il necessario mezzo di trasporto.
Ma nuova economia ed innovazione tecnologica, per poter procedere in modo
armonico senza correre il rischio di provocare sacche di isolamento produttivo o eccessi di spesa, non possono prescindere da un processo di forte innovazione sociale.
Ciò significa non solo introdurre intensi e convinti piani di formazione alle tecno(1) Autorità per l’informatica nella pubblica amministrazione - Italia
Claudio Manganelli - La Rete: fiducia degli utenti e sicurezza dei dati
311
logie dell’informazione nel sistema scolastico, ma anche ricercare le migliori soluzioni organizzative e tecnologiche per avvicinare dette tecnologie alle classi meno
giovani e meno colte; come si usa dire colmare quindi il digital divide. Operare in
questo campo in modo disinvolto può aprire il varco ad un succedersi di fenomeni
indesiderati e azioni criminose che finirebbero per provocare un rifiuto sociale del
cambiamento tecnologico creando una barriera psicologica che potrebbe arrestare
indefinitivamente la curva di sviluppo della nuova economia.
Nel prefigurare uno scenario in cui multimedialità e tecnologia digitale diverranno sempre più pervasive, - basti pensare che la nuova generazione di Protocollo
Internet Ipv6 consentirà di passare da un indirizzamento a 32 bit ad uno a 128 bit
corrispondenti più o meno a 1500 indirizzi per metro quadro della superficie terrestre – si può comprendere come assumerà particolare rilevanza la protezione delle
informazioni detenute dai singoli, siano esse le informazioni dei propri conti bancari, piuttosto che i valori del proprio stato di salute, piuttosto che il posizionamento della propria auto o del palinsesto home theatre che ciascuno si autoprogramma quotidianamente.
Un utilizzo approssimativo della tecnologia Ict, fortemente orientato al consumo, come sta avvenendo con quelle di telefonia mobile, esporrà sempre più l’individuo in una sorta di Panopticon elettronico ove torre di sorveglianza e mezzo di intrusione nella sua vita sarà il fascio di comunicazioni interattive che lo raggiungeranno attraverso i diversi media.
Ma rimaniamo nello scenario attuale in cui la Rete sta divenendo sempre più
il sistema di scambio di informazioni, di accesso alle grandi banche dati, di esecuzione di transazioni e disposizioni finanziarie, di sviluppo di attività professionali
e focalizziamone la sua attuale fragilità. Oltre 170.000 incidenti Web ufficialmente registrati dal Cert, dal 1988 ad oggi; più di 8.000 vulnerabilità da software negli ultimi otto anni (Cert), 5.580 attacchi di Hackers subiti nello scorso Agosto, di
cui oltre 1.100 sferrati la domenica 18; va sottolineato che un incidente può interessare una semplice stazione p.c. ma può anche coinvolgere una Intranet e quindi provocare lunghe interruzioni di operatività. Ma a fianco di eventi distruttivi
motivati da vandalismo, azioni di ciberterrorismo, puro esibizionismo cibernetico,
si verificano moltissimi attacchi rivolti a carpire informazioni, per scopi di concorrenza commerciale piuttosto che per attuare frodi informatiche. Poi non vanno dimenticate le troppo abusate forme di attacco alle stazioni digitali; con questo termine voglio comprendere non solo i p.c. ma anche i palm e i cellulari di ultima generazione che consentono di interfacciarsi ad Internet; forme di attacco che sono
entrate nella consuetudine dei service e degli application providers, abituali in tutto
il mondo dei Web, finalizzate principalmente a carpire informazioni commerciali
relative alle abitudini di vita del cibernauta, tramite strumentazioni quali cookies,
312
Da costo a risorsa - Attività produttive e protezione dei dati personali
sniffing, tracking, hijacking, sino a raggiungere intollerabili azioni invasive delle caselle di posta elettronica con lo spamming; questi spyware appesantiscono il traffico in entrata e in uscita dai terminali nel corso di una connessione, catturando fiumi di bytes dagli hard disk e profilano l’utente per poi sottoporlo ad un bombardamento di banners ed e-mails promozionali. In particolare, negli Usa, lo spamming
é diventato una piaga sociale: consultando il sito www.cluelessmailers.org/spamnews.html si può avere un’idea della fitta trama di interconnessioni che é stata tesa
per commercializzare e dare valore alle informazioni che vengono pescate all’interno della rete; gli analisti statunitensi della rete stimano, in base alla crescita del
traffico junkmail degli ultimi due anni, che nel 2004 il 25% del traffico sulla rete
sarà di tipo non sollecitato.
Cosa si aspetta allora il futuro cibercittadino?
Innanzi tutto di poter dialogare con siti Web dove vi sia un elevato grado di affidabilità assicurato da una chiara identificazione del Titolare; dove il trattamento
dei dati personali e la gestione delle transazioni siano fatte con correttezza e sicurezza secondo i dettami delle direttive europee e della normativa sulla protezione dei
dati personali; dove tutto il ciclo del trattamento sia effettuato con etica e responsabilità; dove sia chiaramente espresso un indirizzo di accesso per richiedere controlli ed azioni correttive; dove sia possibile rivolgere reclami.
È quindi tempo di operare in modo costruttivo e rapido per consentire alla new
economy e allo e-governement di avere successo: se si scorrono le pagine dei giornali
sono frequenti gli articoli che denunziano casi di abuso della rete ed in particolare
a questo medium sono troppo spesso attribuite le colpe del crimine pedofilo. Certamente Internet é stato uno stravolgimento del modo di vivere delle società civili e
attraverso di esso, con una errata sensazione di anonimato e di inviolabilità, si sono
riversate attenzioni e passioni degli strati sociali più istruiti o più giovani: quando
queste attenzioni provengono dai sentimenti più inconfessabili dell’animo umano
ne può scaturire una miscela esplosiva che provoca ingenti danni alla società civile.
Io stesso, quando mi assuefeci a questo strumento cogliendovi tutto il sapore della
libertà spazio temporale, mi sentii far parte dell’allegra brigata della foresta di Sherwood, lontano dal Grande Fratello e dagli uomini dello sceriffo di Nottingham, poi
il mio quadriennio nel Collegio del Garante mi fece capire i rischi che una totale libertà poteva provocare a questo fantastico medium.
Quindi bisogna accettare che, ad una criminalità altamente tecnologica si contrapponga una sorveglianza altrettanto qualificata; ma questa ciberpolizia dovrà
operare con tecniche e norme rispettose della dignità dei cittadini e della società democratica e non certo spingersi verso soluzioni del tipo Echelon o Carnivore degni
di un cult movie quale “Nemico pubblico” di Tony Scott.
L’utilizzo più comune di Internet dovrà invece essere protetto da una alleanza
Claudio Manganelli - La Rete: fiducia degli utenti e sicurezza dei dati
313
tra istituzioni, imprese, i maggiori protagonisti della high tech e dei servizi Ict; diretta a mettere a punto le garanzie di sicurezza e protezione dei dati personali ed il
rispetto della privacy; due concetti strettamente interconnessi che debbono essere
perseguiti schierando in campo un articolato armamento di risorse: standard tecnici semplici e sicuri, sviluppo e diffusione di tecnologie rafforzanti la riservatezza
e la sicurezza, un leggero pacchetto di norme di base, chiare ed omogenee tra loro,
corredate dalle necessarie ed applicate sanzioni amministrative e penali, una più
diffusa azione di autoregolamentazione fondata su convinti e rispettati codici
deontologici.
Infine sarebbe auspicabile che venisse intrapresa, almeno a livello della Commissione dei Garanti Europei - anche grazie all’azione dell’attuale presidenza italiana - una azione di coordinamento delle ormai numerose trade di certificazione dei
Web. Si parlava di questo già nel 2000 con la Cnil francese: ora la Francia ha anche
una agenzia, l’Atica - Agence pour le tecnologies de l’information e de la communication dans l’administration -, equivalente all’Aipa e quindi sarebbe possibile una azione coordinata, che nel nostro caso potrebbe coinvolgere anche il Mincom ed il Mit
con la loro neoistituita commissione per la sicurezza al fine di mutuare la struttura
di certificazione applicata alla firma digitale ed applicarla alla certificazione dei Web.
314
Da costo a risorsa - Attività produttive e protezione dei dati personali
The Network: Users’ Trust and Data Security
Claudio Manganelli(1)
The use of the net today has drastically increased and, in spite of the disappointment of some businesses on all sides of the Oceans, the use of the net is no
longer an exclusive must of the business world and the sociality between individuals, but has also become an operational requirement and a means for the Public Administration to communicate, with itself, the businesses and the citizens.
The setting up of the Ministry for Technological Innovations and the funding
of more than 130 e-government projects - approved by the Ministry last October
and aimed at increasing the level of efficiency of local bodies, Regional and Provincial authorities, large, medium and small Municipalities, even mountain communities — confirm the relentless commitment of the Public Administration to rationalise administrative procedures and start a more expedite and effective dialogue
with our citizens. Over and beyond the rules developed over the last years to facilitate this updating process, some basic tools have also been developed to implement
this objective: the electronic document and protocol, digital signatures and the national charter of services; now these tools have to be disseminated, and currently
used by our public offices, businesses and citizens.
The potentialities of the ICT system are now ready for the explosion of technological innovations.
A billion and maybe far more PCs in the world, 27 million recorded sites,
more than two billion recorded pages in the more widely used research engines, 30
billion e-mails a day in the world, and this figure is expected to double in the next
four years. These are the figures at a planetary level; the Italian situation is improving and recovering the gap recorded some years back: 14 million users have
surfed Internet, 60 billion minutes of telephone traffic have been dedicated to the
net, 64 billion minutes to telephony. These figures were provided some days ago by
Minister Gasparri at a conference, and concern the year 2001. They show that Italy
is definitely driving towards the new economy, and that technological innovation is
the required means of transportation.
But for the new economy and technological innovation to advance harmoniously without running the risk of causing sacs of productive isolation or expenditure excesses, they cannot be separated from strong social innovation. That means
not only introducing intense and determined training programs on information
technologies in the schooling system, but also looking for the best organisational and
(1) Authority for Information Technology - Italy
C l a u d i o M a n g a n e l l i - T h e N e t w o r k : U s e r s ’ Tr u s t a n d D a t a S e c u r i t y
315
technological solutions to approach the less young and educated classes to said technologies; as is usually said, to fill the digital divide. To operate in this field in a superficial way may open the way to a series of unwanted events and criminal acts that
would end up making society reject technological change and creating a psychological barrier that could temporarily stop the development curve of the new economy.
In a scenario in which multimedia and digital technology become all the more
widespread – just think that the new generation of Protocol Internet Ipv6 will enable to pass from a 32-bit addressing to a 128-bit one, which more or less corresponds to 1500 addresses per square metre of the terrestrial surface – it is easily
comprehensible how data protection, whether it concerns bank accounts or one’s
health, will becomes particularly important, compared with the location of one’s
car or the daily planning of one’s home theatre.
An approximate use of ICT technology, strongly oriented towards consumption, as is the case of mobile telephony, will increasingly expose the individual to a
sort of electronic Panopticon, where the control tower and the means of intrusion
in his life will be represented by the range of interactive communications reaching
him through the different media.
But let’s go back to our current situation: the Net is increasingly becoming the
system used to exchange information, access large data banks, carry out financial
operations and measures and develop professional activities; however, the net also
has its shortcomings: more than 170,000 Web accidents have officially been recorded by CERT since 1988; more than 8,000 software vulnerabilities have been recorded over the last 8 years (CERT), 5,580 hacker attacks were suffered last August, of
which more than 1,100 on Sunday 18th; these accidents may affect a simple pc but
also an Intranet, and thus cause long interruptions in the service. But besides these
vandalistic episodes, cyberterrorist actions and pure cybernetic exhibitionism,
many attacks are perpetrated to obtain information, for business competition purposes, rather than to commit computer frauds. We must not forget the numerous
forms of attack to digital stations; these do not only include PCs but also palms
and last generation mobile phones by which you can interface with Internet; these
attacks have entered the everyday life of the services and application providers, the
Web world, and are mainly aimed at obtaining business information concerning
the ways of life of cybernauts, through instruments like cookies, sniffing, tracking,
hijacking, and even unbearable invasive actions against e-mail boxes, by spamming;
these spy-wares slow down traffic to and from the terminals during links, capture
loads of bytes from the hard disk and capture a profile of the user so as to then
bombard him with banners and promotional e-mails. In particular, in the Usa,
spamming has become a social plague: by consulting the site www.cluelessmailers.org/spamnews.html you can get an idea of the close network of interconnec-
316
Da costo a risorsa - Attività produttive e protezione dei dati personali
tions developed to market and give value to information fished inside the net; the
U.S. Net analysts estimate that, given the increase in junkmail traffic over the last
two years, in 2004 25% of the traffic on the net will be unsolicited.
What can the future cyber citizen expect?
First of all, to be able to link up with highly trustworthy Web sites featuring:
clear identification procedures; personal data processing and transaction procedures
made pursuant to European directives and laws on personal data protection; ethical and responsible data processing; clearly indicated addresses; possible inspections and corrective actions; and where it is possible to file complaints.
So it is time to act constructively and quickly to enable the new economy and
e-government to be successful: when reading through newspapers we often see articles reporting cases of network abuse and in particular of paedophilia crimes. Internet has certainly disrupted the way of life of civil societies and through it, has attracted the attention and enthusiasm of the more educated social classes or the
young, wrongly thinking of being anonymous and inviolable: when this attention
comes from the more unavowable sentiments of the human soul it may create an
explosive mix that causes considerable damage to civil society. When I became addicted to this instrument, tasting all the flavour of its temporal space freedom, I felt
I was part of the Sherwood forest happy brigade, far away from the Big Brother and
the men of Nottingham’s sheriff, then the four years spent as a member of the Collegio del Garante (Board of the Data Protection Authority) made me understand
the risks caused by that utter freedom to this fantastic medium.
We have to accept that highly technological crime be countered by a just as
qualified law enforcement; but cyber police will have to operate using techniques
and rules that respect the dignity of citizens and democratic society, as they adopt
should Echelon or Carnivore type solutions fit for a cult movie such as Tony Scott’s
“Public Enemy”.
Internet’s more common use shall have to be protected by getting institutions,
companies, the major high-tech protagonists and ICT services to form an alliance
aimed at guaranteeing security, personal data protection and privacy respect; two
closely interconnected concepts that have to be pursued by producing a complicated armament of resources: simple and safe technical standards, development and dissemination of technologies that strengthen the confidentiality and security aspect, a
streamlined packet of clear ground rules, in harmony with one another, accompanied
by the required administrative and criminal sanctions, a more widespread action of
self regulation based on assertive and respected deontological codes.
Lastly, at least at the level of the Commission of Personal Data Protection Authorities, an action should be undertaken – also thanks to the current Italian Presidency – to co-ordinate the widespread Web certification trade. There were already
C l a u d i o M a n g a n e l l i - T h e N e t w o r k : U s e r s ’ Tr u s t a n d D a t a S e c u r i t y
317
discussions on this back in 2000 with the French CNIL: now France also has an
agency, ATICA – Agence pour les Tecnologies de l’Information et de la Communication dans l’Administration – which corresponds to AIPA. Consequently, a coordinated action could be possible, which in our case could also involve MINCOM
and MIT with their newly formed Security Commission with a view to changing
the certification structure of digital signatures and applying it to Web certification.
318
Da costo a risorsa - Attività produttive e protezione dei dati personali
Quali regole tra libertà e sicurezza?
Maurizio Gasparri(1)
Il tema che affrontiamo è molto delicato. In un’era di continuo sviluppo della
comunicazione, ricordiamo che in Italia si affermano la larga banda e la televisione
digitale terrestre, aumenterà il lavoro di chi deve garantire un traffico corretto delle
infomazioni. Da Ministro delle Comunicazioni, però, non mi sento una controparte. Anzi con il Garante della privacy e i suoi organismi ho dei rapporti eccellenti. Del resto chi deve mettere in campo nuove regole per moltiplicare la comunicazione, deve essere consapevole delle garanzie e dei controlli necessari.
In questa sessione si è affrontato il rapporto tra l’impresa e la privacy degli
utenti e dei consumatori. Il nostro Governo ha posto in primo piano la questione
del contemperamento dei diritti di libertà della persona e del funzionamento del libero mercato, ritenendo queste necessità prioritarie. Se ne è discusso di recente anche a Bruxelles, nel Consiglio dei Ministri delle Comunicazioni, dove si è parlato di
come regolare l’uso pubblico dei tanti dati, che sono a disposizione dei diversi Paesi, i quali spesso sono in commercio non sempre nel rispetto delle regole.
A livello europeo, dunque, ci siamo posti il problema di stabilire quali regole
darci per utilizzare questi dati che spesso finiscono poi per essere strumenti di politiche commerciali. In Italia come in Europa, dunque, sono queste le due chiavi, le
due polarità. Da una parte la libertà di impresa; dall’altra la libertà della sfera privata del cittadino. Due situazioni che non si pongono in contraddizione ma specificano un rapporto di mutua implicazione.
Sono, in definitiva, obiettivi che attengono alla politica economica, con risvolti anche di natura sociale. Come hanno chiarito le relazioni che ho ascoltato nel
corso di questi giorni, lungi dal costituire un intralcio alla libera esplicazione del diritto d’impresa, il rispetto dei diritti fondamentali del cittadino può costituire una
valorizzazione dell’attività economica, in armonia peraltro con i principi sanciti dalla nostra Costituzione.
Vi è sicuramente, tra questi oneri, la libertà dell’iniziativa economica. Però è
chiaro che questa azione non può svolgersi in modo da nuocere alla dignità delle
persone. Del resto, il settore dell’ imprenditoria costituisce una delle principali attività attraverso le quali è assicurato il completo svolgimento della personalità umana e anche la partecipazione e l’organizzazione economica e sociale del Paese. Ma,
ancora, è proprio la tutela dei diritti del cittadino, considerato come naturale consumatore, utente di beni e servizi, di prodotti offerti in regime di concorrenza e di
(1) Ministro delle Comunicazioni - Italia
Maurizio Gasparri - Quali regole tra libertà e sicurezza?
319
libera iniziativa, a costituire un criterio essenziale e garanzia dello svolgimento di
un funzionamento efficiente del mercato.
Questo sistema di protezione può assicurare non soltanto una corretta competizione e una pari condizione tra i vari soggetti sul mercato, ma costituisce anche un
valore aggiunto per la fiducia che il consumatore può esprimere nei confronti delle
offerte che gli vengono sottoposte.
Per assicurare questi obiettivi non è necessario attivare alcun meccanismo di generalizzata identificazione dell’utente. In un regime di transazioni orientate al rispetto della privacy, infatti, è lo stesso consumatore a manifestare un suo interesse alla comunicazione d’impresa e a richiedere un bene e un servizio che sia orientato verso la salvaguardia dei suoi diritti, avendo avuto accesso ad una dettagliata e preventiva informazione messa a disposizione dall’azienda offerente. In questa prospettiva,
la protezione della privacy è quindi una risorsa aggiuntiva del sistema di qualità.
Lungi dall’evocare una dipendenza o una condizione di minorità, la posizione di
consumatore implica l’esercizio di quella che potremmo definire una sovranità sociale, tale da esigere, nei confronti delle organizzazioni economiche che con essa vengono a contatto, una tutela particolarmente penetrante che compete a queste realtà.
La logica fordista, in questo campo, è stata soppiantata. Tant’è che oggi si potrebbe parlare di una coincidenza della pienezza di cittadinanza con l’assunzione integrale della condizione di consumatore. La tutela del consumatore parte dalla tecnica della responsabilità civile come elemento principale della società mista. Per
questo rappresenta un ammortizzatore legislativo che contribuisce ad una più flessibile risposta sistemica alle esigenze della produzione e dello scambio, non disciplinabili solo attraverso le tecniche e le regole del mercato.
È noto, del resto, come il criterio del mercato faccia emergere con evidenza il
problema dei costi transattivi e delle informazioni al consumatore. Sul terreno della privacy si susseguono i paradossi. Così il consumatore si caratterizza sempre più
come destinatario e produttore di informazioni. Anche l’attività del Garante è fondamentale nella sua integrazione con questa dimensione del cittadino-consumatore, portatore di pieni diritti.E’ la stessa esistenza di questi organismi di tutela che ha
sviluppato, proprio nel cittadino-consumatore, la coscienza di essere destinatario di
ulteriori riconoscimenti. Riteniamo, quindi, che si debba considerare un diritto
fondamentale il controllo delle modalità di circolazione delle informazioni.
A chi si domanda, riprendendo un antico motto della cultura latina, “chi certifica coloro che certificano?”, ricordiamo che in Italia ci siamo dati una normativa,
di origine comunitaria, che è composta dalla legge 675; dal Decreto 171 del ’98 sulla privacy nelle reti di telecomunicazione; dal Decreto 185 del ’99 sulle vendite a distanza, nonché dal diritto ad essere cancellati dalle mailing-list; dal diritto a non essere inondati dalle pubblicità anche via fax e via e-mail; dal diritto – così potremmo
320
Da costo a risorsa - Attività produttive e protezione dei dati personali
definirlo - alla tranquillità e dal diritto a non ricevere campioni promozionali se non
previa prestazione di un consenso. Nella stessa prospettiva di regolamentazione si è
mosso il legislatore comunitario il quale, non intervenendo in maniera paternalistica, ma in materia dei diritti fondamentali, cerca però di rendere efficiente e trasparente il mercato dei beni e servizi attraverso l’attribuzione di posizioni giuridiche
soggettive in capo ai consumatori e agli utenti.
C’è, poi, una nuova direttiva europea, la 58 del 2002 sulle comunicazioni elettroniche. Questa ha previsto, all’articolo 13, che l’uso di sistemi automatizzati di
chiamata senza intervento di un operatore, denominati dispositivi automatici di
chiamata, è consentito soltanto nei confronti degli utenti che abbiano espresso preliminarmente il loro consenso. Si parla di telefax o della posta elettronica a fini di
commercializzazione diretta, degli sms che in Italia hanno avuto tanto successo e degli mms o dei telefoni di terza generazione.
Lavoriamo, dunque, per moltiplicare il lavoro di verifica e di controllo. Questa
direttiva fa riferimento al preventivo consenso esplicito del destinatario, accordando
preferenza all’opinione già espressa dai garanti europei, e recentemente, anche da
molte associazioni di categoria del direct marketing in favore del sistema dell’opt-in.
Negli ultimi Consigli dei Ministri Europei delle Comunicazioni si è discusso
sull’utilizzo dell’opt-in o dell’opt-out, riguardo la necessità o meno, di autorizzare
preventivamente la trasmissione di informazioni non sollecitate. La scelta dell’optin non ci esime comunque da valutare i limiti connessi con questa tecnologia. Lo
spamming resta un fenomeno che esula dai confini dell’Unione Europea e che può
avvalersi di servizi provenienti da qualsiasi parte del mondo. Il web è globale e quindi la difficoltà è quella di un controllo che non ci esime, però, dal compiere sforzi
interni. Devo dire che, anche con scambi di idee con il Presidente Rodotà e con i
membri dell’Autorità del garante per la protezione dei dati, come Ministro delle Comunicazioni ho contribuito a modificare in qualche misura alcuni orientamenti europei, anche sulla base della mia esperienza personale.
Praticamente i miei predecessori non usavano la rete quindi non avvertivano il
fastidio, della ricezione e della successiva cancellazione di tanti messaggi inutili.
Quindi, anche sulla base della mia personale esperienza, essendo un fruitore della
rete, ho maturato il forte convincimento che si dovessero, nonostante le difficoltà
della globalizzazione, stabilire in Europa delle regole più precise. Per questo ho sposato questa causa. E devo dire che in sede europea si è poi aperto, anche grazie al
contributo italiano, un orientamento più rispettoso del diritto del consumatore, pur
sapendo poi che dell’altro capo del mondo ci possono arrivare 100 e-mail al minuto e sarà un pò difficile trovare strumenti di difesa.
Però, intanto, facciamolo in un’area europea. L’utilizzo di banche dati, di indirizzi di posta elettronica di coloro che non desiderano ricevere informazioni non sol-
Maurizio Gasparri - Quali regole tra libertà e sicurezza?
321
lecitate, le cosiddette black-list o l’utilizzo delle white-list per la raccolta di indirizzi
e-mail di chi invece è disponibile a ricevere pubblicità, possono rappresentare un limite per lo sviluppo del direct marketing. L’una o l’altra scelta implicano delle chiusure o aperture troppo grandi. Sono certo, però, che il processo di maturazione delle tecnologie a supporto della privacy permetterà di scegliere in modo agevole quale tipo di pubblicità ricevere e quale no e, quindi, di superare gli attuali limiti delle
black - o white lists. La pubblicità su misura potrà rappresentare un servizio ed un
valore aggiunto, tanto per internet quanto per la televisione via satellite e per il digitale terrestre, se lo sviluppo delle tecnologie la renderà compatibile con la tutela
dei dati personali e con le direttive comunitarie che noi, come Governo, abbiamo
recepito in largo anticipo.
Sarebbe però miope considerare tale evoluzione come segno di una sensibilità
tutta europea e di un’attenzione solo burocratica al problema. Da molte contee degli
stessi Stati Uniti l’inoltro di pubblicità via fax è stato considerato un illecito e fonte
di risarcimento del danno. D’altra parte le stesse aziende specializzate nel marketing
diretto hanno mostrato negli ultimi anni molta sensibilità per il valore della riservatezza del consumatore. Sono state, infatti, inaugurate anche forme di collaborazione
con le associazioni dei consumatori per un monitoraggio permanente delle politiche
di privacy che dovrebbe condurre, in un prossimo futuro, a strumenti di certificazione indipendente di qualità e ad una maggiore consapevolezza dell’uso della rete.
Non si deve perdere di vista il fatto che, alla fine, la reazione del consumatore svantaggia anche la stessa offerta e quindi non dà un beneficio al mercato e a chi
deve vendere.
In conclusione il diritto ad essere consumatore come dato costitutivo dell’appartenenza ad un’organizzazione sociale diventa ineludibile. L’utente deve essere
protetto e garantito, pena la violazione del principio di uguaglianza sostanziale sancito dalla nostra Costituzione. Non vi è dubbio alcuno che la garanzia della riservatezza è elemento essenziale per la possibilità di accesso al consumo di particolari servizi la cui fruizione connota profondamente l’essere cittadino e la possibilità di essere inclusi nella comunità.
Mi pare che in questa luce il ruolo della legislazione sulla protezione dei dati
risulti, in modo evidente, doppiamente rilevante, sia quale concretizzazione delle
tradizioni politiche consumistiche, sia in quanto direttamente rinviante a quella
Carta Europea dei diritti fondamentali che si avvia ad entrare a far parte delle scelte dell’Europa, in un quadro non tanto di difesa di posizioni deboli, ma di garanzia
di libere scelte.
Infine il tema della sicurezza. Noi abbiamo vissuto, nell’ultimo anno e mezzo,
una particolare preoccupazione. Dopo l’11 settembre 2001 la comunità internazionale si è trovata ad affrontare un argomento delicato ed inevitabilmente prioritario.
322
Da costo a risorsa - Attività produttive e protezione dei dati personali
Se è vero, come è vero, che il diritto alla riservatezza delle comunicazioni è un diritto primario per l’individuo, non possiamo non metterlo in correlazione alla necessità, anche essa prioritaria, di tutelare le popolazioni da azioni terroristiche che
sempre più spesso fanno ricorso a tecnologie sofisticate, avvalendosi di frequente
proprio delle reti di telecomunicazione e anche ovviamente della rete internet.
Quindi, pur conoscendo e ribadendo in questa occasione la inviolabilità del diritto alla riservatezza del singolo, credo che tutte le istituzioni, i Governi, la Commissione Europea, le Autorità poste a garanzia della riservatezza, come quella in Italia, devono valutare le soluzioni normative che possano coniugare - in una fase che
tutti ci auguriamo transitoria e destinata ad esaurirsi nonostante la cronaca mondiale non ci consenta facili ottimismi - la garanzia della privacy in un contesto in cui anche il valore della sicurezza torna prepotentemente in primo piano. In quest’ottica
vanno ampliati controlli e verifiche, intesi come esigenze dello stesso cittadino che
vuole vedere garantita la riservatezza e la sicurezza. In che modo combinare queste
due esigenze è un compito che spetta a tutti noi assolvere. Su questo credo che bisognerà lavorare in futuro. Ringrazio molto per questa occasione e mi auguro che la
collaborazione proficua tra il Governo e l’Autorità nel nostro Paese prosegua in maniera rispettosa delle diverse funzioni, così come è accaduto in questo periodo.
Mi auguro che il contributo che proprio l’Autorità con questo convegno ha offerto a tutti noi che abbiamo responsabilità, nel mondo delle imprese, nell’organizzazione dei diritti dei consumatori, nei Governi e Parlamenti, possa proseguire anche in futuro, in modo da avere ulteriori spunti per le nostre azioni che devono tutelare valori, beni, diritti.
Tutti fattori fondamentali per la nostra vita e la nostra attività.
Maurizio Gasparri - Quali regole tra libertà e sicurezza?
323
Freedom and Security: What Rules?
Maurizio Gasparri(1)
We are dealing with a very sensitive issue. In an age of unrelenting expansion
of communications – broadband services and digital TV are increasingly common
in Italy as well – there will be additional work for those in charge of ensuring appropriate information flows. In my capacity of Minister for Communications, however, I do not feel I am a counterpart. In fact, I have excellent relationships with the
Italian Garante and its agencies. Actually, he who is required to lay down new rules
to further communications must be aware of the necessary safeguards and controls.
This session addressed the relationship between businesses’ activities and users’
and consumers’ privacy. Our Government has brought the issue of reconciling individual freedoms and functioning of the free market to the forefront, by including
it among its top priorities. This topic was recently addressed in Brussels as well, during the Council of Ministers of Communications, who discussed on how to regulate public use of the many data available in the individual countries – such data being often marketed in breach of the relevant regulations.
Therefore, at European level we have dealt with the requirement of determining the applicable rules for using these data, which often end up being exploited as
a tool for business policies. In Italy, just like in Europe, these are therefore the two
key issues, the two sides of the coin: on the one hand, freedom of enterprise; on the
other hand, freedom of citizens’ private life. These two concepts are not in conflict,
but rather mutually related.
We have to do with objectives that are ultimately related to economic policies,
with implications of social character as well. As aptly clarified by the presentations
made during this Conference, far from being an obstacle to freedom of enterprise,
respect for citizens’ fundamental rights can actually enhance the value of economic
activities – in line with the principles laid down in our Constitution.
Freedom of enterprise is undoubtedly included among such principles. However, economic activity should obviously fail to harm human dignity. Indeed, economic enterprise is one of the main activities ensuring full development of human
personality as well as participation in a country’s social and economic organisation.
On the other hand, exactly the protection of citizens’ rights – citizens being consumers, users of goods and services as well as of products that are offered according
to competition and free enterprise rules – is to be regarded as a fundamental criterion to guarantee effective market operation.
(1) Minister of Communications - Italy
324
Da costo a risorsa - Attività produttive e protezione dei dati personali
Such a system of guarantees can ensure not only fair competition and equality
of status among market stakeholders, but is actually an added value on account of
the trust consumers can have in the offers submitted to them.
In order to achieve these objectives, there is no need for generalised user identification mechanisms. Indeed, within the framework of privacy-compliant transactions consumers themselves can indicate their interest in business communications
and request goods or services that are oriented towards safeguarding their rights – following detailed, prior information as provided by the businesses offering those goods
or services. In this regard, privacy protection is an additional resource for a quality
system. Far from playing a dependent or minority role, consumers are entitled to exercise what might be referred to as their social sovereignty – which warrants especially
thorough protection in respect of the economic actors having contacts with them.
The fordist approach has been superseded in this context. Indeed, nowadays
one might argue that full citizenship is superimposable to achievement of full consumer status. Consumer protection starts from a civil liability approach, being a basic component of the mixed society. This is why it can be regarded as a regulatory
dampener contributing to increased flexibility of system responses to production
and trade requirements – which cannot be regulated exclusively via market techniques and rules.
On the other hand, market-based criteria are known to bring up the issue of
transaction costs and consumer information. Paradoxical features are increasingly
typical of privacy issues. Consumers are growingly to be regarded as both recipients
and producers of information. The Garante’s activity is also fundamental as it integrates this pattern in which consumers-citizens are holders of full-fledged rights.
The very existence of these supervisory bodies raised awareness in consumers-citizens of their being entitled to further rights. Therefore, we believe that controlling
the way in which information is disclosed is to be considered a fundamental right.
If one wonders – after an ancient saying of Latin culture – “who will certify
certifiers”, he/she ought perhaps to remember that in Italy there are regulations
based on Community legislation, including Act no. 675/1996, legislative decree no.
171/1998 on privacy and telecommunications networks, decree no. 185/1999 on
distance selling as well as the right to have one’s name erased from mailing lists, the
right not to be flooded by advertising material via facsimile and/or e-mail, the right
– so to say – to be left alone and the right not to receive promotional samples except on the basis of one’s prior consent. This is the regulatory framework also applying to the approach of Community law-makers, who have attempted to increase
market effectiveness and transparency without paternalistic measures, though by
taking steps in connection with fundamental rights – by granting individual rights
to both consumers and users.
Maurizio Gasparri - Freedom and Security: What Rules?
325
There is also a new European directive to consider, i.e. Directive no. 58 of
2002 on electronic communications. Under Article 13 of this Directive, use of automated calling systems without operator assistance – the so-called automated calling devices – is only allowed with regard to users that have given their prior consent
thereto. This applies to facsimile and e-mail messages used for direct marketing purposes as well as to SMS texts – which are so successful in Italy –, MMS and thirdgeneration mobile phones.
Thus, we are working to multiply supervisory and control activities. The Directive I mentioned refers to the recipient’s prior explicit consent, which is in line
with an opinion given by European data protection authorities as well as with the
stance taken more recently by several direct marketing associations, which are in
favour of an opt-in approach.
During the latest Councils of the European Ministers of Communications, the
opt-in/opt-out dilemma was much debated in connection with the need for prior authorisation to transmit unsolicited information. Adoption of an opt-in approach
does not rule out the need to consider the limitations this technology is fraught with.
Spamming is a phenomenon that goes beyond EU borders and can take advantage
of services originating from anywhere in the world. The global features of the web
make it difficult to control, which does not rule out the need for us to make the necessary efforts. I must say that, also thanks to the exchange of views with Professor
Rodotà and the members of the Italian data protection authority, I have contributed
to somewhat modifying Europe’s position in respect of certain issues in my capacity
of Minister of Communications – also on the basis of my personal experience.
My predecessors practically did not use the network, therefore they could not
be bothered by the fact of receiving and having to erase a lot of useless messages.
Therefore, also based on my personal experience as a network user, I have come to
believe deeply in the need for Europe to lay down more detailed rules despite the
difficulties related to globalisation. This is why I have joined in this cause. And I
must say that, partly thanks to the contribution given by Italy, a stance has been developed at European level that is more mindful of consumer rights – although we
should be aware that perhaps 100 e-mails per minute could reach us from the other side of the world, which makes it rather difficult to devise suitable defences.
Still, let us start reacting as Europeans. The fact of using databanks including
the e-mail addresses of individuals who do not wish to receive unsolicited messages
– the so-called black lists – as well as the creation of white lists to collect e-mail addresses of individuals accepting unsolicited advertising material may restrain the development of direct marketing. In either case you end up adopting an excessively
restrictive or, as the case may be, permissive approach. However, I am sure that
maturation of privacy-supporting technologies will allow selecting quite easily what
326
Da costo a risorsa - Attività produttive e protezione dei dati personali
advertising is to be accepted or not by overcoming the current limitations of white
and black lists. Customised advertising will eventually represent an added-value
service both for the Internet and for satellite television or digital terrestrial services
– if technological development makes it compatible with both personal data protection and the Community directives our Government has transposed well in advance of the relevant deadlines.
However, it would be a narrow-minded view one that considers this evolution
to reflect an exclusively European sensitivity as well as a merely bureaucratic approach to this issue. Forwarding advertisement material via facsimile is considered
unlawful in many US counties, so much so that it entitles to compensation for
damages. On the other hand, businesses specialising in direct marketing have been
showing considerable awareness of the value of privacy for consumers during the
last few years. Indeed, cooperation initiatives with consumer associations have been
implemented with a view to permanently monitoring privacy policies, which is expected to result shortly into developing independent quality certification tools as
well as greater awareness of network uses.
One should not overlook the circumstance that consumer reaction is also prejudicial to offer, and therefore that it produces no beneficial effects either for the
market or for those wishing to sell their products.
To conclude, the right to be a consumer as a fundamental component in belonging to a social organisation is becoming inescapable. Users should be protected
and safeguarded, otherwise the equality principle enshrined in our Constitution
would be violated. Safeguarding privacy is undoubtedly fundamental to ensure consumer access to certain services that are an integral part of the status of citizen as
well as a prerequisite for being a member of the social community.
I believe that data protection legislation can play a key role in this perspective,
for two main reasons – i.e. both because it incorporates traditional consumer policies and because it is directly related to the European Charter of Fundamental
Rights, which is becoming a component of the choices made by Europe not so
much in order to defend weak positions, but actually to ensure freedom of choice.
Finally, the security issue should be considered. We have been facing specific
concerns for the past year and a half. After 9/11 events, the international community had to address a difficult issue that was inevitably a top priority: if it is unquestionable that the right to confidentiality of communications is a fundamental
human right, one should not fail to consider this right against the background of
the – equally fundamental – need to protect our peoples against terrorist activities,
which make recourse increasingly to highly sophisticated technologies and often
make use exactly of telecommunications networks – including the Internet.
Therefore, though aware of and reaffirming the inviolability of the right to in-
Maurizio Gasparri - Freedom and Security: What Rules?
327
dividual privacy, I believe that all institutions, Governments, the European Commission and the data protection authorities such as the Italian Garante should take
into consideration regulatory solutions that allow reconciling privacy safeguards
and security requirements, in a phase we all hope will be a transient one covering a
short time span – although world events do not appear to leave much room for optimism. In this regard, controls and checks should be enhanced because this is the
request coming from citizens, who wish to be assured of both their privacy and security. How to reconcile these two requirements is a task we all are called upon to
discharge. I think this will be a matter for future work. Let me express my thanks
for having provided me with this opportunity; I do hope the fruitful cooperation
between Government and the Garante will continue by respecting our functions, as
it has been the case so far.
I hope the contribution given by the Italian Garante through this Conference
to all of us, who are in charge of specific tasks in the business world, in organising
consumer rights, in Governments and Parliaments, will also be available in future –
so as to provide additional inputs for our initiatives, which should safeguard values,
goods and rights as fundamental components of our life and activity.
328
Da costo a risorsa - Attività produttive e protezione dei dati personali
Contributi
S ESSIONE IV
P RIVACY E SVILUPPO
ECONOMICO :
SOLUZIONI E PROSPETTIVE
Sessione IV – Privacy e sviluppo economico:
soluzioni e prospettive
Globalizzare le garanzie
Stefano Rodotà (1)
La sessione finale di questa intensa conferenza, anche per la presenza di interlocutori importanti come Cliff Stearns e Mozelle Thompson, suggerisce una indicazione proiettata verso il futuro. Come esiste un transatlantic business dialogue, ritengo sia
venuto il momento di pensare ad un transatlantic privacy dialogue.
Poiché il titolo di quest’ultima sessione è “privacy e sviluppo economico: soluzioni e prospettive nella dimensione globale”, vorrei limitarmi a sottolineare quello
che è avvenuto nel mondo per effetto della attenzione sui temi della protezione dei dati imposta da diversi fattori, non soltanto da quelli più comunemente richiamati, cioè
le innovazioni scientifiche e tecnologiche. Sinteticamente, toccherò quattro punti.
Siamo partiti da una constatazione comune: che la privacy da diritto periferico è
diventato oggi un diritto centrale nei diversi settori giuridici; da diritto in penombra,
come lo definiva la giurisprudenza della Corte Suprema degli Stati Uniti, è diventato
un diritto che illumina molti settori dell’ordinamento; da un diritto che sembrava
simboleggiare l’isolamento della persona nella comunità è divenuto un diritto necessario per stabilire legami sociali. Mi limito a ricordare che ormai il riferimento alla privacy è corrente quando si pone il problema della libertà di manifestazione del pensiero, da esercitare al riparo dal rischio che raccolte di dati sulle opinioni espongano a
discriminazioni o a stigmatizzazioni sociali. La privacy si presenta, poi, come componente della libertà di associazione, evitando che le liste degli aderenti siano acquisite
illegittimamente, divulgate illegalmente, con possibili effetti negativi per chi vuole agire liberamente in comune con altri.
Costituisce una precondizione di diritto alla salute. Senza riservatezza dei dati sanitari, in particolare nei casi di malattie come l’Aids, molte persone preferiscono non
farsi curare. Vi è l’esempio americano della diminuzione del numero delle donne che
accettano la somministrazione di un test per il cancro al seno: il rifiuto è determinato
dal timore che questa informazione possa poi essere conosciuta dai datori di lavoro o
dalle compagnie di assicurazione, con effetti negativi per quanto riguarda l’accesso o
il mantenimento del posto di lavoro e la conclusione dei contratti di assicurazione. Vi
è una scelta “tragica” tra mantenimento del posto di lavoro e salute. Solo la pienezza
(1) Presidente Garante per la protezione dei dati personali - Italia
Stefano Rodotà - Globalizzare le garanzie
331
della privacy, dunque, consente che il diritto alla salute - uno dei grandi diritti fondamentali di questa nostra epoca - possa essere rispettato.
Questa è la premessa dalla quale siamo partiti, e questo convegno ci ha messo di
fronte, in modo molto serio e molto significativo, al problema degli usi delle tecnologie. Vi è un modo di presentare la tecnologia che ha molto di mitologico, che la vede
come la spada che procura ferite, ma è anche in grado di rimarginarle. In parte questo è vero. In tutti i cambiamenti tecnologici, c’è una prima fase in cui l’uso delle tecnologie è fortemente inquinante: questa volta non dell’ambiente fisico, ma dell’ambiente informativo, dell’ambiente delle libertà civili. Andando avanti e perfezionandosi le tecnologie, alcuni di questi effetti inquinanti vengono eliminati o ridotti, e tuttavia non possiamo pensare a una sorta di benefico e spontaneo mutamento della situazione grazie al solo fatto della tecnologia.
Abbiamo visto e ci è stato detto che le tecnologie a tutela della privacy possono
avere diversi effetti: strumenti di auto difesa del consumatore, strumenti per la produzione sociale di consapevolezza dei rischi della tecnologia, sigilli, certificazioni audit, rispetto a tecnologie particolari. Ma in questa impostazione vi è pure un rischio
di autoreferenzialità: la tecnologia ci dice che è in grado con mezzi tecnologici, di risolvere i problemi della privacy; l’impresa ci dice che con l’auto-disciplina è in grado
di risolvere i problemi della privacy; i consumatori parlano di un’autodifesa che consente di risolvere molti problemi della privacy. Devo dire che sono molto diffidente rispetto a tutte le impostazioni autoreferenziali, che in questo caso rischiano di oscurare la necessità di strategie istituzionali, economiche e politiche che integrino le diverse impostazioni: quella tecnologica, quella partecipativo, la disciplina di impresa. E,
ovviamente, una strategia integrata richiede un intervento istituzionale; anche persone non sospette perché provengono da ambienti culturali che non hanno la propensione per la legislazione che sembrerebbe tipica del continente europeo, sottolineano
ormai con molta forza la necessità di un ricorso alla legge.
Naturalmente dobbiamo chiederci a quale tipo di legge vogliamo riferirci perché,
quando facciamo riferimento oggi alla legge, ci riferiamo a qualcosa che non ha un
unico significato. Una legge molto analitica, particolareggiata, è profondamente diversa da una legge strutturata per principi e criteri direttivi di carattere generale. È il
tema sul quale richiamava l’attenzione Umberto Romagnoli, ricordando che vi sono
settori - come quello delle relazioni di impresa, ma non questo soltanto - dove un’effettiva protezione dei dati richiede regole e procedure complesse, comprendenti anche
diversi soggetti, perché questo ne aumenta l’accettabilità sociale, l’efficienza e anche la
flessibilità, nel senso che cos’ si consente l’adeguamento a situazioni continuamente in
movimento proprio per il carattere straordinariamente innovativo delle tecnologie.
Dobbiamo, quindi, affrontare quest’altro tema: quali siano le tecniche di disciplina più adeguate, anche quando si fa riferimento allo strumento legislativo. Forse, il
legislatore italiano non è stato così distratto o inconsapevole, come pure qualcuno ha
detto, poiché nella disciplina della protezione dei dati ha congiunto principi generali
332
Da costo a risorsa - Attività produttive e protezione dei dati personali
e regolazione analitica. Ed ha dato evidenza anche al problema della trasparenza.
I due rappresentanti di due grandi autorità indipendenti italiane, il presidente
della Consob e il presidente dell’Antitrust, hanno messo in evidenza come nei loro settori ci sia bisogno di trasparenza e che, quindi, i dati personali richiedano minor tutela per raggiungere un effetto importante che è quello del migliore funzionamento
del mercato, compresa quindi la tutela dei consumatori, vista, in questo caso, anche
come tutela degli investitori attuali o potenziali. Ora, i cinque anni di lavoro della nostra Autorità mostrano una attenzione particolare per i profili della trasparenza, con
molti provvedimenti che disponevano che talune categorie di dati dovevano essere comunicate, dovevano divenire pubbliche.
Qualcuno ironicamente si chiese se questa era un’autorità garante della riservatezza o della trasparenza. La verità è che abbiamo sviluppato indicazioni precise della
legge n. 675, come quelle contenute nell’articolo 12, comma 1, lettera f), dove si dice che non è necessario il consenso degli interessati per trattare i dati che riguardano
le attività economiche, purché siano rispettati il segreto aziendale e industriale. Dunque, i dati economici hanno nel nostro sistema un più basso grado di tutela proprio
per far sì che altre finalità e altri valori, come il corretto funzionamento del mercato o
l’uso corretto delle risorse pubbliche, siano tutelati. C’è dunque già nella legge una risposta a questa esigenza e questo spiega, per esempio, i rapporti di collaborazione e
non di conflittualità con la Consob, come ricordava Luigi Spaventa.
Bisogna peraltro tener conto del fatto che oggi nel mondo si confrontano, e non
solo nella materia della protezione dei dati, due modelli: uno messo a punto nell’Unione Europea, l’altro storicamente elaborato negli Stati Uniti. Il primo ha sempre più
nettamente considerato la privacy come diritto fondamentale, mentre la tradizione
americana non è altrettanto esplicita.
Ricordato questo aspetto, vorrei segnalare un’altra questione. Abbiamo sentito fare molti riferimenti all’analisi economica del diritto che, tuttavia, non è solo Richard
Posner, ma anche, per esempio, Guido Calabresi. Ci sono diversi modi di utilizzare
l’analisi economica del diritto: uno che ritiene inquinanti del rigore dell’analisi tutti i
riferimenti a valori diversi da quelli immediatamente riconducibili al calcolo economico; altri, invece, ritengono che valori di questo tipo, quali possono essere i diritti
fondamentali, debbano essere presi in considerazione e l’analisi economica del diritto
è solo uno degli strumenti per valutare la funzionalità del sistema, senza però escludere dal calcolo e dalla valutazione giuridica questi altri riferimenti.
Non credo che possiamo liberarci dal riferimento alla privacy come diritto fondamentale. Da una parte c’è un problema di sincerità dell’Europa. L’Unione europea
non può iscrivere nella sua Carta dei diritti fondamentali il diritto alla protezione dei
dati personali, addirittura come diritto autonomo, distinto e strutturalmente presentato in modo più forte della tradizionale tutela della vita privata e familiare, e poi non
trarne le conseguenze. Questo sarebbe un comportamento non solo insincero, ma
contraddittorio e negativo sul piano istituzionale.
Stefano Rodotà - Globalizzare le garanzie
333
Ma vi è un’altra ragione perché ai diritti fondamentali in generale, e non solo alla protezione dei dati personali, oggi si faccia così insistente riferimento. Proprio nella dimensione globale, ci rendiamo conto della povertà degli strumenti di tutela giuridica. La fine della sovranità nazionale nel regolare alcune relazioni (non tutte, stiamo attenti a non abusare del riferimento alla globalizzazione) diviene anche l’argomento per affermare che nessuno deve più regolare alcune materie, perché non c’è più
la sovranità degli Stati.
Il riferimento forte ai diritti fondamentali, come diritti della persona che accompagnano ciascuno di noi in ogni luogo del mondo e non possono essere negati, diventa lo strumento per consentire che, in una situazione nella quale il diritto tradizionale ha poca presa, la dimensione giuridica, vista come garanzia della persona nella sua totalità, possa mantenere una sua forza e una sua evidenza.
Ci sono stati presentati due modelli di disciplina globale della privacy - che
considero con grande interesse e con grande attenzione - da due grandi società multinazionali Daimler-Chrysler e Procter & Gamble, che ci hanno indicato quali sono le loro politiche, come si organizzano, come si diffondono sull’intero pianeta,
quali sono le strutture di tutela e dunque producono un concetto di privacy che però è evidentemente e giustamente modellato sulle esigenze delle imprese e che però,
pongono per questo solo fatto, il problema di discipline non affidate soltanto agli
interessi economici.
Concludo. C’è un problema dunque di bilanciamento di interessi. La privacy oggi è stretta tra mercato e sicurezza collettiva, soprattutto come si usa dire dopo l’11 settembre. In Italia noi abbiamo, per risolvere il primo problema, quello del rapporto
con il mercato, delle indicazioni sulle quali noi lavoriamo sempre con grande attenzione. E’ stato ricordato l’articolo 41 della costituzione italiana che dice che l’iniziativa economica privata non può svolgersi in contrasto con la dignità umana. Il principio di dignità è iscritto nell’articolo 1 della nostra legge. Il problema della sicurezza:
questo è un problema oggi drammatico che impegna le autorità in tutto il mondo. Io
credo che dobbiamo tenere conto, ce lo ricordava ieri George Randwanski, dell’opportunità, della necessità, della finalità di eventuali misure restrittive della privacy per
finalità di sicurezza.
Ma anche quando noi facciamo una valutazione di finalità, dobbiamo avere due
riferimenti che sono istituzionalmente obbligati. Il primo, lo sarà tra poco, ma già la
Carta dei diritti fondamentali cammina nelle nostre organizzazioni sociali. Una delle
disposizioni finali della Carta, dice che comunque dai diritti fondamentali proclamati, e dunque anche la protezione dei dati, non può essere mai eliminato il contenuto
essenziale. Quindi, non è pensabile che per ragioni di sicurezza, possa essere azzerata
la protezione dei dati personali.
Il secondo, un testo questo vigente nell’ordinamento italiano come nell’ordinamento di molti paesi, la convenzione europea dei diritti dell’uomo del ’50, all’articolo 8 ci parla di tutela della privacy. Al secondo comma di questo articolo si dice che
334
Da costo a risorsa - Attività produttive e protezione dei dati personali
sono possibili limitazioni per vari motivi, compreso quello della sicurezza della tutela
della privacy, con misure compatibili con la natura di una società democratica, cioè
con misure che perseguono questo obiettivo.
Dunque c’è un secondo parametro di riferimento, da una parte il contenuto essenziale, che non può essere mai azzerato, dall’altra la compatibilità con un sistema democratico. Noi tutti sappiamo che per certi versi i sistemi autoritari possono anche essere più efficienti sul terreno del mercato, perché per esempio, negano le garanzie ai
lavoratori e in questo senso abbassano i costi, negano, e ne abbiamo avuto l’esperienza, quando abbiamo scoperto i giganteschi archivi di stato dell’Unione Sovietica, e forse ancora di più, della Repubblica Democratica Tedesca controllando minuziosamente i cittadini. Dunque, i sistemi democratici si distinguono anche perché non fanno
mai scendere le garanzie sotto una certa soglia.
Concludo. Il professor Campisi ci lasciava ieri con un interrogativo: questi
nuovi grandi sistemi che negli Stati Uniti si accompagnano alle nuove misure, quelle legate al cosiddetto “Total Information Awareness System”, saranno in primo luogo gestibili? Questa è una domanda tecnologica ma non solo, e poi non saranno utilizzati anche per finalità diverse dalla sicurezza? Il caso Echelon, sicuramente inefficiente per evitare gli atti di terrorismo, e però noi sappiamo efficientissimo per distorcere la concorrenza passando ad alcune imprese informazioni sui comportamenti dei concorrenti. E dunque c’è anche questo altro problema che tocca sempre questioni di democrazia.
E un altro aspetto di risorsa democratica della privacy deriva dal fatto che non
possiamo nello stesso tempo dire, come diciamo continuamente, come è stato detto
anche oggi, che il terrorismo e la criminalità si servono di strumenti molto sofisticati
e poi non renderci conto che la creazione di gigantesche banche dati, non difendibili
con le misure che conosciamo, non siano anche uno strumento che, creato per ragioni di sicurezza, può far crescere la vulnerabilità sociale. Nel senso che mette a disposizione di violatori, tutt’altro che animati da buone intenzioni questo tipo di dato.
Quindi noi ci troviamo tutti in una situazione di grande difficoltà. La discussione, io credo, è lo strumento necessario tant’è che io concludo dicendo che a Venezia,
come è stato ricordato, noi ponemmo la questione di una convenzione internazionale, e allora le diffidenze erano molte, perché le intese erano viste come uno strumento autoritario. Nell’ultima visita negli Stati Uniti, come sa bene Cliff Stearns, abbiamo trovato delle modifiche importanti, tant’è che lì sono state proposte leggi federali
per la tutela dei dati personali, discorso che all’inizio del 2000 sembrava improponibile. E dunque, io credo, che questa contrapposizione tra modelli, se noi ragioniamo
su alcuni valori fondativi, possa anche sfumare. E che mentre l’Europa inventa una
nuova generazione di codici di condotta, gli Stati Uniti considerano con maggiore attenzione l’uso dello strumento legislativo. L’ipotesi della dichiarazione di Venezia oggi potrebbe portare noi dopo questa conferenza a dire quello che diceva all’inizio, ma
forse potrebbe servire un “transatlantic privacy dialog”.
Stefano Rodotà - Globalizzare le garanzie
335
Globalising Safeguards
Stefano Rodotà (1)
The final session of this content-packed conference would appear to point to
the future outlook – partly on account of the presence of important participants
such as Cliff Stearns and Mozelle Thompson. Just like there exists a Trans-Atlantic
Business Dialogue, I wonder whether it is not high time a “Trans-Atlantic Privacy
Dialogue” were also set up.
As the title of our final session is “Privacy and Economic Development: Solutions and Outlook in the Global Dimension”, I only would like to stress what has
happened worldwide thanks to the attention paid to privacy issues – which is due
to several factors, in addition to those most commonly referred to such as scientific and technological innovation. I will be very concise and deal with this by mentioning four main issues.
We started from a consideration that is generally agreed upon, i.e. that privacy has turned from a peripheral right to a central right in the different legal sectors –
from a twilight right, to quote the US Supreme Court, it has become a right shedding light on many areas of our legal system. From being a right that appeared to
typify isolation of the individual in a community, it is becoming a right that is necessary to establish social ties. Let me just remind you that today privacy is commonly an issue whenever freedom of speech is considered, i.e. whenever the possibility to freely express one’s opinions without being the subject of, for instance, discrimination or social stigma is taken into consideration. Privacy is also seen as a
component of freedom of association, in order to prevent unlawful acquisition and
disclosure of member lists with possible negative effects on any individual wishing
to freely act by joining forces with others.
Privacy is a prerequisite for exercising the right to health. The protection of certain medical data, in particular those concerning diseases such as AIDS, is a prerequisite for a patient to let himself/herself be treated. There are data from the US showing, for instance, a reduction in the number of women accepting administration of
breast cancer tests, which is due to their being afraid that this information may come
to be known to their employers and produce negative effects leading to their being
denied access to and/or dismissed from work as well as to increased difficulties in getting insurance coverage. A “tragic” choice has to be made between keeping one’s job
and keeping one’s health. Only full-fledged privacy allows the right to health – another of the fundamental rights of this great period of ours – to be respected.
(1) President, Italian Data Protection Authority
336
Da costo a risorsa - Attività produttive e protezione dei dati personali
These are the premises we started from. This conference led us to face, quite
seriously and significantly, the issue of how to use technology. There is a way of presenting technology that sounds very much mythological, whereby technology is
both the sword that wounds and the sword that heals. This is true, in part. Just like
with any technological change, there is a starting phase in which using technologies
is a source of pollution – not so much as regards the physical environment, but in
respect of the informational environment, the civil freedom environment. With the
development and refinement of technologies, some of these polluting effects can be
eliminated or reduced; however, one should not imagine a sort of spontaneous, beneficial change in status merely due to technology.
We have seen and heard that privacy-protecting technology can produce diverse effects: consumer self-defence, tools to raise social awareness of technological
dangers, seals, certificates, and auditing with regard to certain types of technology.
However, there is a self-reference risk in following this approach – technology is
telling us that it can solve privacy problems with technological solutions; businesses are telling us that they can solve privacy problems with self-regulatory solutions;
consumers are telling us that there are self-defence strategies allowing many privacy-related problems to be coped with. I must confess that I rather mistrust all selfreferencing approaches, which here might fail to highlight the need for institutional, economic, and political strategies such as to integrate the different approaches –
the technological approach, the bottom-up approach, and the self-regulatory approach. Obviously, any integrated strategy requires institutional measures to be taken. Indeed, persons above suspicion, i.e. persons belonging to cultural circles where
there is no law-making flair such as that seemingly typical of the European continent, have forcibly stressed the need for legislation.
Of course, one should clarify which kind of legislation one envisages; whenever law is referred to nowadays, something is meant that is far from commonly
agreed upon. A very detailed, analytical law is quite different from a law organised
according to general principles and guidelines. This was the issue to which Umberto Romagnoli drew our attention, when he said that in certain sectors – such as the
employment context, although these considerations are also applicable to other sectors – effective data protection requires complex rules and procedures in which several entities should be involved, because this is a way to increase social acceptance,
effectiveness, and flexibility – which means that it becomes easier to adjust it to the
ever-changing circumstances resulting exactly from the highly innovative contents
of technological development.
We have therefore to address another issue – namely, what are the most appropriate regulatory techniques, also with regard to legislative instruments. Perhaps
the Italian Parliament was not as absent-minded and unaware as was hinted, be-
Stefano Rodotà - Globalising Safeguards
337
cause in setting out data protection regulations it strove to reconcile general principles and detailed rules by also stressing the transparency issue.
The representatives from two major independent supervisory authorities in
Italy – the Chairman of the CONSOB (the authority regulating the securities market) and the Chairman of the Antitrust authority – pointed out that transparency
is a must in their sectors, therefore personal data would be entitled to less protection in this area in order to achieve an important result, i.e. improving market operation as also related to consumer protection (meaning, in this case, protection of
actual and/or potential investors). I believe that the past five years of activity of the
Italian data protection authority show that special attention has always been paid to
transparency – there have been several decisions taken to order that some data categories should be disclosed and publicised.
Indeed, it was asked ironically at a certain time whether our authority was in
charge of protecting transparency rather than privacy. Truth is, we have been developing clear-cut indications set out in Act no. 675 such as those contained in its Section 12(1), letter f ) – whereby the data subjects’ consent is not required to process
data concerning economic activities on condition that industrial and business secrecy rules are complied with. Therefore, economic data are protected to a lesser degree in our system exactly to allow achieving other purposes and upholding other
values – such as correct operation of markets and appropriate use of public resources. The DPA therefore already provides a response to meet this requirement,
which accounts for the cooperative (rather than antagonistic) stance in our relationships with CONSOB as mentioned by Luigi Spaventa.
One should actually consider that two models are currently confronting each
other in the world scenario – not only as regards data protection. To sum up, let us
say that there is a model developed in Europe and another model that historically was
created in the Usa. The former one has always regarded privacy more decidedly as a
fundamental right, whilst the American tradition has been less explicit on this point.
I am not going to dwell on this topic, however I would like to point to an additional issue. Reference has been made frequently to the law economics approach
– but this approach should also take account, for instance, of the writings by Guido Calabresi in addition to those by Richard Posner. There are several ways to use
the law economics approach. One of them considers this type of analysis to be negatively affected by the reference to values other that those immediately related to
economic considerations; others believe, however, that values such as those related
to fundamental rights should be taken into account – the law and economics approach being just one of the tools allowing system operation to be assessed, without excluding such additional components from economic analysis and juridical
evaluation.
338
Da costo a risorsa - Attività produttive e protezione dei dati personali
I believe we cannot do away with the consideration that privacy is a fundamental right. On the one hand, the sincerity of Europe is at stake. Europe cannot
enshrine the right to personal data protection in its Charter of Fundamental Rights
as an autonomous right which is actually separate from and more powerfully supported than the conventional right to protection of private and family life, and then
refrain from drawing the relevant consequences therefrom – because in doing so, it
would behave in an insincere as well as inconsistent and institutionally counterproductive manner.
However, there is another reason why fundamental rights – not only data protection – are nowadays so often referred to. It is exactly in a global scenario where
one can realise how poorly effective legal protection instruments are. The end of national sovereignty in regulating certain relationships – not all of them of course, one
should be careful not to misuse the globalisation concept – may also give rise to the
concept that certain issues are no longer liable to regulation by whatever entity since
States’ sovereignty is a thing of the past.
The reference to fundamental rights as personal rights we carry with us wherever we go and may not be thwarted is becoming a tool to allow the legal dimension – insofar as it is a means to safeguard the individual as a whole – to retain its
strength and value within a framework in which the effectiveness of conventional
law is limited.
Two models of global privacy regulation were described to us as implemented
by two major multinational companies – Daimler Chrysler and Procter & Gamble;
I regard them as highly interesting and deserving of attention. The two companies
provided us with an overview of their policies and organisation worldwide, of the
way in which they ensure the protection of privacy and, therefore, produce a concept of privacy that is modelled, however, after their business requirements - quite
sensibly and correctly. This very circumstance raises the issue of devising regulations
that are not based exclusively on economic interests.
Let me add some final remarks. We have to do, therefore, with balancing the
interests at stake. Nowadays, privacy is squeezed between market requirements and
public security, especially after 11/9. In Italy, guidelines are available to cope with
the issue related to market; we have been working on those guidelines with the utmost care. Reference has been made to Article 41 of Italy’s Constitution, under
which private enterprise may not be in conflict, for instance, with human dignity.
The human dignity principle is also referred to in Section 1 of Italy’s data protection Act. The security issue is being faced by all the authorities all over the world,
and I believe that, as stated yesterday by Mr. George Radwanski, we should take account of the advisability, necessity, and purposes of measures possibly restricting
privacy for security purposes.
Stefano Rodotà - Globalising Safeguards
339
However, two reference points should be regarded as institutionally mandatory also when taking account of the relevant purposes. One of them is related to the
Charter of fundamental rights, which is already a feature of our social organisation.
One of the final provisions in the Charter states that any limitations on the fundamental rights enshrined in the Charter – including, therefore, the right to personal
data protection – must respect the essence of those rights. Thus, it is out of the
question that the protection of personal data may ever be overridden in full for security reasons.
Secondly, the 1950 European Human Rights Convention – which has been
transposed into Italian law as well as into the domestic laws of many countries –
refers to the protection of privacy in its Article 8. The second paragraph of this Article provides that limitations on privacy are possible on several grounds including
security; however, the relevant measures must be compatible with those necessary
for the above purposes “in a democratic society” – i.e. they should be measures serving the purposes of a democratic society.
There are therefore two reference criteria to be considered – on the one hand
there is the essence of the right, which may never be overridden, on the other hand
there is compatibility with a democratic system. We all know that, to a certain extent, authoritarian systems may actually be more efficient in market terms – because, for instance, they grant no safeguards to employees and therefore reduce
labour costs. We could experience this directly when the huge State archives in the
former Soviet Union were discovered – perhaps this applies to an even greater degree to those kept by the German Democratic Republic, which allowed in-depth
surveillance of citizens. Therefore, democratic systems are different also because
they never let safeguards fall below a given threshold.
Let me now come to my conclusions. As hinted yesterday by Professor Campisi, will the new systems to be implemented in connection with the “Total Information Awareness” scheme be actually manageable? This is a technological issue,
but there is something more than that – will they be used for purposes unrelated to
security as well? The Echelon case provides a significant example in this regard – we
know that it proved undoubtedly ineffective to prevent terrorism, whilst it was quite
capable to distort competition by disclosing information on competitors to certain
companies. There is, therefore, another issue to be considered, which is related,
once again, to democracy.
Another facet of privacy as a resource for democracy is related to the circumstance that one should not say – as is often the case, indeed we heard these words
spoken this very day – that terrorism and crime avail themselves of highly sophisticated tools, without also realising that setting up huge databases that cannot be secured via the tools available so far is bound to enhance social vulnerability rather
340
Da costo a risorsa - Attività produttive e protezione dei dati personali
than security – as they can make available the data in question to offenders, who are
far from well-meaning in their intentions.
Therefore, we all are facing a highly difficult situation. I believe that a debate
is necessary; indeed, let me conclude by recalling that during the International Conference in Venice we raised the issue of an international convention on privacy which proposal was received with some mistrust, agreements being regarded as authoritarian tools in this sector. During our latest visit to the US – as Rep. Cliff
Stearns knows very well – we found major changes; indeed, federal bills have been
proposed to protect personal data, which seemed impossible at the beginning of
2000. Therefore, this antagonism between different models is bound, in my opinion, to be very much softened if we consider some founding values. Whilst Europe
is inventing a new generation of codes of practice, the US is paying greater attention to the use of legislative instruments. The suggestion put forward in the Venice
Declaration might lead us nowadays, at the end of this Conference, to re-affirm
what I said at the beginning; however, a “Trans-Atlantic Privacy Dialogue” might
be helpful.
Stefano Rodotà - Globalising Safeguards
341
Collective Rights and Interests: How to Harmonise Approaches
and Safeguards
Marc Rotenberg(1)
I would first like to thank Prof. Rodotà and Mr. Buttarelli for having given me
the chance of being here with you today; it’s a real honour and pleasure.
I would like to address the economic aspect of the issue today. First of all, by
giving you an overall view. I must say that I find this especially interesting not only
because my wife is an economist and in fact we met at a discussion on the Coat theorem; but also because in the world of advocacy and expertise on privacy the trend
has been to focus attention on the scope of human rights, and privacy based on human rights, so we have not taken advantage of certain available analytical tools.
As an introduction, I will try to explain the traditional approach to the problem. When we talk of common standards in respect of privacy protection, we often
refer to existing international instruments, like the OECD guidelines, the EU data
directive, the Universal Declaration on Human Rights, which have rules and standards in common. When I was working as Counsellor of the US Senate Judicial
Committee, it fascinated me to note that both our legal system, the various rules on
privacy in all possible fields, as well as the various legal systems throughout the
world, all embodied what would seem to be a common approach in respect of privacy protection. We could say that this results directly from the legal standards. But
after having reconsidered the subject, I thought there must be something else to explain the common aspects in privacy protection. Many people have already addressed this issue. David Flaherty in the ‘80s and Colin Bennet in the early ‘90s
identified some theories, one being a theory on commerce, which simply says that
when business expands and local corporations have to comply with the local standards, then the trend will be to adopt standards in common. In fact, we have seen
something similar with the impact of the EC data directive, which has led to the
adoption of the Safe Harbour agreement, described by some as the rationalisation
of privacy protection.
Then there is a second theory based on technology, which says that when there
is a common communications infrastructure, like a telecommunications network or
Internet, then common technical standards will arise leading to different privacy
protection in different regions.
While the third theory concerns the role of the élite, which says that there may
be conferences, like the one we are having now, where government representatives
(1) EPIC – Usa
342
Da costo a risorsa - Attività produttive e protezione dei dati personali
and experts from various parts of the world meet to exchange points of view, and
that these meetings as well as any publication of common documents, will give rise
to a common agreement on privacy protection.
I think that, to a certain extent, all these theories are correct. But then there is
another theory, that I would like to explore in detail with you - which has already
been mentioned by a rapporteur this morning, and which pivots on the question of
whether there is an economic basis to privacy? And when I say “economic basis”, I
mean in the strict sense of economics. Does privacy protection promote effectiveness? Does it favour what can be called optimal outcomes, given the rational interests of the various actors?
I think it is important to raise this point as from the start, because the trend
has been, when addressing privacy through the lens of economics, to focus on
gauges that could not be considered as economic, at least normally speaking. What
I mean is that there are people who say: let’s look at the business cost-effectiveness
aspect – are the rules on privacy good for core business? It is a valid commercial consideration but it does not give any satisfying answers to the economic question.
Others, instead, look at the cost-benefits analysis, and say: if we were to gauge
the costs of these various approaches and weigh them against the possible relevant
benefits, what would the outcome be? Some even say: maybe privacy is a factor
which changes according to the markets – in other words, if we have a good privacy, this will inevitably have a beneficial effect on business – which could be true.
But the question I would like to ask you today is the following: is a good privacy valid from an economic point of view? To answer this question, I think we have
to start off by referring to the work of our well-known US expert and jurist, Richard
Posner, who has extensively written on the application of economic models to legal
problems. Posner incidentally was very interested in the question of privacy – and
this already 25 years ago when he wrote an article on the so-called mailing lists and
whether an opt-in or an opt-out was to be preferred. At the time, he said that the
problem concerned the ownership interests of the person concerned or the data possessor. This obliges us to address the matter of the costs of transactions. In a world
where people tend to exchange letters, with stamps and so forth, it is rather expensive to choose the option of not being included in a list, in respect of the benefits
that could arise for the individual. So, Posner was thinking from an economic point
of view when he said that opt-out was to be preferred. He also considered privacy
vis à vis a communication net and if people should pay a certain price for the desired privacy before starting the communication transaction considering that unexpected inefficiencies could arise at any time. Think of this problem for a second.
Let’s say that before picking up the phone, when you’re about to make a phone call,
before doing so, you should probably decide how much privacy you want for that
M a r c R o t e n b e r g - Collective Rights and Interests: How to Harmonise Approaches and Safeguards
343
call: you might be calling for business, or to know the price of a pullover – there is
no need for a lot of privacy for that; but if you are calling your doctor to be informed on a diagnosis, then maybe you need a lot of privacy. If you call a friend to
ask him for information on a show you want to check the time of and in the middle of the call your friend raises an issue that you had not expected, and the matter
becomes strictly personal, now you need privacy. Posner considered this problem
and said that there are good reasons to apply privacy standards to this type of relations to prevent enormous inefficiencies from arising when people have to deal with
a secondary asset – privacy in this case – before being able to reach their primary
aim. Now, there is a wide range of activities where privacy makes sense in economic terms: it makes sense because it promotes trust and confidence, in new net milieus and in offers for new services. A very good example of this is the recent US experience in the regulatory and non regulatory framework. In the ‘80s in the United States, there was a whole series of advanced services available to US consumers:
interactive via cable television, electronic mail, video rent – and in each one of these
cases, the Congress of the United States – like the European Union – said that, before providing these services, a privacy framework had to be established in accordance with the law, to develop trust and confidence in this new business milieu.
And there were no protests associated to privacy in respect of cable TV, video rental
or e-mail – at least not in the ‘80s.
More recently, especially over the last ten years, and even more so after the
spread of Internet, the United States have adopted a different attitude, which
favours the self-regulatory approach: no common standards or a framework for the
new services and new technology. This suggestion has raised a lot of protests – and
this I find quite interesting. In fact, certain services, like advertising on Internet –
which many of us thought would be Internet’s strong point – have practically collapsed. Advertising via Internet has collapsed in part due to the economic conditions, but it also collapsed as a result of the objections raised by the public against
the collection and use of personal information in a milieu not governed by rules.
Microsoft has recently admitted that its personalised services on Internet will probably not be continued as expected, also due to current concerns by the public in respect of the lack of privacy protection. Thus, generally speaking, I would say that
the right to privacy, the common standards on privacy, have the effect of promoting trust and confidence, which in turn foster economic growth.
But now I would like to consider a couple of more specific and technical areas,
under the profile of the law and economics, to suggest a sound foundation on which
to base privacy protection. There is a phenomenon in economics called rent-seeking behaviour which simply means that, if a corporation has knowledge of the most
I am willing to pay for a given product, it will tend asking me for that price. A firm
344
Da costo a risorsa - Attività produttive e protezione dei dati personali
could offer me a shirt for ¤ 20; but if it kno ws I am willing to pay ¤ 30 and it has
the chance of making me pay ¤ 30, then it will undoubtedly tr y to make me pay
just that. Now, if we consider the application of the privacy rules on transactions
based on the market, what strikes you immediately is that the capacity of a consumer to keep his identity concealed in the market, enables the consumer to act
more effectively and more precisely in this type of negotiation. A consumer could
take advantage of a personalised discount pursuant to a loyalty programme, or
could choose to remain unnamed, and by so doing avoiding the inconveniences
arising from the fact of making the most one is willing to pay known (i.e. the highest sum a consumer is willing to pay). Privacy in this case does not seem capable of
protecting a human right, but rather an economic right.
I would like to consider another approach based on legal and economic concepts, and this approach concerns the assigning of responsibility. There is a theory
called least cost avoider, which simply says that we should assign responsibility to
the party implied in the operation which can better minimize the risk. If a person
sells a good with a hidden defect that can not easily be discovered by the purchaser, then the law says that the seller is responsible for such defect. Similarly, the law
on privacy would say that, from an economic point of view, the responsibility for
any further use would fall on the data controller, and not on the person concerned.
Why is this? Why is a corporation in possession of personal data the party that can
better prevent such item from being misused subsequently. The economic interest
aligns with the interest connected to the protection of a human right.
Another economic theory is that privacy rules reduce the costs of transactions,
as they inform both the seller and the buyer on what the privacy terms in the agreements in question will be. And by reducing the costs of transactions, the markets
dealing with the primary product in terms of goods and services, will operate more
effectively. Now, there is an interesting corollary on the wish to reduce transaction
costs, and it is something we have noted over the last few years. It concerns the
growing confusion deriving from privacy policies and reports. Why do self – regulated corporations set forth such complicated declarations on their practices in respect of potential customers? The economic answer is rather simple: they are trying
to develop transaction costs, with a view to making it more difficult for the consumer to exercise his right in the transaction in question.
So far I have suggested different ideas that we get from the laws of economics
on the nature of transactions concerning privacy, and the economic basis of common standards. I would like to give you some more examples on why this approach
is useful, and then I would like to say something to put you on guard. I have already mentioned the US experience on the regulation vs. non regulation approach
on privacy protection. Please note that the first modern law on privacy in the Unit-
M a r c R o t e n b e r g - Collective Rights and Interests: How to Harmonise Approaches and Safeguards
345
ed States, the Fair Credit Reporting Act, which is still from different points of view
one of the stricter laws we have in the United States, has brought transparency, accountability and efficiency to the credit reporting industry. In other words, in the
absence of this law on privacy, which holds credit reporting agencies responsible for
collecting and using credit reports and which gives individuals, whom often could
not have access to credits, despite being entitled to them, the chance of ascertaining and correcting these reports – in one word, the markets could not operate effectively, the fact of having to answer in person was lacking, and there was bad information. But privacy has made more rational markets possible. It is a critical approach, I think. I refer to the collection and use of personal information in any market milieu.
And now some implications of the economic aspect of privacy protection.
Firstly, we are about to see common standards not only from the law profile, but also technologically speaking, as I think it would be effective for both the purchasers
and the sellers to find simple ways of dealing with the online milieu. Secondly, I
think that we have to be careful when we adopt technical methods requiring consumers to resort to an elaborate set of choices. And here I am thinking of certain
protocols having the effect of automating the confusion associated with privacy
policies, and introducing a whole set of new transaction costs, which I think should
be avoided in everyone’s interest. Lastly, with respect to the development of common standards, I would like to quote a nice analogy concerning cars I heard recently
“there should be more technology under the boot and less in the instrument panel”. In other words, these standards should become part of the common protocols
to be able to interact in a common online milieu.
Now, some words of caution on this approach to privacy protection. First of
all, the analysis taken by the reign of economics has suggested many valid instruments. But Posner himself thought that the privacy of an individual is not of great
use. In fact, he is quite famous for having opposed any basis – referred to human
rights, or legal – to support the privacy of information, as it is commonly meant.
Furthermore, in one of Brandeis’ articles written more than a century ago, the author thoroughly considered the matter of whether privacy could be based on a
revendication of property ownership rights. This thesis was rejected, firstly because
whoever wants to protect his privacy – unlike copy right holders – is not that interested in publishing anything. And secondly the value of privacy probably varies
considerably from person to person. So for that reason too, any revendication of
property ownership rights is not a good approach.
Furthermore, in my opinion, there are many situations where we can easily admit that an economic analysis should not replace an ethical, or legal or moral basis
in respect of privacy protection. But I have addressed this aspect today in part be-
346
Da costo a risorsa - Attività produttive e protezione dei dati personali
cause I think that in many discussions on privacy, anything that tastes of economics immediately raises the consideration that it is good from the point of view of
business cost-effectiveness. If we look closer at some tools provided by the laws on
economics, we will find that there are many good economic reasons in the direction
of common standards for privacy protection.
The conclusion thus is that common standards in respect of privacy protection
are not only to be desired for normative reasons, but also to be preferred for economic reasons. And this will be growingly important in the future. I would just like
to mention recent developments in the U.S., where, as you probably know, a new
project called Total Information Awareness has recently been adopted by our Department of Homeland Security and thoroughly discussed. This project represents
an ongoing research effort of our Department of Defence to develop new identification and control systems. I think we should all keep in mind that the reduction
in personal privacy resulting from the events of 11 September 2001 is not a surprising and new factor, but the other consequential factor of this event is the increase in the secrecy used by our Government as shown by these programs. Both
these factors, considered together, have to be well understood as they represent parallel developments of a similar type. Both privacy reduction and an increase in Government secrecy – I am sorry to say – have recently led to a considerable erosion in
civil liberties in the United States. You can find further information on this aspect
in our web site (www.epic.org).
M a r c R o t e n b e r g - Collective Rights and Interests: How to Harmonise Approaches and Safeguards
347
Investire in privacy per lo sviluppo di nuovi prodotti e servizi
Maurizio Costa (1)
Sommario: 1. L’impatto della privacy sull’attività d’impresa – 2. I positivi cambiamenti introdotti dalla riforma del 2001 – 3. La legge può servire anche a tutelare la privacy
dell’azienda – 4. Le prospettive future del mercato e delle relazioni con i clienti – 5. Il
nuovo meccanismo di distribuzione di merci e servizi: dal produttore globale al consumatore individuale – 6. I tre strumenti per riequilibrare i meccanismi di tutela: legge,
autodisciplina, tecnologia – 7. L’impegno del mondo delle imprese per favorire lo sviluppo della privacy: il buon esempio di “Cancellami”
1. L’impatto della privacy sull’attività di impresa
Vorrei affrontare il tema che mi è stato assegnato con l’approccio pragmatico
che un uomo d’impresa applica nella sua attività quotidiana. Svilupperò, perciò, il
mio contributo partendo dall’esperienza concreta che la Mondadori, che opera da
moltissimi anni nel settore del Direct Marketing, ha potuto maturare. Cercherò inoltre di allargare la prospettiva e di portare non solo qualche spunto di riflessione, ma
anche qualche proposta operativa in grado di coniugare l’esigenza di rispondere allo sviluppo dei mercati e l’esigenza di essere assolutamente coerenti con le indicazioni che ci provengono dal sistema normativo.
Il mio contributo parte dalla constatazione di ciò che è successo in Italia in
questi anni di applicazione della legge sulla tutela dei dati personali e da cosa rappresenta la normativa sulla data protection in relazione ai suoi effetti nella vendita di
prodotti e servizi nel continente europeo in generale.
La normativa è stata accolta in Italia, un paese che non disponeva di nessuna legge su questo tema, con sospetto e prevenzione da buona parte del mondo imprenditoriale. Periodicamente si alzano voci che ne chiedono con argomentazioni, spesso
discutibili, la modifica e la ridefinizione, un passo indietro, quindi, non solo antistorico, ma completamente sbagliato. Si crede che tale legge blocchi le attività economiche, costringendo gli operatori a costosi e fastidiosi adempimenti burocratici.
Tuttavia, le osservazioni mosse da parte del mondo imprenditoriale in materia
di riservatezza dati sono molto significative. Stabilire dei limiti al libero utilizzo dei
dati personali ha indubbiamente un forte impatto nei confronti delle attività di impresa, sia in termini di costi di marketing, sia in termini di costi organizzativi e sia
in relazione alle potenzialità di sviluppo delle relazioni con il cliente. Il mio punto
(1) Arnoldo Mondadori Editore spa - Italia
348
Da costo a risorsa - Attività produttive e protezione dei dati personali
di vista è che questa visione sia eccessivamente pessimistica e che una maggiore riflessione sulla vicenda, peraltro già in atto, consentirà di dare un segno più deciso
al pensiero e all’azione di chi è coinvolto sulle tematiche della privacy in Italia.
2. I positivi cambiamenti introdotti dalla riforma del 2001
A seguito delle recenti modifiche attuate alla normativa approvata il 28 dicembre 2001, il tema della riservatezza può essere affrontato con il giusto equilibrio.
La privacy potrà diventare davvero una leva per sviluppare il rapporto della comunicazione interattiva, innalzando la soglia di fiducia del cittadino nei confronti delle aziende, senza fare nessuno sconto rispetto all’impostazione originaria.
La privacy resta un argomento delicatissimo e trattato con estremo rigore dalle nostre istituzioni, ma ho l’impressione che sia cambiato o stia cambiando l’approccio all’interno delle imprese, diventando più europeo, meglio modulato, meno
basato sul formalismo e più sulla sostanza: le sanzioni sono più efficaci, le previsioni di leggi più di buon senso e più facilmente applicabili che in passato ed è inoltre
presente un maggiore riconoscimento del ruolo dell’autodisciplina.
Attraverso specifiche previsioni di codici deontologici potrà essere inoltre valorizzato il ruolo dei cosiddetti servizi di mail preference, che permettono a chi non
vuole ricevere messaggi promozionali di iscriversi in appositi elenchi che dovranno
essere obbligatoriamente consultati da chi vuole inviare messaggi indirizzati. Mi riferisco alle cosiddette Robinson lists, uno strumento di grande efficacia e da sviluppare ulteriormente.
Inoltre, occorre attribuire il giusto riconoscimento al principio del bilanciamento di interessi, cioè al fatto che in generale il Garante potrà stabilire se il diritto
alla riservatezza del singolo debba essere sempre e in ogni caso tutelato attraverso il
necessario e previo consenso dell’interessato anche a discapito di un interesse legittimo del soggetto che decide di trattare i dati personali. In pratica, questo principio
rappresenta una valvola di sicurezza già esistente in molte legislazioni europee che,
se usata con equilibrio, permetterà di evitare applicazioni troppo rigide delle norme
che hanno reso troppo spesso la privacy un territorio impervio e ricco di paradossi.
Dopo che le nuove regole andranno in porto non ci saranno più scuse: adeguarsi alle normative sulla privacy sarà necessario e possibile. Non dovranno e non
saranno ammesse deroghe. È assolutamente importante che le aziende abbiano piena consapevolezza del fatto che un nuovo tassello per l’affermazione della cultura
della riservatezza nel nostro Paese si appresta ad esser collocato. Dopo sei anni dall’introduzione della prima legge sulla privacy, queste nuove regole rappresentano
una conferma del fatto che si sta procedendo sulla giusta strada, una strada ricca di
buoni auspici.
Maurizio Costa - Investire in privacy per lo sviluppo di nuovi prodotti e servizi
349
3. La legge può servire anche a tutelare la privacy dell’azienda
È compito di noi imprese sottolineare che la privacy non deve essere esaminata solo per evidenziare i limiti, gli aspetti negativi, le problematiche che essa stessa
comporta. Essa può essere, al contrario, usata anche per proteggere in modo efficace i dati personali delle stesse aziende e quindi la segretezza delle informazioni che
circolano all’interno di realtà complesse.
Questo è un aspetto macroscopico che non è mai stato sollevato con la dovuta efficacia dalle aziende e dagli operatori economici. La legge italiana, a differenza
di quanto prevedono analoghe discipline straniere e la direttiva comunitaria per la
tutela dei dati personali, prevede che possano essere tutelati anche i dati appartenenti a persone giuridiche. L’immediata conseguenza è che, in linea teorica, una società che ritiene di aver subito un trattamento non autorizzato dei propri dati personali o comunque una fuga di notizie relativa alla sua organizzazione interna, potrebbe legittimamente tutelare i propri interessi e rivolgersi ai suoi concorrenti per
sapere quali informazioni essi detengano sul proprio conto. In caso di mancata risposta, per l’imprenditore che si ritiene spiato si aprirebbero le porte dell’ufficio del
Garante per la Protezione dei Dati Personali o del Tribunale.
Lo spionaggio industriale non arricchisce solo le spy stories dei film di successo,
ma costituisce un cospicuo strumento anche di guadagni illeciti da parte di alcuni
dipendenti disinvolti e non proprio rispettosi dell’obbligo di fedeltà verso il loro datore di lavoro. Questa è una realtà assai diffusa e basterebbe guardare il numero impressionante e la forza di penetrazione dei prodotti gemelli che si affollano sul mercato per concludere che le coincidenze non sono casuali. Bisogna, quindi, riflettere
sul fatto che la legge sulla privacy non pone solo limiti, ma offre anche opportunità inesplorate per le aziende.
4. Le prospettive future del mercato e delle relazioni con i clienti
Per cogliere tutte le potenzialità che si collegano alla privacy è essenziale rivolgere lo sguardo verso il futuro, guardare allo sviluppo dei valori dell’informazione,
della trasparenza e della riservatezza nel nuovo mercato delle vendite a distanza con
strumenti telematici. Le caratteristiche essenziali del futuro mercato dei prodotti e
dei servizi che, con formula convenzionale, viene ormai comunemente definito elettronico, possono essere descritte da due aggettivi.
Il primo aggettivo è, forse banalmente, globale, termine che descrive la dimensione spaziale e anche ideale del mercato di domani, un luogo non più solo fisico, ma anche e sempre più virtuale. Contrariamente al primo, il secondo aggettivo che disegna gli scenari futuri della comunicazione commerciale è individuale,
perché il commercio del futuro, sia esso elettronico o no, si baserà sempre più sul-
350
Da costo a risorsa - Attività produttive e protezione dei dati personali
la personalizzazione dei servizi e dei prodotti.
Questa mia riflessione non deve essere, ovviamente, fraintesa: non credo affatto che, come qualcuno ha sostenuto in passato, ogni individuo è un mercato, ma sono convinto però che ognuno di noi abbia esigenze specifiche e peculiari che è giusto che le aziende provino a soddisfare.
5. Il nuovo meccanismo di distribuzione di merci e servizi: dal produttore globale al consumatore individuale
Volendo usare una formula sintetica, credo che il mercato dei produttori e dei
fornitori di servizi cesserà di essere un sistema di massa per diventare un articolato
e complesso sistema di relazioni individuali, un nuovo meccanismo di distribuzione di merci e servizi dal produttore globale al consumatore individuale.
Si tratta di una rivoluzione copernicana iniziata con il boom della new economy
che ha prefigurato uno scenario di mercato più finanziario che economico, anche se
non ancora maturo. Al di là dei rallentamenti e degli arretramenti di questi ultimi
anni, il percorso intrapreso da questo nuovo mercato non può che essere quello di
una sempre maggiore e puntuale personalizzazione dell’offerta di beni e di servizi delle aziende. Si tratta, quindi, di una rivoluzione in cui il consumatore è al centro dei
messaggi promozionali: sarà sempre più essenziale che chi produce conosca il suo
cliente e assecondi i suoi gusti. In tutto è evidente un segno di progresso rispetto alle epoche passate in cui spesso le aziende dovevano indossare i panni anche scomodi
di persuasori occulti, di propositori di beni e servizi indifferenziati, a una massa indifferenziata di potenziali clienti. Certo, esistono gravi pericoli di accerchiamento ai
danni del singolo, assediato da messaggi mirati e personalizzati; in questo senso l’antico right to privacy potrà costituire un baluardo difensivo importante - tanto più se
esso cesserà di essere inteso banalmente come il diritto ad esser lasciati soli, indisturbati - e diventerà il diritto alla autodeterminazione e quindi il presupposto per la libertà individuale. In questa chiave, il Direct Marketing è destinato inevitabilmente ad
assumere un ruolo guida nella definizione delle nuove strategie di comunicazione
commerciale e anche nell’organizzazione dei meccanismi di vendita.
Se questa è la caratteristica del futuro commerciale del mondo, una caratteristica che si affermerà sempre più nel nuovo mercato, diventa essenziale chiedersi con
assoluta sincerità che ruolo possono assumere le leggi che dagli anni settanta si propongono di tutelare questo particolare aspetto della privacy che è appunto la protezione dei dati personali. Promuoveranno questo processo o lo affosseranno? La risposta non può essere univoca perché diversi sono gli approcci che su questo tema
si offrono all’analisi.
Nell’Unione Europea la scelta condivisa dai legislatori di gran parte dei paesi
Maurizio Costa - Investire in privacy per lo sviluppo di nuovi prodotti e servizi
351
europei (Regno Unito, Francia, Spagna, Portogallo, Svezia, Olanda, Belgio) fino a
non molto tempo fa era nel segno di favorire la libertà del trattamento dei dati, dando all’individuo una sorta di potere di veto per bloccare le operazioni che ritenesse,
in astratto o in concreto, lesive della sua riservatezza. In questo quadro normativo il
futuro mercato globale poteva agevolmente svilupparsi, permettendo al produttore
di entrare in contatto con ogni singolo consumatore.
Al contrario l’Italia, capofila di un orientamento ultimamente recepito con crescente interesse anche nel resto d’Europa, ha fatto prevalere la tutela del singolo a
scapito delle libere iniziative commerciali. Un simile sistema comporterà una maggiore difficoltà per il mondo imprenditoriale ad affermarsi come interlocutore consapevole delle esigenze dell’individuo e nulla potrà essere fatto senza il preventivo
consenso dell’interessato.
Il mio punto di vista è che il consenso preventivo sia uno strumento essenziale in alcuni casi, per esempio quando muta sostanzialmente la finalità del trattamento rispetto a quella per la quale il dato personale è stato raccolto; in altre situazioni, invece, il consenso preventivo non serve e chiederlo, conservarlo ed esibirlo
diventa paradossalmente una beffa. Il consenso può essere comprato, infatti, anche
a basso costo - forse non con la piena consapevolezza della dignità delle persone; anzi, è più facile comprare il consenso preventivo delle persone più deboli e indifese,
sia culturalmente che economicamente. La partecipazione ai concorsi a premi, i
gadgets, i buoni omaggio, e i carnets di sconto esprimono, con le suadenti note del
marketing, questo processo di acquisto consenso.
Quindi, ritengo sia interesse delle imprese e di tutta la società comprendere che
il consenso è fondamentale, ma deve essere soprattutto un consenso consapevole. La
vera partita della tutela della riservatezza, almeno nel settore della comunicazione
commerciale, si gioca non tanto sul terreno scivoloso del consenso (sia esso raccolto con tecniche opt-in o opt-out), ma su quello assai più solido dell’informativa trasparente. Se invece ci si concentra solo sul modo in cui il consenso viene raccolto e
non ci si preoccupa del livello di informazione dal quale il consenso nasce, la privacy resterà un diritto vuoto. Bisogna quindi studiare con serenità ed efficacia strumenti che permettano di riequilibrare il meccanismo di tutela, proteggendo con efficacia la riservatezza delle persone e, nello stesso tempo, favorendo lo sviluppo della società nella direzione di progresso che le tecnologie e le culture presenti rendono oggi raggiungibili.
Non basta proibire per proteggere. Inibire l’attività di trattamento dei dati non
elimina il pericolo di abuso, ma rende senz’altro più difficile lo sviluppo del dialogo consapevole tra mercato globale e consumatore individuale. Solo un approccio
integrato ai problemi della riservatezza, fatto di norme equilibrate, autodisciplina e
strumenti tecnologici può dare slancio all’effettiva protezione dei dati personali in
352
Da costo a risorsa - Attività produttive e protezione dei dati personali
un mercato senza frontiere. Queste sono le tre linee di forza da perseguire con coerenza attraverso la collaborazione tra istituzioni, innanzitutto, associazioni di categoria, consumatori, cittadini e imprese.
6. I tre strumenti per riequilibrare i meccanismi di tutela: legge, autodisciplina, tecnologia
La legge sulla privacy ha colto un bisogno sociale diffuso: ha dato voce a una
domanda di giustizia e trasparenza reale che fino a qualche tempo fa non trovava
gli strumenti per farsi sentire. Con una visione allargata del problema è bene chiedersi come può affermarsi la riservatezza individuale di fronte a una società e ad un
mercato che pur muovendosi verso la globalizzazione, in realtà mirano sempre di
più a stabilire un rapporto diretto con le singole persone: fidelizzazione, one-to-one,
permission marketing, sono i termini che identificano una chiara tendenza in atto.
In estrema sintesi, sulla base delle esperienze che altre nazioni hanno fatto prima
di noi, possono indicarsi tre linee di azione da perseguire con coerenza, attraverso la
collaborazione tra istituzioni, Associazioni di Categoria, Consumatori e Cittadini.
La prima linea di azione che vi propongo è la specificazione della legge sulla tutela dei dati personali mediante lo sviluppo di singole normative di settore idonee
ad adattare le regole generali alle particolarità dei casi (i trattamenti dei dati per finalità di Direct Marketing sono di qualità diversa rispetto a quelli finalizzati ad attività di analisi sociali o di investigazione privata). Le attuali norme rendono assai
complesso lo svolgimento di attività comuni e creano dubbi e problemi interpretativi; quindi una prima linea che suggerisco è quella della specificazione.
La seconda linea dovrebbe, a mio avviso, essere la promozione effettiva e la valorizzazione da parte del Garante di codici di autodisciplina e di buona condotta per
favorire all’interno delle imprese lo sviluppo di una cultura della riservatezza diffusa dal basso nelle singole categorie attraverso le Associazioni di settore. La possibilità di adire singoli Comitati di controllo, seri, indipendenti e competenti permette
di realizzare una tutela del cittadino effettiva e poco costosa.
La terza linea d’azione è l’introduzione anche in Italia di sistemi di cancellazione centralizzata (il cosiddetto Mail preference o Robinson lists), che permettono ai cittadini che desiderano non ricevere comunicazioni commerciali di comunicare questa volontà ad un Sportello Unico: le singole aziende sarebbero tenute ad accedervi
prima di indirizzare le loro comunicazioni commerciali. In questo modo il cittadino
non dovrebbe più inviare svariate richieste di cancellazione dei suoi dati personali,
ma potrebbe esercitare il suo diritto in modo semplice e immediato. Come dimostra
l’esperienza inglese, un efficace strumento tecnico, con un facile accesso attraverso la
rete, potrebbe favorire il processo di trasparenza nella comunicazione dei dati per fi-
Maurizio Costa - Investire in privacy per lo sviluppo di nuovi prodotti e servizi
353
nalità commerciali e per far valere una volta per tutte il principale tra i diritti che la
legge italiana sulla privacy attribuisce all’interessato. Si tratta in definitiva di un’applicazione concreta delle cosiddette Privacy Enhancing Technologies, previste nella direttiva 2000/31/EC dell’8 giugno 2000 sul Commercio Elettronico per utilizzare lo
strumento delle e-mail marketing per promuovere le vendite on-line.
7. L’impegno del mondo delle imprese per favorire lo sviluppo della privacy: il buon esempio di “Cancellami”
Da circa un anno esiste in Italia un servizio che si chiama Cancellami, che le
aziende operanti nel settore del Direct Marketing diretto hanno deciso di sostenere
sotto la sigla della AIDiM, l’Associazione italiana di riferimento di questo settore.
Si tratta di un servizio che consente, esattamente in analogia con le Robinson lists,
di cancellare il proprio nome e non ricevere messaggi, se non desiderati.
I motivi che hanno dato origine a questa iniziativa sono tre. La prima è una ragione etica, perché riteniamo che sia giusto stabilire un confine tra l’invadenza della collettività e la sfera personale dell’individuo. La privacy è un presupposto essenziale per poter permettere lo sviluppo della socialità di ognuno di noi. È un baluardo per garantire la libertà individuale e collettiva.
La seconda è una ragione normativa, perché il diritto a esercitare un controllo
sulle informazioni personali è il risultato di un processo normativo ormai consolidato e non è un caso che la Carta Europea dei Diritti (articolo 8) preveda proprio
la protezione dei dati di carattere personale come diritto fondamentale da esercitare secondo questi principi.
La terza è una ragione economica. Trattare dati costa molto alle imprese; inviare messaggi promozionali a chi non desidera riceverli è un costo pesante sia in
termini materiali (carta, inchiostro, stampa, spese postali, spese telefoniche), sia in
termini di gestione (si tratta di operazioni complesse). È intuitivo che le aziende non
desiderano spedire messaggi promozionali a chi non vuole riceverli, li considera inutili, fastidiosi, non li legge o li cestina appena ricevuti. Le aziende per prime hanno,
quindi, interesse a sapere quali sono le persone che non desiderano ricevere informazioni promozionali, risparmiando tempo e denaro.
Mettendo insieme queste tre motivazioni è nata la necessità, etica ed economica insieme, di creare uno strumento agile ed efficiente per dare concretezza alle esigenze delle singole persone che non vogliono essere disturbate con comunicazioni
commerciali o di raccolta fondi a loro indirizzate, rendendone l’attuazione compatibile con il regolare e fluido svolgimento delle attività economiche. Il servizio è assolutamente gratuito per i cittadini che decidono di avvalersene, mentre le aziende
che aderiscono al servizio coprono i costi di gestione. Mi sembra che questo sia un
354
Da costo a risorsa - Attività produttive e protezione dei dati personali
esempio positivo del modo in cui le aziende possono farsi carico della privacy, offrirla come servizio aggiuntivo per i propri clienti e rendere effettivo il passaggio dal
mercato di massa al mercato individuale.
L’auspicio è che il sistema italiano adotti soluzioni che altre nazioni europee
hanno o stanno adottando, integrando la legge, l’autodisciplina e la tecnologia.
Credo che questo sia un modo corretto per aiutare a mettere ordine negli archivi polverosi dei diritti insoddisfatti e a non aver paura del futuro, guardando verso la nuova frontiera della società e dei mercati globali e individuali.
La privacy è un diritto vitale, multiforme, dinamico e in continuo divenire; è
il presupposto stesso per l’affermazione dei nostri diritti sia nel mercato reale sia nel
mercato virtuale. Per questo è essenziale favorire lo sviluppo della normativa sulla
privacy utilizzando tutti gli strumenti a disposizione: legge, autodisciplina, tecnologia e soprattutto tanto buon senso.
Maurizio Costa - Investire in privacy per lo sviluppo di nuovi prodotti e servizi
355
Investing in Privacy to Develop New Products and Services
Maurizio Costa (1)
Contents: 1. The impact of privacy on business – 2. Positive changes introduced by the
2001 reform – 3. The Law can also be used to protect corporate privacy - 4. The market’s future prospects and relations with customers – 5. The new distribution mechanism
of goods and services: from global producers to an individual consumer – 6. The three
tools to rebalance the protection mechanism: law, self-regulation, technology - 7. Corporate commitment in favour of privacy development: “Cancellami’s” good example
1. The impact of privacy on business
I would like to deal with the theme I have been assigned with the pragmatic
approach used by a businessman in his daily activities. Consequently, I will start by
talking about Mondadori’s experience, developed over the years in the field of Direct Marketing. I will also try to enlarge the perspective, suggest some ideas to think
over, and make some operational suggestions to meet the markets’ development and
the need to be absolutely coherent with current legislation.
First of all, I will deal with the Italian situation in recent years, since the entry
into force of the law on personal data protection, and then I will consider the effects of data protection legislation on the sale of products and services in the European continent in general.
Italy had no legislation in this field, and the new law was perceived with suspicion and prejudice by a large share of the business world. Periodically, voices have
arisen asking for its amendment and redefinition, often on questionable grounds.
Thus a step backwards, which not only is anti-historical, but completely wrong.
Said law is believed to hamper economic activities, obliging businessmen to comply with costly and burdensome bureaucratic procedures.
However, the remarks made by the business world on privacy are very important. Any limitation in the use of personal data undoubtedly has a strong impact on
business, both in terms of marketing and organisational costs and in terms of the
development potentialities of relations with customers. In my opinion, this view is
excessively pessimistic and a more thorough consideration of the matter, which in
fact is in progress, will enable those concerned with privacy in Italy to reconsider
their views.
(1) Arnoldo Mondadori Editore s.p.a. - Italy
356
Da costo a risorsa - Attività produttive e protezione dei dati personali
2. Positive changes introduced by the 2001 Reform
Following the introduction of recent amendments to the Law of 28 December
2001, the subject of privacy can be faced on the right footing. Privacy will be able
to become an incentive for the development of interactive communication, by increasing the trust of citizens in corporations, without waiving its original approach.
Privacy remains a very delicate issue and is dealt with extreme rigour by our institutions. However, I have the impression that the approach of corporations has
changed, or is changing. It is becoming more European, better modulated, less
based on formalism and more on substance: sanctions are more effective, the law
provisions more sensible and more easily applicable than in the past. Furthermore,
the role of self-regulation is increasingly acknowledged.
Furthermore, specific provisions of deontological codes will enhance the role
of the so-called mail preference services, whereby those who do not want to receive
promotional messages can enter their names in special lists that will obligatorily be
consulted by whomever wants to send addressed messages. I am referring to the socalled Robinson lists, a very effective tool that has to be further developed.
In addition, the right importance has to be given to the balance of interests
principle, i.e. to the fact that in general the data protection authority will be able to
decide whether the right to privacy of an individual should always and in every case
be protected through the necessary prior consent of the person concerned also to
the detriment of the legitimate interest of the entity deciding to process the personal
data. In practise, this principle is a security valve provided for in many European
legislations that, if used in a balanced way, will prevent the rules from being applied
too strictly, and thus, more often than not, turning privacy into an inaccessible territory full of paradoxes.
When the new rules become effective, there will be no more excuses: to abide
by the privacy law will be essential and possible. No departures from said rules will
be allowed. It is absolutely important for corporations to be fully aware of the fact
that a new piece is about to be placed in the direction of affirming the culture of
privacy in our country. Six years after the introduction of the first privacy law, these
new rules confirm the fact that we are on the right road, a road full of good omens.
3. The law can also be used to protect corporate privacy
Corporations have the duty to stress the fact that we must not talk of privacy
only to pinpoint its limits, negative aspects, and relevant problems. On the contrary, it can be used to effectively protect the personal data of corporations themselves, and consequently the secrecy of information moving inside complex milieu.
This is a macroscopic aspect that has never been raised as effectively as it
Maurizio Costa - Investing in Privacy to Develop New Products and Services
357
should have by corporations and economic operators. The Italian law, unlike similar laws in other countries and the community directive on personal data protection, also provides for the protection of data concerning legal persons. The immediate consequence of this is that, in theory, when a corporation discovers that its
personal data has been processed without authorisation or in any event information
concerning its internal organisation has been used by unauthorised entities, it could
legitimately protect its interests by asking its rivals what information on the corporation they have. If there is no answer, a businessman who thinks he is being spied,
could turn to the Personal Data Protection Authority or the Court.
Industrial espionage does not only colour the spy stories of successful movies,
but is also a way for impudent and disloyal employees to gain unlawful profits. This
is quite common, and it is enough to see the impressive number of twin products
crowding the market to conclude that they are not chance coincidences. We should,
thus, ponder on the fact that the privacy law does not only set restraints, but also
offers corporations unexplored opportunities.
4. The Market’s future prospects and relations with customers
In order to take advantage of all the potentialities linked to privacy, we have to
look ahead, to consider the development of information values, and the transparency and privacy of the new market of remote telematic sales. There are two adjectives that describe the essential characteristics of the so-called electronic, future,
market of products and services.
The first adjective is, perhaps trivially, global. It is a term that describes the spatial and even ideal scope of our future market: a place that is not only physical, but
also and growingly virtual. Contrary to the first term, the second adjective depicts
the future scenario of commercial communication and is individual, because future
commerce, both electronic and not, will be increasingly based on the personalisation of services and products.
I don’t want to be misunderstood: I don’t believe at all that, as someone has
said in the past, every individual is a market, but I am convinced that each one of us
has specific and peculiar needs that corporations should rightfully try to satisfy.
5. The new distribution mechanism of goods and services: from global
producers to an individual consumer.
To say it in a few words, I think that the market of service producers and
providers will stop being a mass system and will become an articulated and complex
system of individual relations, a new distribution mechanism of goods and services
358
Da costo a risorsa - Attività produttive e protezione dei dati personali
from global producers to an individual consumers.
It is a Copernican revolution launched by the booming new economy, which
envisages a financial rather than economic market - even if not fully developed yet.
Beyond the slowdowns and drawbacks recorded in recent years, the road taken by
this new market can only be that of an ever-growing and detailed personalisation of
the corporations’ offers of goods and services. Consequently, it is a revolution where
consumers are at the centre of the promotional messages: it will be growingly fundamental for producers to know their customers, and satisfy their tastes. Progress
has been made compared with the past, when corporations often had to play the
unfortunate role of hidden persuaders, prompters of undifferentiated goods and
services to an undifferentiated mass of potential customers. Certainly, individuals
run the risk of being encircled and besieged by targeted and personalised messages;
in this regard the old right to privacy will constitute an important defensive stronghold – all the more if it stops being banally intended as the right to be left alone
and undisturbed – and becomes the right to self-determination and thus the condition for individual freedom. In this regard, Direct Marketing will inevitably take
on the leading role of defining the new commercial communication strategies and
organising the sale mechanisms.
If this is the characteristic of the world’s commercial future, and ever more so
of the new market, we will have to sincerely ask ourselves what will be the role
played by the laws that have aimed at protecting this particular aspect of privacy, i.e.
personal data. Will they foster or shelve this process? There cannot be an univocal
answer as there are different approaches to this issue.
Within the European Union, until recently the legislators of most European
countries (United Kingdom, France, Spain, Portugal, Sweden, Holland, Belgium)
supported the freedom in data processing, giving the individual a sort of authority
to veto the operations abstractly or concretely considered as detrimental to his privacy. This legal framework could favour the development of the future global market and enable producers to get in contact with every individual consumer.
On the contrary, Italy, the leader of a recently developed approach - of growing interest also in the rest of Europe - has favoured the protection of individuals to
the detriment of free commercial initiatives. In a similar system, it would be more
difficult for corporations to meet the needs of the individual and operate without
the prior consent of the person concerned.
My point of view is that prior consent is an essential tool in some cases, for example when the objective of data processing changes completely compared with the
one for which the personal data was collected; in other cases, instead, prior consent
is not required and to ask for it, keep it and show it, paradoxically becomes a farce.
Consent may be bought, in fact, and even at a low cost – perhaps not with the full
Maurizio Costa - Investing in Privacy to Develop New Products and Services
359
awareness of the dignity of individuals; in fact, it is easier to buy the prior consent
of both culturally and economically weaker and defenceless individuals. The competitions with prices, the gadgets, the gift tokens, and the discount tickets are examples of the persuasive notes used by marketing to purchase prior consent.
Consequently, I think that it is in the interest of corporations and society as a
whole to understand that consent is fundamental, and especially that it has to be a
conscious consent. The real data protection game, at least in the field of commercial communication, has to be played not so much on the slippery ground of consent (whether collected with opt-in or opt-out techniques), as on the more solid one
of transparent information. If corporations only concentrate on the way in which
consent is collected and are not concerned with the level of information giving rise
to the consent, then privacy will remain a void right. We have to serenely and effectively develop tools to rebalance the protection mechanism, by effectively protecting the privacy of individuals and, at the same time, fostering the development
of our society in the direction of the progress made possible by existing technologies and cultures.
Prohibition is not sufficient to ensure protection. The hindrance of data processing activities does not exclude the danger of abuse and certainly makes the development of a dialogue between the global market and individual consumers more
difficult. Only an approach taking account of the privacy problems, made up of balanced rules, self-discipline and technological tools can give momentum to effective
personal data protection in a market without frontiers. These are the three guidelines
to follow with coherence through the co-operation between institutions, in the first
place, and then between trade associations, consumers, citizens and corporations.
6. The three tools to rebalance the protection mechanisms: law, self-regulation, technology
The privacy law has reflected a far-ranging social need: it has given voice to a
request for justice and real transparency that had not yet found a way of making itself heard. By giving the problem a broader scope, we should ask ourselves how individual privacy can affirm itself in a society and a market that although moving towards globalisation, in fact growingly aim at establishing a direct relation with individual persons: promotion of customer loyalty, one-to-one, permission marketing, are the terms that clearly identify the ongoing trend.
In short, in the light of the experience gained by other countries before us, we
can identify three guidelines that have to be pursued with coherence, through the
co-operation between institutions, trade associations, consumers and citizens.
The first guideline I am suggesting is the specification of personal data protec-
360
Da costo a risorsa - Attività produttive e protezione dei dati personali
tion laws through the development of individual laws that can adjust the general
rules to particular cases (data processing for direct marketing purposes are different
in quality than those aimed at social analysis or private investigation activities). Existing rules make it very complex to conduct joint activities, nurture doubts and interpretation problems; so the first guideline I suggest is that of specification.
The second guideline, in my opinion, should be for the Data Protection Authority to effectively promote and enhance the corporations’ codes of practice and
good conduct to favour the diffusion of the privacy culture from the grassroots of
individual categories, through the trade associations. By resorting to individual, serious, independent and competent control authorities, citizens could be protected
in an effective and inexpensive way.
The third guideline consists in introducing centralised deleting system (the socalled mail preference or Robinson lists) in Italy as well. Under this system, a citizen would only have to inform a Single Office that he does not want to receive commercial notices: individual corporations would then have to refer to these lists before addressing their commercial notices. By so doing, a citizen would not have to
send various requests for deleting his personal data, but would be able to exercise
his right in a simple and immediate way. As the British experience shows, an effective technical tool easily accessible through the net can favour the transparency
process in data communication for commercial purposes and, once and for all, help
wield the major right protected by the Italian privacy law. Basically, we are talking
about a concrete application of the so-called Privacy Enhancing Technologies provided for in Directive 2000/31/EC of 8 June 2000 on Electronic Trade, on the uses of the e-mail marketing instrument to promote on-line sales.
7. Corporate commitment in favour of privacy development: “Cancellami’s”
good example
A service called Cancellami was set up in Italy about a year ago by the corporations operating in the field of Direct Marketing, under the aegis of AIDiM, the
Italian reference Association in this field. Cancellami is a service whereby, like the
Robinson lists, one can delete one’s name and thus not receive unwanted messages.
There are three reasons why this service has been set up. The first is an ethical
reason, because we believe that there should be a boundary between our community’s intrusiveness and an individual’s personal sphere. Privacy is an essential condition for developing the sociality of each one of us. It is a stronghold ensuring collective and individual freedom.
The second reason concerns the law, as the right to exercise control over personal data results from a well-developed law, and it is not by chance that the Euro-
Maurizio Costa - Investing in Privacy to Develop New Products and Services
361
pean Charter of Rights (Article 8) provides for the protection of personal data as a
fundamental right to be exercised under the principles it sets forth.
The third reason is economical. It is very expensive for corporations to process
data; to send promotional messages to individuals who do not want to receive them
is very costly both in terms of the materials (paper, ink, print, posting cost, phone
cost) and in terms of the management (they are very complex operations). One can
easily understand that corporations do not want to send promotional messages to
persons who do not want to receive them; they are useless, annoying, they are either not read or thrown away as soon as they are received. Corporations are thus the
first to be interested in knowing the persons who do not want to receive promotional messages, thus saving time and money.
These three reasons put together have given rise to the ethical and economic
need to develop an agile and effective tool to meet the needs of those persons who
do not want to be disturbed by commercial or fund collection communications,
and have made the satisfaction of that need compatible with a regular and fluid operation of the business activities. The service is free for the citizens who decide to
use it, while corporations have to pay for it. I think that this is a good example of
the way in which corporations take privacy on themselves, provide it as an additional service to its customers and implement the passage of a mass market to an individual market.
We hope that the Italian system will adopt solutions that other nations adopted or have adopted, integrate its law, self-regulation and technology.
I think this is the right way to help put order in the dusty archives of our unsatisfied rights and to face the future without fear, looking ahead at the new frontier of our society and the global and individual markets.
Privacy is a vital, multiform, dynamic and ever-developing right; it is the condition itself for affirming our rights both in the real and virtual markets. In view of
this, we have to foster the development of the privacy law using all the available
tools: laws, self-regulation, technology and especially common sense.
362
Da costo a risorsa - Attività produttive e protezione dei dati personali
Growth Expectations for a Global Marketplace That is Mindful of
Individuals
Mozelle W. Thompson(1)
Good afternoon. I would like to thank Chairman Rodotà and members of the
Commission for sponsoring this important conference. We have heard a variety of
different views and approaches to the issue of privacy protection, and its has been
helpful for me to learn more about the Italian experience.
The Conference Organizers have asked me to address the topic of Growth Expectations for a Global Marketplace that is Mindful of Individuals. In America we
might call this Creating an Individual-Friendly Global Marketplace. This is a somewhat difficult topic to address, partly because I have no crystal ball to predict the
future, and partly because I have learned that it is dangerous for senior government
officials to make public predictions.
Notwithstanding my reservations, I have had an opportunity to observe consumer and government issues around the world from my work as president of the
International Marketing Supervision Network [IMSN] and as chair of the OECD
Committee on Consumer Policy. So perhaps I can share some of my observations
and give you some insight about future issues.
Before I begin, my General Counsel requires that I provide you with the same
statement that you heard yesterday from Commissioner Swindle – that my comments today are my own and do not necessarily reflect the views of the Commission or any of the other Commissioners.
At the outset, I would say that an “individual-friendly global marketplace” is
one that has a foundation that places the consumer at the center of its “value proposition.” In other words, it is a market that recognizes the importance of providing
consumers with a basket of tools that provide consumers with a means to feel safe
and confident to participate in the marketplace.
Among those tools are rights and remedies that can protect them from harm harm that can result from fraud, deception, security breaches [an area where my colleague Commissioner Swindle has done excellent work with the OECD], and privacy violations. And these tools can be exercised by government, businesses [in the
form of self regulation] and consumers themselves.
There are two reasons that this perspective is more important now than at any
other time. First, it is no secret that most Western economies are experiencing a
period of economic distress. It has also been said that consumer spending repre(1) Federal Trade Commission – Usa
M o z e l l e W . T h o m p s o n - Growth Expectations for a Global Marketplace That is Mindful of Individuals
363
sents 80% of the American economy. In France, it is 50% and other European
countries fall somewhere in between. A small change in consumer confidence, up
or down, can have a significant impact on and country’s economy. As a result, government and businesses alike are focusing on the importance of consumer spending and consumer confidence in maintaining economic health and stimulating future economic growth.
While there has been relatively little hard economic study that connects privacy to consumer confidence, many commentators have claimed that consumer privacy concerns result in a failure to achieve billions of dollars in potential sales in the
electronic marketplace.
Second, one of the important byproducts of globalization and deployment of
the Internet is that markets have become more “demand driven.” Because consumers
can have easy access to information, consumers can rapidly move their money to
many different places. Consequently, they have a greater expectation that their merchants and their governments will be more responsive to their individual demands.
Privacy has to be viewed in this context. Although we all have been somewhat
self absorbed about the principles of privacy, how we actually deliver privacy depends on how we:
- manage consumer expectation - and we have all a long way to go on that
front;
- define what constitutes “value” for purposes of privacy; and
- determine how we measure success.
Ideally, we provide guidance through our own combination of laws, rules, and
self-regulatory programs. But, there is no “one size fits all” approach to this issue,
nor is there a magic answer. Moreover, neither government, consumers nor industry can address these questions alone.
Now, I know what some of you are thinking, that I am taking a typically Anglo-Saxon approach because I am focusing on the practical. I most often hear this
statement when someone is implying that Americans have no principles. That is not
true. What I am saying is that we all have to be measured by what our citizens experience, and none of us have been perfect in this regard. Let me tell you why.
First, we need to build a foundation based upon consumers who understand
what is reasonable, and not reasonable, to expect in terms of privacy. This foundation is a cornerstone for a demand driven market that measures companies based on
how they respond. These consumer expectations need to be considered within the
bundle of concerns that we term consumer confidence. This must be done, not because that is the way we in the United States or in Italy consider privacy issues, but
because that is the way most of the public experiences privacy issues.
We also need to use our expertise to tell industry and governments about what
364
Da costo a risorsa - Attività produttive e protezione dei dati personali
we think is appropriate and inappropriate behavior, including providing incentives
for innovation – technological or otherwise.
And, when industry or government fails to live up to the expectations and requirements imposed through those means, we need to take appropriate enforcement action. That action should not only include the typical government tools of
fines, penalties, injunctions and public embarrassment, but should also allow for
more creative solutions in appropriate cases that enable wrongdoers to become
models for improved practices.
So, the question isn’t really what we can expect from an individual friendly
global marketplace, but how we create one and ensure that it continues to exist —
and in the context of this conference’s topics, how the issue of privacy plays a role
in ensuring the development of consumer confidence.
Let me take a minute to talk about my experience with this issue. Although
you heard something about this yesterday, my personal views might be slightly different than those expressed yesterday by my colleague Commissioner Swindle.
It is no secret that the United States and Europe have different approaches to
the issue of data privacy. Most countries in the European Union have broad-based
privacy laws, while we take a more sectoral approach.
However, work done by Consumers International illustrates that: “Despite
tight EU legislation in this area, researchers did not find that [Web] sites based in
the EU gave better information or a higher degree of choice to their users than sites
based in the US”
While there has been similar criticism of Web sites in the United States, Consumers International found that “US-based sites tended to set the standard for decent privacy policies” and that US-based most popular sites were the most likely to
have a privacy policy and were more likely to post that policy in an easily accessible
place. I believe this statement is accurate.
Although I have publicly suggested that America’s on-line consumers would
benefit from some Federal law that would allow us to address the “holes in our Swiss
cheese,” [e.g. companies who are not providing consumers with data protection or
otherwise governed by Federal Law], European criticism of the US privacy approach fails to take into account our record of effective prosecution.
You heard something about that record yesterday, but to give you further information:
To date, the US Federal Trade Commission has brought approximately 255 Internet cases and handled 31 matters with a privacy component. In addition, 279
companies have self-certified under the US-EU Safe Harbor.
As the US FTC has undertaken strong enforcement action, we have also spent
a great deal of time publicly discussing our cases in order to build consumer de-
M o z e l l e W . T h o m p s o n - Growth Expectations for a Global Marketplace That is Mindful of Individuals
365
mand for privacy. Consequently, as consumers have increasingly demanded privacy
protection, industry has responded.
This visible enforcement activity, clearly has a dual purpose: (1) to send a message to industry about what is acceptable conduct, and in so doing shape the marketplace; and (2) to educate consumers about what they should reasonably expect
in the marketplace.
In conjunction with strong enforcement, there is a need to educate consumers
and businesses as to why privacy is a value – government saying so is not enough.
As more people know about privacy, consumer demand will help drive the marketplace. Privacy must be something that consumers understand and that businesses
know must be included as part of the value proposition.
In a global marketplace it is important for all of us to work together, while at
the same time to recognize that countries have different legal and value systems
and therefore approach problems differently. Our differences, however, should be
valued and we should learn from each other in order to benefit consumers around
the world.
When we build a global marketplace that recognizes all elements that are important to the consumer, including privacy, we will have an individual-friendly
global marketplace that realizes the great potential it has for all of our citizens.
366
Da costo a risorsa - Attività produttive e protezione dei dati personali
The Privacy Resource
Spiros Simitis (1)
I was especially intrigued by the word “resource” in the title of this Conference.
Indeed, I decided to look it up in an English dictionary to find the precise definition, which includes many different meanings such as device, supply, riches, but also ingenuity and inner force. I think that, especially after listening to the presentations in these two days, all these definitions apply to a different extent.
My first consideration regarding the issue at stake has to do with the approach
adopted to address it. In my opinion, we should avoid using obsolete tools to cope
with an issue that has wholly different features compared with those one might
have descried, say, thirty years ago. Thirty years ago one could reasonably argue
that the right to privacy was one facet of personality rights. I think it is high time
we relinquished these views, because otherwise we are in danger of admitting that
privacy rights may or actually must be placed in parallel with other rights – such
as ownership.
In fact, as pointed out by Stefano Rodotà a few minutes ago, we are not dealing with personality rights. We have to do with a wholly new legal approach, and
this was explained most clearly by the German Constitutional Court in 1983 –
when they ruled that respect for private life, and awareness of the ways in which personal data are used are a fundamental prerequisite for any democratic society.
Therefore, in debating privacy we actually discuss the structure of our society – and
leniency in the application of the rules on personal data will undermine any democratic society. It is not a matter of striking the right balance; there can be no balance
when you have to do with data protection, as this is one of the fundamental prerequisites for our societies.
This is all the more evident if we consider that, firstly, today we are not deliberating whether to collect certain data – as was the case in the ‘70s, when scholarly
papers on privacy started being published – but rather how to use the data that have
already been collected; and secondly, that there is no longer any distinction to be
drawn between public and private entities, as public entities often avail themselves
for their purposes (such as preventing and detecting crimes) of devices and tools that
had been originally developed by private entities for private purposes. Therefore, we
should bear in mind that any privacy rules to be developed will have to take account
of the possible implications related to their implementation in a democratic society.
Thus, I think that the key issue is nowadays, how to possibly deny access to
(1) Frankfurt University - Germany
Spiros Simitis - The Privacy Resource
367
data that are already available. And I believe that the solution, if any, can only be
found by re-considering the very core of the rules applying to data protection.
This means, firstly, that there should not be any use of personal data unless
there are no available alternatives. Therefore, no a priori data collection is to be allowed: it is necessary to prove that the data are necessary for the specific purposes
to be achieved, and that the purposes in question may only be attained by using personal data. Such an approach postulates the existence of an independent control entity as well as of clear-cut rules on purposes and mechanisms of use.
Secondly, I think that special attention should be paid to the ever-growing
practice of marketing personal data. We all are aware of this, and a look at the Internet is enough to realise that you can buy practically any personal data you may
wish at a reasonable price. But this commodification of personal data is against the
very nature of the fundamental rights involved. You cannot talk about benefit-sharing in this sector – as has been done with regard to the collection and use of genetic data in some countries.
Thirdly, the approach based on the opt-out mechanism has always been quite
popular in connection with data protection, and has recently been advocated also
in respect of the collection of genetic data by “biobanks” – which might be enabled
to “buy” a person’s genetic data unless the person in question “opts out”, i.e. objects
to this type of processing. The point is, how can one object? This is nowhere explained very clearly.
Based on these considerations, I think it is high time we decided whether we
are to consider consent as important as it was in the past. Or rather, we should reconsider the way the consent requirement is applied in respect of the processing of
personal data. We are faced with a situation in which what matters are no longer
the data, but the context of their use. This means we should change our way of
thinking and simply set out a few truly unambiguous, binding principles that can
then be applied to the specific context.
And, what is then the outcome, if any, of our meeting? It seems clear to me,
further to what has been said so far, that self-regulation is indeed essential – but only up to a certain extent. We do not need conventional self-regulation; rather, we
should think of what has been termed “regulated self-regulation”. Which means
that any code developed, for instance, by a corporation or trade association (and in
Italy there are excellent examples in this regard) should be submitted to the supervisory authority and only become applicable after being evaluated and approved by
the authority.
Regulated self-regulation is an elementary component of a new concept of data protection, as no law-making body can impose extensive and apparently comprehensive regulations in this area – necessary though they may be – without deal-
368
Da costo a risorsa - Attività produttive e protezione dei dati personali
ing with an endless list of details and thus severely endangering its credibility. For
precisely this reason self-regulation is obviously helpful. We nevertheless must elaborate a new concept in which self-regulatory approaches are integrated – keeping in
mind that this integration does not mean replacing binding regulatory principles,
in respect of which (let me say it once again) no balancing is admissible. Thus, there
may indeed be cases in which the duty to provide information to third parties is directly applicable, for instance as regards the police or judicial authorities. At the
same time, however, there should be little doubt that any limitation on the information to which data subjects are entitled must be compensated for by the intervention of an independent authority – which has to verify and check whether, for
instance, the relevant requirements have been met as formally stipulated.
Thank you for your attention.
Spiros Simitis - The Privacy Resource
369
AVVISO PER I LETTORI
(art. 13 Codice in materia di protezione dei dati personali, d.lg. 30
giugno 2003, n. 196)
I nominativi e gli indirizzi utilizzati per inviare questa
pubblicazione sono trattati con strumenti anche
informatici (senza una loro particolare elaborazione),
non verranno comunicati a terzi e saranno utilizzati
solo ai fini dell’invio. L’interessato potrà rivolgersi in
ogni momento al Garante per la protezione dei dati
personali (Roma, Piazza di Monte Citorio n. 121,
fax: 06 69677785, e-mail: garante@garanteprivacy.it)
per verificarli o farli integrare, aggiornare o rettificare e/o per esercitare gli altri diritti previsti dalla normativa in materia di protezione dei dati personali
(art. 7 del Codice in materia di protezione dei dati
personali, d.lg. 30 giugno 2003, n. 196).
Stefano Rodotà, Presidente
Giuseppe Santaniello, Vice Presidente
Gaetano Rasi, Componente
Mauro Paissan, Componente
Giovanni Buttarelli, Segretario generale
Redazione
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121
00186 Roma
fax 06 69677785
www.garanteprivacy.it
www.dataprotection.org
e-mail: garante@garanteprivacy.it
Pubblicazione della
Presidenza del Consiglio dei Ministri
Dipartimento per l’informazione e l’editoria
Direttore: Mauro Masi
Via Po, 14 - 00198 Roma - tel. 06 85981
Stampa e distribuzione:
Ufficio grafico dell’Istituto Poligrafico e Zecca dello Stato
presso il Dipartimento per l’informazione e l’editoria
Piazza di Monte Citorio, 121
00186 Roma
www.garanteprivacy.it
www.dataprotection.org
Progetto grafico:
Vertigo Design
CONTRIBUTI
Da costo a risorsa
Da costo
a risorsa
L A TUTEL A DEI DATI PERSONALI
NELLE AT TIVITÀ PRODUT TIVE
Questo volume si propone di valutare l’impatto della
tutela dei dati personali nell’attività delle imprese e
quale funzione essa può svolgere nell’economia dei
mercati aperti. L’approccio vuole essere di natura di-
A cura di Gaetano Rasi
namica e non statica, nonché di confronto fra indirizzi
ed esperienze diverse. Il volume è ripartito in quattro
sessioni: la prima tratta della tutela dei dati personali
nel mercato globale; la seconda della libertà di impresa e del diritto alla riservatezza; la terza della tutela dei dati personali nel rapporto tra impresa, utenti
e consumatori e la quarta indica la nuova frontiera
della privacy come risorsa per lo sviluppo economico.
www.garanteprivacy.it