Italian Data Commisisoner representative view --
Why privacy matters

Notes by Mr. Luigi Montouri from the Office of the Italian Data Protection Authority.

Based on attendance at ICX Privacy Code of Conduct workshop
Den Haag on 15.12.99).

The word privacy has become a familiar term even in non-English speaking countries. Indeed, it is mentioned every day in radio and TV programmes; it can be read in newspaper articles; there are actually a number of books dealing with privacy. A peculiar feature of this word is that it is often used jointly with many others: health, the Internet, banking, insurance, police archives, historical research, journalism, videosurveillance, TLCs, marketing, e-commerce, etc..

In short, privacy is related to a wide range of activities; above all, it is a constant feature in our social, professional and private life.

Starting from the 1981 Strasbourg Convention - which marked a major turning point in Europe as regards the protection of fundamental rights -, there have been for the past few years a number of initiatives leading to a common stance on privacy in all EU countries.

Indeed, one might argue this is one of the most peculiar features of Europe as compared with the rest of the world. Other countries are looking with great interest and attention to the activity in progress in EU Member States, where EC Directive 95/46 is being transposed. And it is not simply a matter of legislating, but rather of developing codes of conduct, contract models and other specific instruments. The activity of ICX is an evident example.

Thus, privacy was initially regarded as a world-wide enforceable value, and has subsequently become a right to be safeguarded and protected.

I believe that the establishment of this right was bound to lead to opposition - as has always been the case with major social changes and developments -, such opposition being often the result of misunderstandings as to the actual meaning of privacy.

I believe that Professor Rodota, the President of the Italian Data Protection Commission, pointed to one of the core issues when he said, in the speech delivered on the occasion of submitting the Commission's Annual Report to Parliament, in 1997, that "the protection of personal data rests nowadays on two pillars: confidentiality and control. Silence becomes the former, whereas transparency befits the latter". Indeed, the initial concept of privacy is no longer appropriate: privacy cannot work alone. The "right to be left alone", that is to say, the right to be protected against another's indiscreet attention, has long been superseded. Today, it is fundamental to ensure that each of us can keep under control one's own information - above all, the way in which others can use such information.

Thus, the privacy concept is taking on a new meaning exactly at a time when information exchange is reaching unprecedented levels.

The exchange of information does not simply concern "business": in fact, it also applies to a person's social life, it being necessary every day to exchange data and information in order to cope with multifarious requirements.

Privacy is not aimed at shrouding our life in silence, nor should it be seen as something implying the dramatic severance of the link between an individual and the rest of society.

We believe that privacy is something different, something definitely superior in its nature. Privacy is the tool we need to build up the social link I have just mentioned, by retaining the power of controlling the entities who are in the possession of personal information. Only in this way will it be possible for a person to fully re-establish his/her own sovereignty, by deciding who should use his/her personal data as well as how and for what purposes these data can be processed.

There is currently no alternative to control, as we are faced with types of data processing which would have been unimaginable up to a few years ago. Only think that in modern society it may be difficult to fully realise one's own identity within a system for the collection of information which is grounded on the processing of such information with a view to breaking it down, disseminating data, categorising things.

Our data end up with being collected by a wide range of public and private entities which keep them for a number of different purposes - so that a person's identity is broken down into many different data banks. This will tend to facilitate the circulation of automated personality profiles, which entails the risk of affecting a person's image by eliminating fundamental traits of his/her personality.

A given person's data can be found in a specific data bank where (s)he is only regarded from the viewpoint of his/her habits, tastes, interests, and maybe in another data bank including information on his/her creditworthiness, and in yet another one in which medical status or criminal records are described.
Within this framework, it is absolutely necessary for citizens to be aware of their new rights and to be taught how to use them. These rights are grounded on control and allow a person to be informed on the use of his/her data, supplement the relevant information, object to its processing, have the information cancelled under specific circumstances and have it kept for a limited period - up to the prohibition of taking judicial/administrative decisions based solely on the automated processing of personal data. These tools will enable a person to be considered as a whole, rather than as a composite puzzle of different elements.
This is privacy, too.

© Copyright January 2000. Mr Luigi Montuori and International Commerce Exchange Ltd.

How to obtain a copy of the Privacy Code of Conduct:
The ICX Privacy Code of Conduct is being constantly updated and we are now working on revising the 18 Applicable Laws (15 EU countries and 3 EEA countries). If you have an interest and would like to join the Work Group, please send an e-mail to: info@icx.org.uk