Position of the Guarantor on the changes made to the DL
With the memory to the Labor and Social Affairs Committees of the Chamber of Deputies the President of the Guarantor for the protection of personal data has made known the 6 last March, its position on the changes made to the DL 28 January 2019, n. 4, on the income of citizenship, in the process of conversion into law, especially in light of what has already been done regarding the processing of personal data with memory of the 8 last February, on the compliance of the provisions governing the RdC with the legislation on protection of personal data.
In essence, the Chairman expresses his satisfaction with the transposition by the legislator, in the conversion of the decree into law, of most of the comments made, either directly modifying the regulatory framework of the conversion law or by delegating to subsequent regulatory acts, from issue after consultation with the Guarantor, the practical application of certain complex protection mechanisms, through the preparation of technical and organizational security measures suitable for the protection of information from the risk of unauthorized access or cyber attacks.
In particular, it was established a single information system for the DRC, in order to facilitate checks and data protection, giving it only the information strictly necessary for the implementation of the measure (so-called data minimization principle); the interoperability between the various systems that make up the single information system will be established by a Decree to be issued following the opinion of the Guarantor.
It has been resized, based on the observations of the Guarantor, the expense monitoring system that you can do with the card making available to the beneficiary, so that the checks are carried out only on the total amounts spent and withdrawn according to the procedures defined by the Decree, subject to the opinion of the Guarantor; moreover, the possibility that the consumption choices made by the owners of the companies is no longer contemplated card they are subjected to the evaluation of third parties, even if the purpose is to detect anomalies that can be sanctioned by law.
The whole system regarding the discipline of issuing ISEE certificates has been revised, which, in the opinion of the Guarantor, exposed to unauthorized subjects to risks of unauthorized access, not interested in the benefit, as it allowed, even indirectly, access to the archive of the financial reports of the Revenue Agency.
It flies, i controls by the Ministry of Labor on any fraudulent behavior will be carried out allowing Inspectors access to information in the INPS availability. The list of information can be integrated with the Decree to be adopted after the opinion of the Guarantor.
To the Guarantor perplexities remain on the technical implementation methods of the Government website dedicated to the RdC, in particular for the transmission to third parties of navigation data of visitors of the site itself (IP addresses and connection times), with what it entails in terms of risk of profiling, to protect citizens' rights.