Privacy, a bulwark against the excessive power of technology: the 2022 annual report of the Privacy Guarantor

There are echoes of the twentieth century, of world wars and of the great European dictatorships fears that the Privacy Guarantor, Pasquale Stanzione, launches today in his annual report, in Parliament. The shadows come from the crescent power of algorithms. “While the almost anti-historical images of tanks deployed between trenches and disputed borders scroll across the screens, the unfounded fear of a delegation to the algorithm of military choices”, says the president of the Privacy Guarantor Authority in the first lines of his speech. “The Secretary-General of the United Nations has expressed concern about the potential application of artificial intelligence in the arms sector, calling for the definition of ‘some red lines'”.

A transforming privacy

In short, autonomous weapons that choose for themselves when to kill. It may come as a surprise that this is one of the first concerns mentioned by the Authority in its annual report; but it is a sign of profound transformations that privacy has had in recent years, as Stanzione says. She has become the bulwark for personal protection, of everyone’s freedom, compared to the overwhelming power of technology. Technological progress, with new weapons, already in the first and second world wars amplified the devastating consequences of the conflicts. But it also favored the birth of a first surveillance apparatus. On both fronts, the Guarantor sees the main dark sides of artificial intelligence. The temptation to erode the heart of freedom in the name of a presumed greater security is always present. Station called back the interventions of the Guarantorin 2022, to block local authorities who wanted to carry out mass surveillance with intelligent facial recognition or had devised the first “social scoring” devices, profiling citizens based on their social behavior, again thanks to algorithms. However, the Guarantor already sees the first signs of an antidote to these risks. The arrival of the European AI Act regulation (now in draft) and the interest declared by US President Joe Biden to regulate artificial intelligence to make it reliable, adequate for human rights.

A growing business

The activity of the Guarantor, national and in collaboration with other Authorities, is certain destined to grow. In 2022 penalties levied have been about 9 million 500 thousand euros, reads the annual report. The inspections in 2022 were 140, almost tripled compared to those of the previous year in which the impact of the pandemic emergency was still being felt. The investigations carried out, also with the contribution of the special unit for the protection of privacy and technological frauds of the Guardia di Finanza, concerned various sectors, both in the public and private sectors: in particular, telemarketing, public cloud, websites and use of cookies, video surveillance, even in the workplace. “Particular attention has been paid to the use of biometric data and the spread of facial recognition systems. In this context, in particular, the Authority has fined the US company Clearview for 20 million euros, forbidding the use of biometric data and the monitoring of Italians”, we read.

The protection of minors

“On the front of online protection of minors the past year continued the action of supervision of the age of registration to social networks, also through age verification systems. The working table set up with the recent memorandum of understanding between the Guarantor and Agcom is moving in this direction”. “After the halt of the Guarantor Tik Tok suspended the sending of personalized advertising based on legitimate interest. In addition to an inadequate legal basis, there were, in fact, serious risks that advertising could reach very young people with inappropriate content”. Social, therefore, and artificial intelligence are the main fronts of attention on technology. “Regarding ithe Chatgpt case the intervention of the Guarantor made it possible to direct the development of this form of generative artificial intelligence in a direction compatible with the protection of people, especially minors. Fundamental too stop against the Replika chatbota sort of virtual friend, who presented too many risks for minors and emotionally fragile people”, we read.

Between child pornography and cyber security

Unfortunately, it also registers online the increase in sexual crimes and child pornography. “To counter the phenomenon of revenge porn and help people who fear the dissemination of photos and videos with sexually explicit content, the Guarantor has introduced an electronic reporting model and the possibility of sending the hash code of the images to the platforms instead of unencrypted copies. The reports received, around 150, were dealt with promptly and in most cases the examination ended with a direct provision to the platforms involved to obtain a preventive block on the dissemination of photos and videos. A new front is that of cybersecurity in collaboration between the Authority and the National Cyber ​​Agency.
“In this regard, the number of data breaches notified to the Guarantor in 2022 by public and private entities is significant: 1351. In the public sector (31.2% of cases), the violations mainly concerned municipalities, schools and health facilities, in the private sector (68.8% of cases) both SMEs and professionals as well as large companies in the telecommunications, energy, banking and services sectors were involved. In the most serious cases, sanctions have been adopted. Just last night the news of an attack on a hospital in Naples, Luigi Valvitelli, which suffered a loss of data due to a cyber attack.

The Justice Knot

In the justice sector, theAuthority intervenedespecially on the topics of interceptions and digitization of criminal justice. Also relevant is the intervention on the subject of restorative justice whose discipline assigns a central role to the confidentiality duties of the mediator. Several interventions regarding the digital healthcare. Among these, two unfavorable opinions should be highlighted: one on the Electronic Health Record and another on the Health Data Ecosystem, in both cases the Guarantor has identified numerous critical issues. In terms of predictive medicine, three healthcare companies were sanctioned. And in addition to new problems, there are also old ones still to be solved. Like the very serious one of the telemarketing illicit, where the Guarantor has recently resumed a strong sanctioning activity. While waiting to find a real solution, which could come from the next code of conduct among all market players. From the bioethics to artificial intelligence, from the private powers of platforms to cyberbullying; from hate speech to oblivion; from the digital invisibles of the gig economy to telemedicine: in all these and other contexts the Guarantor provides his contribution”, summarizes Stanzione at the end of his speech to Parliament. Objective, to protect those that the Guarantor (also in the title of the speech) calls “digital solitude (due to lack of protection, due to cognitive asymmetries, out of necessity) as subjection to the power of others. Loneliness – Michel Foucault wrote – is the first condition of total submission”. “Fighting it, to protect the freedom and dignity of the person, is the objective that the Guarantor pursues every day, also and above all thanks to the precious work of the entire staff, whom I want to sincerely thank here, together with the College and the Secretary General. And I also thank the Authorities who have intended to offer us support in various ways, as well as the body of the Guardia di Finanza, for their now customary collaboration”, concludes Stanzione.