Mario Viola de Azevedo Cunha

The Italian Google-Case: Privacy, Freedom of Speech and Responsibility of Providers for User-Generated Contents

In a recent decision of the Tribunal of Milan three Google executives were convicted for violating data protection, in connection with the on-line posting of a video showing a disabled person being bullied and insulted. This paper, after illustrating the facts of the case and the reasoning of the judge, discusses the main issue at stake, namely, the role and responsibilities of providers of platforms for user-created contents with regard to violations of data privacy.

Market integration through data protection : an analysis of the insurance and financial industries in the EU

Introduction.- Chapter I - The Protection Of Personal Data: Evolution And Standards In Europe.- Chapter II - Data Protection And The Insurance, Banking And Credit Reporting Industries.- Chapter III - Data Protection Systems In The European Union: The French Experience.- Chapter IV - Data Protection Systems In The European Union: The Uk Experience.- Chapter V - Data Protection Systems In The European Union: The Italian Experience .- Chapter VI - The Differences Between The Selected Member States And The Recommendations For A Further Harmonisation In The Post Lisbon Era.

The Protection of Personal Data: Evolution and Standards in Europe

This chapter deals with the evolution of the right to privacy, focusing on the last few decades, taking into account the development of new technologies and the threats security issues pose to privacy. It starts by giving an overview of the discussions on the right to privacy and to data protection, presenting a brief distinction between the European and the North American approach to that subject. Then, it concentrates on the European Framework of Data Protection, both at the Council of Europe and at the European Union levels, analysing its main legal instruments, with particular emphasis on Directive 95/46/EC because it is the one which applies to the processings of personal data carried out by the case studies of this book. Regarding this latter Directive, the book focuses on the legal grounds for data processing, on storage and data transfer issues—including the adequacy procedure—and on institutional and regulatory bodies.

Data Protection Systems in the European Union: The French Experience

The objective of this chapter is to analyse the UK data protection system in order to allow a comparative exercise with the experience of the other two selected EU Member States (France and Italy), with an eye towards possible improvements of the EU Data Protection Framework. Firstly, five main aspects will be analysed, namely the role of the data protection authority, the concept of personal data, data subjects’ rights, the processing of sensitive data and the processing by the case-studies (banking, credit information suppliers and insurance industries). Then it will concentrate on the scope of consent and on data protection principles, because the way they are dealt with by the UK Data Protection Framework differ—to a larger or small extent—from the provisions contained in Directive 95/46/EC

Data Protection Systems in the European Union: The Italian Experience

The objective of this chapter is to analyse the Italian data protection system in order to allow a comparative exercise with the experience of the other two selected EU Member States (France and UK), with an eye towards possible improvements of the EU Data Protection Framework. Firstly, five main aspects will be analysed, namely the role of the data protection authority, the concept of personal data, data subjects’ rights, the processing of sensitive data and the processing by the case-studies (banking, credit information suppliers and insurance industries). Then it will concentrate on codes of conduct and on necessity and data minimisation principles

The Differences Between the Selected Member States and the Recommendations for a Further Harmonisation in the Post Lisbon Era

In this chapter I will make some recommendations that impact on all processing of personal data, taking on board the ‘improvements’ currently incorporated by the EU Commission Proposal for a General Data Protection Regulation. However, they are made from the perspective of the selected industries, i.e., they are concentrated on the three sectors that were analysed in this book: insurance, banking, and credit reporting. Although these recommendations are not exhaustive, since they are limited by the scope of this book, they intend to contribute to the debate about the review of the General Data Protection Directive in the post Lisbon Treaty era. The recommendations will concentrate on the following topics: concept of personal data, consent, the data protection officer, the mutual recognition system, and codes of conduct.

Data Protection and the Insurance, Banking and Credit Reporting Industries

In Chap. 1 the data protection framework at the EU level was analysed in order “to prepare the field” for the analysis which will be carried out in this chapter. Here the focus will be the processing of personal data that takes place in the financial, insurance and credit reporting industries. The insurance industry and the banking sector use personal data to develop their activities with more efficiency, and the credit information suppliers are an important part of this mechanism, since they help banks and insurance companies in their search for personal data about their potential customers. This chapter will concentrate on the more sensitive issues that arise from the processing of personal data carried out by these industries, such as the processing of sensitive and genetic data—including the discussions about adverse selection, generalisation and discrimination.