Privacy

Articles and publications written by the CCC about Privacy.

How Can We Ensure Consumer Privacy?

Each and every week, we hear of new data breaches, hacks, and disclosures of sensitive financial and personal information.

Last month, it was the cyberattack on the Colonial Pipeline in the United States, causing spikes in gas prices and long lines at the pump. Before that, news broke of a data leak affecting half a billion Facebook accounts, a bot that has successfully scraped 500 million LinkedIn accounts, and a hack at Stanford University that exposed thousands of social security numbers and financial details. The cycle is endless.

The sheer number of reports of data leaks, hacks, and scams on affected accounts has now grown so gargantuan that consumers and users are left numb. The more that number grows, the more we grow numb.

But breaches of private data matter. And consumers should be rightly ticked off.

Because for every company screw-up, hacker exploit, and insecure government database, there are thousands of firms and organizations doing it right, keeping users’ data secure, encrypted, and away from prying eyes.

And while individual countries in the European Union have their own privacy and data laws, the more troublesome aspect here is the troubled General Data Protection Regulation (GDPR), which all too often makes it more difficult for legitimate businesses to secure data, not less.

While we should always be vigilant about potentials for leaks and hacks, a chief concern of a smart and common-sense data privacy law or directive should be in championing innovation, which isn’t the case at present.

For every new health data company, logistics firm, or consumer wearable, proper data collection and retention are a core value. The more that rules are uniform, clear, and do not create barriers to entry, the more innovation we will see when it comes to data protection.

We should incentivize firms to adopt interoperability and open data standards to ensure data is portable and easy to access for users. Major social media networks now allow this prevision, and it has been the standard for website data for several years.

If that becomes the standard, consumers will be able to choose the brands and services that best cater to their needs and interests, rather than just companies left standing in the wake of overregulation.

At the same time, if we are to have revised privacy rules in the EU, we should enshrine the principle of technology neutrality, where government avoids decreeing winners and losers. That means that regulating or endorsing various formats of data, algorithms, or technology should be determined by firms and consumers, not government agencies without the knowledge necessary to make good decisions. The EU’s recent attempt to designate the “common phone charger” as the micro-USB connection, at a time when USB-C connections are becoming the industry standard, is an easy example.

This also extends to innovation practices such as targeted advertising, geo-targeting, or personalization, which are key to the consumer experience.

Added to that, we should be wary of all attempts to outlaw encryption for both commercial and personal use.

Pressure has mounted on the European Commission to overhaul encryption by private actors, but that would be a mistake.

The reason encryption remains a powerful tool in the arsenal of companies and agencies that handle our data and communications is because it works. We must defend it at any cost.

While there is plenty to be concerned about when it comes to online breaches and hacks, consumers should be able to benefit from an innovative marketplace of products and services, unencumbered by regulations that all too often restrict progress.

This balance is possible and necessary, both if we want to have a more secure online experience, and if we want to continue to have the best technology at our disposal to improve our lives.

Originally published here.

Digital data security poses several challenges

On a Monday, there is a data leak affecting half a billion Facebook accounts. By Tuesday, a bot has scraped 500 million LinkedIn accounts. Then Wednesday, Stanford University announces a hack that exposed thousands of Social Security numbers and financial details. And Thursday, the world’s largest aviation IT company announces 90% of passenger data might have been accessed in a cyberattack. And so on. The cycle is endless.

The sheer number of reports of data leaks, hacks and scams on affected accounts has now grown so gargantuan that consumers and users are left numb. It might as well be the soaring national debt total —the higher the number, the less we care.

But breaches of private data matter. And consumers should be rightly ticked off.

Because for every company screw-up, hacker exploit and insecure government database, there are thousands of firms and organizations doing it right, keeping users’ data secure, encrypted and away from prying eyes.

And although such states as California, Virginia and Vermont have passed privacy and data laws, many of these provisions too closely resemble the European Union’s troubled General Data Protection Regulation (GDPR) in making it more difficult for legitimate businesses to secure data, not less.

When large data breaches occur, consumers who have been legitimately harmed should have their claims heard in court.

But the current regulations across the U.S., including in tech-centric California, place too much of a burden on those who follow the law and do right by their customers. There’s also a risk of creating a patchwork of different rules in different jurisdictions. To avoid this, a national framework on data and consumer privacy will need to take shape.

While we should always be vigilant about potentials for leaks and hacks, a chief concern of a smart and common-sense data privacy bill should be in championing innovation.

For every new health data company, logistics firm or consumer wearable, proper data collection and retention are a core value. The more that rules are uniform, clear and do not create barriers to entry, the more innovation we will see when it comes to data protection.

We should incentivize firms to adopt interoperability and open data standards to ensure data is portable and easy for users to access. Major social media networks now allow this prevision, and it has been the standard for website data for several years.

If that becomes the standard, consumers will be able to choose the brands and services that best cater to their needs and interests, rather than just companies left standing in the wake of overregulation.

At the same time, if we are to have a national privacy bill, we should enshrine the principle of technology neutrality, where government avoids decreeing winners and losers. That means that regulating or endorsing various formats of data, algorithms or technology should be determined by firms and consumers, not government agencies without the knowledge necessary to make good decisions. The EU’s recent attempt to designate the “common phone charger” as the micro-USB connection, at a time when USB-C connections are becoming the industry standard, is an easy example.

This also extends to innovation practices such as targeted advertising, geotargeting or personalization, which are key to the consumer experience.

Added to that, we should be wary of all attempts to outlaw encryption for both commercial and personal use.

In recent weeks, FBI Director Christopher Wray has once again called on Congress to ban the use of encryption, an overreach that would put billions of dollars’ worth of data at risk overnight and leave us vulnerable to foreign hackers.

He is joined in these efforts by Sens. Lindsey Graham, R-S.C.; Tom Cotton, R-Ark.; and Marsha Blackburn, R-Tenn., who introduced a bill that would forever ban this important cryptographic invention, warning it is used by “terrorists and other bad actors to conceal illicit behavior.”

The reason encryption remains a powerful tool in the arsenal of companies and agencies that handle our data and communications is because it works. We must defend it at any cost.

While there is plenty to be concerned about when it comes to online breaches and hacks, consumers should be able to benefit from an innovative marketplace of products and services, unencumbered by regulations that all too often restrict progress.

This balance is possible and necessary, both if we want to have a more secure online experience and if we want to continue to have the best technology at our disposal to improve our lives.

Originally published here.

Are Consumers Getting the Short Stick on Data Privacy?

On a Monday, there is a data leak affecting half a billion Facebook accounts, by Tuesday a bot has scraped 500 million LinkedIn accounts. On Wednesday, Stanford University announces a hack that exposed thousands of social security numbers and financial details. Then Thursday, the world’s largest aviation IT company announces 90 percent of passenger data may have been accessed in a cyber-attack. And so on. The cycle is endless.

The sheer number of reports of data leaks, hacks, and scams on affected accounts has now grown so gargantuan that consumers and users are left numb. It might as well be the soaring national debt total —the higher the number, the less we care.

But breaches of private data matter. And consumers should be rightly ticked off.

Because for every company screw-up, hacker exploit, and insecure government database, there are thousands of firms and organizations doing it right, keeping users’ data secure, encrypted, and away from prying eyes.

And although states like California, Virginia, and Vermont have passed privacy and data laws, many of these provisions too closely resemble the European Union’s troubled General Data Protection Regulation (GDPR) in making it more difficult for legitimate businesses to secure data, not less.

When large data breaches occur, consumers who have been legitimately harmed should have their claims heard in court.

But the current patchwork of regulations across the U.S., including in the tech-centric state of California, place too much of a burden on those who are follow the law and do right by their customers, and risk creating different rules in different jurisdictions. To avoid this, a national framework on data and consumer privacy will need to take shape.

While we should always be vigilant about potentials for leaks and hacks, a chief concern of a smart and common-sense data privacy bill should be in championing innovation.

For every new health data company, logistics firm, or consumer wearable, proper data collection and retention are a core value. The more that rules are uniform, clear, and do not create barriers to entry, the more innovation we will see when it comes to data protection.

We should incentivize firms to adopt interoperability and open data standards to ensure data is portable and easy-to-access for users. Major social media networks now allow this prevision, and it has been the standard for website data for several years.

If that becomes the standard, consumers will be able to choose the brands and services that best cater to their needs and interests, rather than just companies left standing in the wake of overregulation.

At the same time, if we are to have a national privacy bill, we should enshrine the principle of technology neutrality, where government avoids decreeing winners and losers. That means that regulating or endorsing various formats of data, algorithms, or technology should be determined by firms and consumers, not government agencies without the knowledge necessary to make good decisions. The EU’s recent attempt to designate the “common phone charger” as the micro-USB connection, at a time when USB-C connections are becoming the industry standard, is an easy example.

This also extends to innovation practices such as targeted advertising, geo-targeting, or personalization, which are key to the consumer experience.

Added to that, we should be wary of all attempts to outlaw encryption for both commercial and personal use.

In recent weeks, FBI Director Christopher Wray has once again called on Congress to ban the use of encryption, an overreach that would put billions of dollars’ worth of data at risk overnight, and leave us vulnerable to foreign hackers.

He is joined in these efforts by Sens. Lindsey Graham (R-SC), Tom Cotton (R-AR), and Marsha Blackburn (R-TN), who introduced a bill that would forever ban this important cryptographic invention, warning it is used by “terrorists and other bad actors to conceal illicit behavior.”

The reason encryption remains a powerful tool in the arsenal of companies and agencies that handle our data and communications is because it works. We must defend it at any cost.

While there is plenty to be concerned about when it comes to online breaches and hacks, consumers should be able to benefit from an innovative marketplace of products and services, unencumbered by regulations that all-too-often restrict progress.

This balance is possible and necessary, both if we want to have a more secure online experience, and if we want to continue to have the best technology at our disposal to improve our lives.

Originally published here.

Are Consumers Getting the Short Stick on Data Privacy?

On a Monday, there is a data leak affecting half a billion Facebook accounts, by Tuesday a bot has scraped 500 million LinkedIn accounts. On Wednesday, Stanford University announces a hack that exposed thousands of social security numbers and financial details. Then Thursday, the world’s largest aviation IT company announces 90 percent of passenger data may have been accessed in a cyber-attack. And so on. The cycle is endless.

The sheer number of reports of data leaks, hacks, and scams on affected accounts has now grown so gargantuan that consumers and users are left numb. It might as well be the soaring national debt total —the higher the number, the less we care.

But breaches of private data matter. And consumers should be rightly ticked off.

Because for every company screw-up, hacker exploit, and insecure government database, there are thousands of firms and organizations doing it right, keeping users’ data secure, encrypted, and away from prying eyes.

And although states like California, Virginia, and Vermont have passed privacy and data laws, many of these provisions too closely resemble the European Union’s troubled General Data Protection Regulation (GDPR) in making it more difficult for legitimate businesses to secure data, not less.

When large data breaches occur, consumers who have been legitimately harmed should have their claims heard in court.

But the current patchwork of regulations across the U.S., including in the tech-centric state of California, place too much of a burden on those who are follow the law and do right by their customers, and risk creating different rules in different jurisdictions. To avoid this, a national framework on data and consumer privacy will need to take shape.

While we should always be vigilant about potentials for leaks and hacks, a chief concern of a smart and common-sense data privacy bill should be in championing innovation.

For every new health data company, logistics firm, or consumer wearable, proper data collection and retention are a core value. The more that rules are uniform, clear, and do not create barriers to entry, the more innovation we will see when it comes to data protection.

We should incentivize firms to adopt interoperability and open data standards to ensure data is portable and easy-to-access for users. Major social media networks now allow this prevision, and it has been the standard for website data for several years.

If that becomes the standard, consumers will be able to choose the brands and services that best cater to their needs and interests, rather than just companies left standing in the wake of overregulation.

At the same time, if we are to have a national privacy bill, we should enshrine the principle of technology neutrality, where government avoids decreeing winners and losers. That means that regulating or endorsing various formats of data, algorithms, or technology should be determined by firms and consumers, not government agencies without the knowledge necessary to make good decisions. The EU’s recent attempt to designate the “common phone charger” as the micro-USB connection, at a time when USB-C connections are becoming the industry standard, is an easy example.

This also extends to innovation practices such as targeted advertising, geo-targeting, or personalization, which are key to the consumer experience.

Added to that, we should be wary of all attempts to outlaw encryption for both commercial and personal use.

In recent weeks, FBI Director Christopher Wray has once again called on Congress to ban the use of encryption, an overreach that would put billions of dollars’ worth of data at risk overnight, and leave us vulnerable to foreign hackers.

He is joined in these efforts by Sens. Lindsey Graham (R-SC), Tom Cotton (R-AR), and Marsha Blackburn (R-TN), who introduced a bill that would forever ban this important cryptographic invention, warning it is used by “terrorists and other bad actors to conceal illicit behavior.”

The reason encryption remains a powerful tool in the arsenal of companies and agencies that handle our data and communications is because it works. We must defend it at any cost.

While there is plenty to be concerned about when it comes to online breaches and hacks, consumers should be able to benefit from an innovative marketplace of products and services, unencumbered by regulations that all-too-often restrict progress.

This balance is possible and necessary, both if we want to have a more secure online experience, and if we want to continue to have the best technology at our disposal to improve our lives.

Originally published here.

INTERVIEW: Jennifer Huddleston on the Way Forward on Consumer Privacy

INTERVIEW: Jennifer Huddleston (@jrhuddles) on Consumer Choice Radio

-Do we need a federal privacy law?

-There are innovative practices used by private companies. We should celebrate them.

-Why GDPR is so problematic

-The “Techlash” and the bad policy ideas from both left and right

-Data silos and how to maintain consumer privacy and innovation

-Errors of state-level privacy laws

Jennifer Huddleston is the Director of Technology and Innovation Policy at the American Action Forum

The impending war with big tech

The last few weeks have seen a substantial ramping up of rhetoric from Westminster towards big tech. Facebook’s dramatic show of power against – and subsequent capitulation to – the Australian government over its new law obliging it to pay news outlets to host their content made for gripping viewing, and it has since become clear that senior ministers across the British government were tuning in to the action.

Matt Hancock came bursting out of the blocks to declare himself a ‘great admirer’ of countries which have proposed laws forcing tech giants to pay for journalism. Rishi Sunak has been bigging-up this year’s G7 summit, which will be held in Cornwall. From the way he is talking, it sounds like he is preparing to lead an army of finance ministers from around the world into battle with Silicon Valley.

Meanwhile, Oliver Dowden, the cabinet minister with responsibility for media and technology, indicated that he has been chatting to his Australian counterparts to learn more about the thinking behind their policymaking process. He followed that up with a series of stark and very public warnings to the businesses themselves,promising to “keep a close eye” on Facebook and Twitter, voicing his “grave concern” over the way big tech companies are operating and threatening sanctions if they step out of line.

This one-way war of words comes against the backdrop of a menacing new regulatory body slowly looming into view. The Digital Markets Unit, a quango which is set to form part of the existing Competition and Markets Authority (CMA), will be the chief weapon in the government’s armoury. As things stand, we know very little about what it is intended to achieve.

Big tech in its current form is a young industry, still struggling with teething problems as it learns how to handle owning all the information in the world. There are plenty of areas where Facebook, Google, Amazon and countless others are arguably falling short in their practices, from users’ privacy to threats to journalists, which Dowden and others have picked up on.

But the natural instinct of state actors to step in has the potential to be cataclysmically damaging. The government is running out of patience with the free market and seems poised to intervene. Countless times, haphazard central policy has quashed innovation and sent private money tumbling out of the country. Against the backdrop of the forthcoming corporation tax rise, there is a fine balance to strike between effective regulation and excessive state interference.

The nature of government interventions is that they block innovation, and therefore progress. Superfluous regulation is like a dazed donkey milling about in the middle of the road, bringing the traffic to a halt. Of course, the donkey is then given a charity collection bucket and the power to oblige passers-by to contribute a slice of their income for the privilege of driving society forwards, generating unfathomable wealth and providing us all with access to free services which have improved our quality of life beyond measure.

As the government ponders the appropriate parameters of the new Digital Markets Unit and seeks to place arbitrary limits on what big tech companies can do for the first time in the history of their existence, it should consider users’ interests first. There is a strong case to be made for shoring up the rights of individuals and cracking down more harshly on abuse and other worrying trends. But let’s not fall into the same trap as our cousins Down Under in making online services more expensive to use and passing those costs down to consumers.

As the much-fabled ‘post-Brexit Global Britain’ begins to take shape, we have a valuable opportunity to set an example for the rest of the world on how to go about regulating the technology giants. The standards we will have to meet to do that are not terribly high. In essence, all the government needs to do is avoid the vast, swinging, ham-fisted meddling which has so often characterised attempts at regulation in the past and Britain can become something of a world leader in this field.

Originally published here.

ECJ Privacy Ruling Has Huge Costs

In July, the European Court of Justice struck down the Privacy Shield Agreement, used by companies to transfer data between the EU and the United States.

L’Inps ha (di nuovo) violato la privacy di milioni di italiani

In queste ore si chiedono a gran voce nomi e dimissioni di tutti e cinque parlamentari che hanno chiesto il bonus Inps da 600 euro. Nonostante questa scelta possa essere considerata inopportuna: “L’Inps e il suo presidente questa volta hanno superato ogni limite della legalità, violando la privacy di milioni di italiani”. Questa è l’opinione di Luca Bertoletti, responsabile Europeo del Consumer Choice Center.

Inps e privacy. Stavolta qualcosa proprio non va. In queste ore si chiedono a gran voce nomi e dimissioni di tutti e cinque parlamentari che hanno chiesto il bonus Inps da 600 euro. Nonostante questa scelta possa essere considerata inopportuna, e sicuramente è l’ennesima prova di una classe politica inadeguata:

l’Inps e il suo presidente Pasquale Tridico questa volta hanno superato ogni limite della legalità, violando la privacy di milioni di italiani“.

Questa è l’opinione di Luca Bertoletti, responsabile europeo del Consumer Choice Center, associazione internazionale di consumatori attiva soprattutto tra Stati Uniti e Canada, ma anche nell’America Latina e in Europa.

Trovando i nomi dei 5 politici, l’Inps ha violato anche la nostra privacy 

Non c’è stata nessuna violazione della legge e, seppur in modo quantomeno inopportuno, i tre parlamentari hanno ottenuto i soldi superando regolarmente tutti i controlli dell’Inps.

“Ma quindi -continua Bertoletti- adesso la domanda è: come mai l’Inps li ha segnalati? E soprattutto con quale potere l’Inps ha controllato il lavoro che questi individui fanno, violandone così la privacy?”.

“Dimissioni del presidente dell’Inps e indagine interna su come e chi ha violato la privacy dei cittadini”

Secondo il Consumer Choice Center, attivo anche sull’Asia e che si occupa prevalentemente di privacy, ma anche di nuove tecnologie (in particolare dello sviluppo sul 5G), per come stanno le cose diventa necessaria non solo un’indagine interna all’Inps, su come e chi ha controllato la vita privata di cittadini, scoprendo il lavoro che fanno, e facendolo trapelare ai media, ma anche le dimissioni immediate del Presidente dell’Inps Pasquale Tridico:

Tutela della privacy, cosa avrebbe dovuto fare l’Inps

“Da legge governativa l’Inps avrebbe dovuto semplicemente verificare i codici Ateco per ciascuna partita Iva. E basta”. E invece… “Per carità, in realtà l’Inps è stato bravissimo a recuperare l’identità dei parlamentari. Ma la legge non prevedeva in alcun modo di risalire a nomi e cognomi di ciascun codice Ateco”.

E allora la domanda è: con quali mezzi è riuscita a scoprire l’identità dei titolari della partita Iva, con buona pace della privacy, attraverso l’incrocio dei dati delle occupazioni vere dei titolari?

“Per farlo è evidente che è stato fatto un check a tappeto esteso su tutti i codici Ateco. Non essendoci tetti o paletti nella richiesta del bonus –poteva chiederlo chiunque avesse una partita iva attiva NdR– questi controlli non erano necessari”. 

Inps, che velocità nel risalire ai nomi e a consegnarli alla stampa!

L’altro aspetto della vicenda riguarda la velocità con cui i nomi sono stati consegnati alla stampa: “Con veline tipiche della prima repubblica, come se fosse stata una conferenza stampa -continua Bertoletti di Consumer Choice Center-. Se si considera il fatto che per ricevere la cassa integrazione e gli stessi bonus molti italiani, in questo caso gente che di soldi ne aveva bisogno per davvero, ha douto fare una trafila infinita e addirittura c’è chi ancora non ha ricevuto niente, altre che si sono ritrovati cognomi diversi o dati che appartenevano ad altre persone”.

Insomma, un organo come l’Inps, è così che la pensa Bertoletti, avrebbe dovuto fare una cosa sola. Abbinare il bonus al codice Ateco. E invece ha indagato nella privacy di ciascun codice e ciascuna partita Iva. Risalendo all’identità di ciascun codice e risalendo al titolare di ciascuna partita Iva, arrivando a scoprire i nomi dei parlamentari e dei politici, necessariamente andando ad abbinare un nome, un cognome e un volto di tutti i professionisti autonomi che avevano fatto richiesta. Un gran lavoro. Ma che la legge non prevedeva. Un lavoro inopportuno. 

Tra un mese il referendum: sarà un caso?

Il presidente dell’Inps Pasquale Tridico lo ha già detto e ribadito più volte in questi giorni: “Nessun collegamento tra il referendum di settembre e la comunicazione dei 5 parlamentari che hanno chiesto il bonus. Non è un caso montato. Chi proverà ad accusarci ancora sarà querelato“.

Luca Bertoletti di Consumer Choice Center risponde così:

“Beh, allora sicuramente è una coincidenza così evitiamo di essere querelati. Ma è una coincidenza che avviene il giorno dopo che la consulta ha detto sì all’Election Day, accorpando Elezioni Regionali e Referendum. E il giorno stesso in cui alcuni sondaggi davano in vantaggio il No dei cittadini al taglio dei parlamentari. Ma sicuramente è una coincidenza”.

Il ruolo dell’organo Inps sull’antifrode, anticorruzione e trasparenza

Altro paradosso: a scoprire i nomi dei parlamentari è stato l’organo dell’Inps sull’antifrode, anticorruzione e che tutela la trasparenza. Ma in questo caso non c’è frode né corruzione. I politici avevano tutto il diritto di chiedere il bonus. E neanche di mancanza di trasparenza si può parlare perché la trasparenza non era necessaria. Bastava il codice. E la partita iva aperta:

Aggiunge Bertoletti: “La narrativa mainstream è totalmente contro i cinque deputati e i vari migliaia di politici locali e regionali che piano piano si stanno autodenunciando. Ora, abbiamo scoperto che l’ufficio antifrode che controlla dati sensibili li ha rilasciati al pubblico. Ma la domanda è: non avrebbe dovuto invece semplicemente controllare che le partite iva fossero attive? E’ quei che sta una basilare violazione della privacy dei cittadini. Inps può fare tutti i controlli che vuole ma non è che se le mie idee sono contrarie a un comportamento considerato etico dalla maggior parte delle persone allora è autorizzata a dare il mio nome in pasto alla stampa”. 

La questione della privacy: così il Garante ha sbugiardato l’Inps

Il passaggio successivo allo scoperchiamento del vaso di pandora, e cioè la notizia della richiesta del bonus da parte di parlamentari e governatori regionali, con l’Inps che si è difesa dicendo: “Non diamo i nomi perché dobbiamo tutelare la privacy” è quello relativo al Garante. Che di fatto ha smentito categoricamente l’Inps.

Essendo personaggi pubblici, e siccome si parla di soldi pubblici, la loro identità, per come si sono messe le cose, si possono e si devono rivelare. Intanto però ha anche aperto un’istruttoria per capire con quali metodi si è risaliti alla scoperta dell’esistenza di una “classe” politica così ampia che ha fatto richiesta del bonus: “Un altro, l’ennesimo paradosso di questa storia: da una parte il Garante ha le mani legate. Perché in questo caso la privacy non vale più. Il problema sta alla radice, con la domanda da cui abbiamo iniziato la nostra riflessione, e cioe: come ha fatto l’Inps ha scoprire la loro identità?”.

Privacy violata: una delle pagine più tristi dell’Inps

Per Consumer Choice Center, si tratta di una delle pagine più tristi dell’Inps e che funge da perfetta fotografia di una macchina statale talmente contorta su se stessa che non è più neanche in grado di capire se quello che fa è lecito oppure no.

“Si parlava di organo che tutela e garantisce la trasparenza. Ma in questo caso chi si è macchiato di mancanza di trasparenza è proprio l’Inps, non i politici”.

Politici che, questa è la sensazione, riusciranno a farla franca anche questa volta. Probabilmente saranno cacciati dai loro partiti, questa è una delle minacce del leader della Lega Matteo Salvini. Ma in qualche modo riusciranno a mantenere il loro posto in Parlamento. “Non dimentichiamoci che questo caos sarebbe venuto ugualmente fuori a dicembre -conclude Bertoletti- quando i deputati sono obbligati a pubblicare i loro guadagni e il loro 730, dove ovviamente i 600 euro dell’Inps sarebbero stati necessariamente segnalati. 

Originally published here.


The Consumer Choice Center is the consumer advocacy group supporting lifestyle freedom, innovation, privacy, science, and consumer choice. The main policy areas we focus on are digital, mobility, lifestyle & consumer goods, and health & science.

The CCC represents consumers in over 100 countries across the globe. We closely monitor regulatory trends in Ottawa, Washington, Brussels, Geneva and other hotspots of regulation and inform and activate consumers to fight for #ConsumerChoice. Learn more at consumerchoicecenter.org

Après le coronavirus, faisons des améliorations à notre cadre législatif

Après des semaines de changements à notre façon de consommer, nous voyons qu’il y a des améliorations importantes à faire, en ce qui concerne nos chaînes d’approvisionnement et les moyens disponibles pour se procurer des produits et services. Profitons de cette phase de lucidité pour faire des changements appropriés.

Plusieurs semaines de confinement nous montrent que tout ne s’est pas
déplacé sur internet et qu’une présence physique est difficilement remplaçable avec une connexion internet. Tout de même, nous voyons aussi qu’il y a raison de se réjouir du fait que cette pandémie nous tombe dessus en 2020 et pas il y a vingt ans. Nous avons la possibilité de rechercher et commander des produits et services, presque sans
aucune nécessité de se déplacer.

Les outils de travail à distance tels que Zoom, Asana ou les outils de Google ont déjà révolutionné le monde du travail. La plupart des réunions peuvent
être converties en appel vidéo. Dans des pays comme le Royaume-Uni, les consommateurs peuvent dire que grâce à des services de livraison de produits alimentaires tels que Amazon Fresh etOcado, nous pouvons constituer une bonne quantité de réserves de conserves, de produits secs et de produits pour la salle de bains, sans même avoir à nous battre pour les
derniers produits dans certains supermarchés presque vides.

Au Luxembourg, où ces services n’existent pas, la question se pose si notre cadre réglementaire n’est pas à l’origine de ce défaut. L’absence de services comme Uber, ou les trottinettes électriques comme Bird, nous indique qu’une législation fautive est à l’origine de cette défaillance. Tant que des villes comme Bruxelles ou Paris bénéficie de l’économie de partage, les restaurateurs et la clientèle luxembour- geoises doivent se contenter de sites web incomplets de restau- rants, et l’HORESCA qui organise un service de livraison à 10 euros par commande (pour ceux qui n’ont pas de service intégré de livraison).

Il s’avère que les applications décentralisées sont mieux préparées pour faire face à des crises et la demande des clients. Un grand changement dans l’approvisionnement de produits et services est celui des médicaments et des services médicaux. Pendant la pandémie, nous voyons l’arrivée des télé-consultations, dont on espère qu’elles ne resteront pas une innovation temporaire. Afin de récupérer leurs ordonnances, les patients ont dû se déplacer en pharmacies — une obligation superflue.

Huit pays dans l’Union européenne donnent le droit à leurs citoyens de commander des médicaments sur ordonnance en ligne : le Royaume-Uni, l’Allemagne, la Suisse, les Pays-Bas, le Danemark, la Suède, la Finlande et l’Estonie. Au Luxembourg, le gouvernement nous informe que “Seuls les médicaments sans ordonnance peuvent être vendus sur internet. Il n’est pas prévu d’autoriser la vente à distance de médicaments sur ordonnance.” Espérons que la crise actuelle donnera la motivation nécessaire aux parlementaires de s’intéresser à une légalisation de ces services.

Au niveau de l’Agence européenne des médicaments (EMA), nous aurions besoin d’un audit pour comprendre pourquoi un fast-tracking des procé-
dures d’approbation n’a pas encore été possible. Dans une situation d’urgence comme celle du coronavirus, il nous faut des recherches efficaces, et une bureau- cratie qui autorise au plus vite les médicaments nécessaires. L’Agence luxembourgeoise des médicaments et des produits de santé (ALMPS) devra fonctionner d’après les mêmes principes : mettre la priorité pour maximiser le nombre de nouveaux médicaments sûrs, en réduisant les obstacles administratifs. En même temps, le Luxembourg doit aussi autoriser et encourager le “droit à l’essai” médical. La loi sur le droit d’essayer ou loi Trickett Wendler, Frank Mongiello, Jordan McLinn et Matthew Bellina, a été promulguée le 30 mai 2018 aux États-Unis. Cette loi est un autre moyen pour les patients chez qui on a diagnostiqué des maladies mortelles, qui ont essayé toutes les options de traitement approuvées et qui ne peuvent pas participer à un essai clinique, d’accéder à certains traitements non approuvés. Les essais cliniques permettent de savoir si un produit est sûr à l’emploi et peut traiter ou prévenir efficacement une maladie. Les personnes peuvent avoir de nom-
breuses raisons de participer à des essais cliniques.

En plus de contribuer aux connaissances médicales, certaines personnes participent à des essais cliniques parce qu’il n’existe aucun traitement pour leur maladie, que les traitements qu’elles ont essayés n’ont pas fonctionné ou qu’elles ne sont pas en mesure de tolérer les traitements actuels.

Au-delà, il faut aussi plus de cybersécurité chez les Luxembourgeois et les entreprises contre les cyberattaques qui se propagent lors de cette pandémie. La sécurité du réseau doit être garantie pour garder l’at-
tractivité de la place financière – pour ce faire, une exclusion de certains acteurs du marché de télécommunication, dont la Chine, ne doit pas être exclue. Et qui dit vie privé, doit aussi garantir une révision de la
Constitution qui met en évidence les idées reçues de cette crise, afin de prévenir encore plus les abus de pouvoir dans des urgences futures.


The Consumer Choice Center is the consumer advocacy group supporting lifestyle freedom, innovation, privacy, science, and consumer choice. The main policy areas we focus on are digital, mobility, lifestyle & consumer goods, and health & science.

The CCC represents consumers in over 100 countries across the globe. We closely monitor regulatory trends in Ottawa, Washington, Brussels, Geneva and other hotspots of regulation and inform and activate consumers to fight for #ConsumerChoice. Learn more at consumerchoicecenter.org

Consumer privacy must be priority

Nearly every day we hear of more major cases of identity theft, financial crime and other forms of attacks or malicious interference on the internet. Breaches become commonplace and lax standards leave consumers worried about how their information is safeguarded.

The colossal breaches at British Airways and Marriott and Starwood in 2018 compromised the private data of hundreds of millions customers, and dozens more cases have surfaced since.

Such incidents are evidence that consumer data security, and also consumer privacy, are not being taken seriously. The adoption of Internet of Things solutions and the highly anticipated rollout of very fast 5G networks will make consumers’ privacy even more vulnerable in the next few years.

President Trump’s executive order to prevent companies from buying hardware and software from telecommunications firms deemed a national security risk is at least one good step in protecting privacy, but it’s sad to see it had to come to that.

Trump is likely influenced by statements of FCC chairman Ajit Pai, who has warned against using telecom equipment vendors from China on the basis of both national security and concerns for privacy.

In one case last fall, it was reported that Chinese officials put immense pressure on specific private firms to include so-called backdoors in their software or devices, which may be exploited either by government agents alone or with a manufacturer’s help. That only provokes more questions as to the influence of the Chinese Community Party on the Chinese firms that sell abroad.

With that in mind, for the ordinary consumer looking to buy their next smartphone, laptop or WiFi router, how can they rest assured their privacy will be secured?

As a response to threats like this, Australia banned the Chinese network equipment manufacturer Huawei from its 5G network. The United States has effectively done the same. But blanket bans aren’t a silver bullet solution for safeguarding privacy and data security. A mix of solutions is needed.

What we need is a smart policy response that would induce companies to give sufficient weight to consumer data security, all the while achieving that goal without undue market distortions, wholesale bans of certain firms and the limiting of consumer choice.

Healthy competition between private enterprises is the best mechanism for the discovery of the right tools and applications for new tech gear. Keeping new regulation technology-neutral, and thus not deciding by law which technological solution is best, is a very good framework for consumer privacy.

The rules should be focused on outcomes and be as general as possible while still providing sufficient guidance. That means not just the biggest companies who can afford to comply will also have a chance.

At the same time, some kind of certification scheme, or even open source standard,  should be adopted to minimize the risk of any backdoors or other vulnerabilities. That said, perfect security cannot be guaranteed. But ensuring companies use encryption and secure methods of authentication should be on the table.

Ideally, there would also be more supply chain liability for telecommunications operators and infrastructure wholesalers. This would push companies to take consumer privacy and security more into account when making procurement decisions.

Outright bans motivated by security concerns have the same effects as trade restrictions in the context of a trade war. The first victim of any trade war are the consumers of the nation imposing tariffs and non-tariff barriers to trade. Unless there is no other workable solution and unless the evidence of a serious security risk is clear, we shouldn’t resort to bans.

The debate around 5G reminds us how vulnerable consumers are in a technologically and politically complex world.

Therefore, smart regulation is needed in order to protect consumers from data breaches and to prevent autocratic governments from spying on them.

By strengthening liability of companies for technological vulnerabilities and by creating good standards, both consumer choice and privacy can be ensured.

Blunt instruments like total bans based on country of origin or regulators picking the technological champions should be seen as measures of the last resort.

Read more here

Scroll to top