The Annual Report of the Italian Authority for the Protection of Personal Data, presented recently to the Italian Parliament, has been enhanced by two booklets of documentation on cloud computing and smartphones and tablets that provide directions for greater awareness in the use of these new tools.
The Authority’s attention focuses on the world of so-called apps (applications) with regard to tablets and smartphones.
The methods for acquiring and distributing these particular types of software are centralized and usually controlled by a number of parties such as the producer of the device, the producer of the operating system, the telephone operator and the operator of the application market, for example the Apple store.
The increasingly widespread appearance of smartphones has triggered such major growth that the most important application markets now have a portfolio that may well exceed tens of thousands of applications and which appears able to offer services to satisfy the user’s everyday needs ranging from work to socializing, health and entertainment.
The use of apps of course implies the elaboration and processing of user data, which may be personal, confidential and even sensitive. In many cases data is archived and stored on the device, but more and more often use is made of mobile applications the use of which implies that personal information is moved or copied to the cloud of the service provider.
The analysis of such services brings to light a number of critical aspects of the use of this new generation of devices: they are pervasive, and their default settings encourage the outsourcing and exchanging of data belonging to distinctly separate parts of the user’s life.
According to the Authority, the main threat to the security of user data derives from the lack of transparency in the operating procedures of the applications and is seen in the impossibility for users to keep control of the disclosure of their details to third parties and in certain technical elements concerning software security.
How can better guarantees be provided for users? The Authority suggests that a combination of technical solutions and contractual norms be included in the application’s chain of procedures, which starts from the developer and after passing through various intermediaries, finally arrives at the end user.
It is vital, however, that users are put in the position of being able to take responsible decisions on the best use of their personal data.
In this regard, the Authority’s intention is to strive to increase user awareness of the specific uses of applications that collect private data (ranging from contacts to geographical location, consumer habits and behavioural patterns, to health-related data and social activities) and the eventuality that such data might be made “public”, namely communicated to others, whether for commercial or other purposes, even for unlimited periods of time and even after the user has stopped using the application.
Therefore, to use the metaphor expressed by the Authority’s President Francesco Pizzetti during the presentation of the report, it is necessary for users to be aware of the risk of being ““Electronic Hop-o’-My-Thumbs”, who are often unaware that they leave digital traces of their actions.