Lo scorso 30 marzo è stato pubblicato sulla Gazzetta Ufficiale il Regolamento di Banca d’Italia concernente il trattamento di dati personali effettuato nell’ambito della gestione degli esposti riguardanti la trasparenza delle condizioni contrattuali, la correttezza dei rapporti tra intermediari e clienti e i diritti e gli obblighi delle parti nella prestazione dei servizi di pagamento.

Come noto, Banca d’Italia (in qualità di Autorità di vigilanza bancaria e finanziaria) riceve numerose segnalazioni riguardanti la trasparenza delle condizioni contrattuali, la correttezza dei rapporti tra intermediari vigilati e clientela, nonché i diritti e gli obblighi delle parti nella prestazione dei servizi di pagamento.

Al fine di gestire detti esposti e vista l’ingente quantità di esposti che quotidianamente vengono trasmessi alle diverse filiali della Banca d’Italia, questa utilizza un sistema di IA al fine di ottimizzare il patrimonio informativo contenuto negli esposti, per poterne ricavare elementi utili su fenomeni d’interesse per l’attività di vigilanza che la stessa conduce sugli intermediari bancari e finanziari e, in particolare, al fine di: (i) individuare le fattispecie che presentano similarità; (ii) trarre informazioni utili per la trattazione dell’esposto e per l’attività di vigilanza.

In particolare, l’attività di analisi effettuata dall’IA viene effettuata attraverso l’uso di un motore di ricerca in grado di accedere ai documenti presentati all’Autorità e di ricercare tutte le informazioni presenti negli esposti riconducibili a un determinato servizio o prodotto finanziario. Successivamente, il sistema aggrega gli esposti in cluster (assegnando tag esemplificativi del contenuto) che, tuttavia, non sono determinati sulla base dei dati personali degli esponenti, né dei soggetti terzi.

In tal senso, è escluso che l’algoritmo possa effettuare una qualsiasi forma di profilazione o predizione di comportamenti delle persone fisiche che a vario titolo possono essere coinvolte nella vicenda. Tanto è confermato dalla circostanza che dai risultati dell’analisi non derivano conseguenze sanzionatorie o decisioni automatiche su sugli interessati, né impattano sulle decisioni rimesse alla Banca d’Italia in relazione agli esposti.

Nel Regolamento, l’Autorità approfondisce, inoltre, le misure di sicurezza implementate ai sensi dell’art. 32 del GDPR e, nello specifico, quelle applicate all’utilizzo dei sistemi di IA. In tal senso, è stato previsto il periodico monitoraggio e aggiornamento delle logiche che gli algoritmi di machine learning utilizzano su un determinato insieme di dati (cosiddetto “training dataset”), che, pertanto, sotto sottoposti ad un processo continuo di riaddestramento.

In tale contesto, l’algoritmo viene, pertanto, periodicamente riaddestrato non appena si ritiene che il set di informazioni (o l’interpretazione ad essi associata) possa impattare sui risultati delle analisi.

Inoltre, l’applicazione di machine learning è costruita in modo tale da fornire una “spiegazione” del funzionamento interno dell’algoritmo.

Ariella Fonsi

L'articolo UTILIZZO DI ALGORITMI DI CLUSTERING PER FINALITÁ DI INTERESSE PUBBLICO RILEVANTE NEL RECENTE REGOLAMENTO DI BANCA D’ITALIA proviene da E-Lex.

Today, the European Commission presented publicly for the first time an EU draft law on mandatory chat control. With the stated intention of fighting against “child pornography”, the Commission plans to oblige all providers of e-mail, chat and messaging services to search for suspicious messages in a fully automated way and disclose them to the police. This requires them to monitor and scan the communications of all citizens. End-to-end encryption would have to be undermined by “client-side” scanning on all mobile phones.

MEP and civil rights activist Dr Patrick Breyer (Pirate Party), who filed a lawsuit on Monday against the chat control already voluntarily practiced by Facebook/Meta, comments:

“Apart from ineffective web blocking, the proposed chat control threatens to destroy digital privacy of correspondence and secure encryption. Scanning personal cloud storage would result in the mass surveillance of private photos. Mandatory age verification would end anonymous communication. Appstore censorship would be the end of secure messenger apps and patronise young people. The proposal does not include the overdue obligation on law enforcement agencies to report and remove known abusive material on the net, nor does it provide for Europe-wide standards for effective prevention measures, victim support and counselling and effective criminal investigations. Von der Leyen continues to chart the territory of censorship, mass surveillance, anonymity bans and paternalism, while leaving the activities of child porn rings completely untouched. The proposed measures deprive the entire population of trust, self-determination and security on the net. This plan is nothing other than terrorism against our digital fundamental rights, which I will not relent to fight.

This Big Brother attack on our mobile phones, private messages and photos with the help of error-prone algorithms is a giant step towards a Chinese-style surveillance state. Chat control is like the post office opening and scanning all letters – ineffective and illegal. Even the most intimate nude photos and sex chats can suddenly end up with company personnel or the police. Those who destroy the digital secrecy of letters destroy trust. We all depend on the security and confidentiality of private communication: People in need, victims of abuse, children, the economy and also state authorities.”

Breyer summarises the content and effects of the bill in the following overview:

Voices against the proposed law are coming from across the board: EDRi has criticised the proposal would “allow the widespread scanning of people’s private communications” and “inevitably require the use of notoriously inaccurate AI-based scanning tools of our most intimate conversations”. The German Child Protection Association has also described the EU Commission’s planned warrantless scanning of private communication via messenger or email as disproportionate and not effective. Instead, they stress the majority of child pornography material is shared via platforms and forums. What was needed is “above all the expansion of human and technical resources at the law enforcement agencies, more visible police presence on the net, more state reporting offices and the decriminalisation of the dissemination of self-generated material among young people.”

In Berlin people today protested against the proposal.

patrick-breyer.de/en/eu-chat-c…

Next week on Wednesday (May 11), the EU Commission will present an EU draft law on mandatory chat control to the public for the first time. Similar to Apple’s highly controversial “SpyPhone” plans, the Commission wants to oblige all providers of email, chat and messaging services to search for suspicious messages in a fully automated way and forward them to the police in the fight against “child pornography”. This will require them to monitor and scan the communications of citizens en masse – even if they are still securely encrypted end-to-end so far.

MEP and civil rights activist Dr. Patrick Breyer (Pirate Party) comments:

“This spying attack on our private messages and photos by error-prone algorithms is a giant step towards a Chinese-style surveillance state. Will the next step be for the post office to open and scan all letters? Organized child porn rings don’t use email or messenger services, but darknet forums. With its plans to break secure encryption, the EU Commission is putting the overall security of our private communications and public networks, trade secrets and state secrets at risk to please short-term surveillance desires. Opening the door to foreign intelligence services and hackers is completely irresponsible. To stop chat control, the net community must go to the barricades as!”

In March, 35 organisations worldwide, including the German Lawyers Association, Digitale Gesellschaft, and the Committee to Protect Journalists (CPJ), had warned against the EU’s chat control law.

In an expert opinion, a former ECJ judge pointed out last year that the warrantless interception of private communications violates the case law of the European Court of Justice. According to a poll 72% of citizens oppose the indiscriminate scanning of their private communications. The German government coalition agreement states on the topic on chat control: “We reject measures to scan private communications.”

More info on chat control

patrick-breyer.de/en/chat-cont…

Le questioni legali, non le infrastrutture, ostacolano la ricerca nella rivoluzione dei dati sanitari

Secondo uno stakeholder finlandese, uno spazio europeo dei dati sanitari (EHDS) potrebbe avere un enorme impatto sulla ricerca sanitaria se riuscisse a superare le barriere all’uso secondario transfrontaliero dei dati sanitari e creare fiducia tra i cittadini. Queste barriere sono state analizzate dalla Joint Action Towards the European Health Data Space (TEHDAS) , coordinatore Markus Kalliola, project director per il progetto Health Data 2030 presso il Finnish Innovation Fund Sit EURACTIV in un’intervista.

Legal issues, not infrastructure hampers research in health data revolution

A European Health Data Space (EHDS) could enormously impact health research if it can overcome barriers to cross-border secondary use of health data and create trust amongst citizens, according to a Finnish health data stakeholder. These barriers have been carefully analysed by the Joint Action Towards the European Health Data Space (TEHDAS), coordinator Markus Kalliola, project director for the Health Data 2030 project at the Finnish Innovation Fund Sitra, told EURACTIV in an interview.

euractiv.com/section/health-co…

HDPA rilascia linee guida di conformità dei siti Web che utilizzano tracker

L’autorità ellenica per la protezione dei dati in Grecia ha pubblicato linee guida di conformità per i siti Web informativi che utilizzano tracker. L’autorità ha analizzato diversi siti Web e le loro modalità per ottenere il consenso all’uso dei tracker, in particolare i pop-up di cookie banner, osservando la non conformità in diversi punti del Regolamento generale sulla protezione dei dati dell’UE. L’HDPA ha affermato di aver condotto un audit di 30 siti Web, concedendo loro 15 giorni per essere conformi. Tutti i siti Web, con un’eccezione, lo hanno fatto entro la scadenza. L’autorità esorta tutti i siti web ad adeguarsi alle linee guida.

euractiv.com/section/health-co…

HDPA releases guidelines on website-tracking compliance

The Hellenic Data Protection Authority in Greece released compliance guidelines for informational websites using trackers. The authority observed several websites whose methods for obtaining consent to use trackers — specifically, cookie banner pop-ups — did not comply with several points of the EU General Data Protection Regulation. The HDPA said it conducted an audit of 30 informative websites, giving them 15 days to achieve compliance. All websites, with one exception, did so by the deadline. The authority urges all websites to adapt to the guidelines.

iapp.org/news/a/hdpa-releases-…

EDPB discute le sanzioni GDPR, l’uso del riconoscimento facciale da parte delle forze dell’ordine

Il Comitato europeo per la protezione dei dati ha annunciato che le linee guida per il calcolo delle sanzioni amministrative ai sensi del regolamento generale sulla protezione dei dati dell’UE saranno discusse durante la sessione plenaria del 12 maggio. L’EDPB discuterà anche le linee guida sull’uso della tecnologia di riconoscimento facciale da parte delle forze dell’ordine e la prossima conferenza di giugno “Il futuro della protezione dei dati: un’applicazione efficace nel mondo digitale”.

EDPB to discuss GDPR fines, law enforcement facial recognition use

The European Data Protection Board announced guidelines for calculating administrative fines under the EU General Data Protection Regulation will be discussed during its May 12 plenary session. The EDPB will also discuss guidelines around law enforcement’s use of facial recognition technology and the upcoming June conference “The Future of Data Protection — Effective enforcement in the digital world.”

iapp.org/news/a/edpb-to-discus…

guidoscorza.it/privacy-daily-1…

👉Your Chance to join the @noybeu Team as a #Trainee! 😊

We are looking for young lawyers that want to gain experience in #GDPR litigation and enforcement.

⏩Find out more & apply now for May 2022 onward at noyb.eu/en/traineeship

mastodon.social/@noybeu/108277…

Yesterday, Member of the European Parliament and digital freedom fighter Patrick Breyer (Pirate Party) filed an action for an injunction against the so-called chat control against Facebook’s parent company Meta Platforms Ireland Limited at Kiel District Court. As a user of “Facebook Messenger”, Breyer is suing against the suspicionless automated search of private chat histories and photos. While the automated searches of personal messages and chats is so far only practised by major US providers, the EU Commission is to propose tomorrow to make this mandatory for all providers of e-mail, messenger and chat services.

Plaintiff Patrick Breyer comments:

“This Big Brother attack by unleashing error-prone algorithms on our cell phones, private messages and photos is a giant step toward a Chinese-style surveillance state. Chat control is like the post office opening and scanning all letters – ineffective and illegal. I will not stand by idly and watch the dismantelling of the fundamental right to digital privacy of correspondence. I will now involve the judiciary.

With chat control in place even the most intimate nude photos and sex chats can suddenly end up with company personnel or the police. Destroying the digital secrecy of correspondence is destroying trust. We all depend on the security and confidentiality of private communication: People in need, victims of abuse, children, the economy and also government authorities.

Organized child porn rings don’t use e-mail or messenger services, but rather secret self-operated forums. With its plans for chat control, the EU Commission is putting the general security of our private communications and public networks, business secrets and state secrets at risk out of short-term surveillance desires. What we need is removals instead of snooping!”

At Breyer’s request, Europol had previously admitted not to report known CSEM for deletion.

Breyer’s lawyer Prof. Dr. Ralph Wagner explains:

“While EU politicians on the one hand claim to protect us from assaults by Facebook, Google and Co., they are at the same time commissioning these same companies to screen and monitor all our communications. The fact that the European Court of Justice (and the courts of many EU member states) has already prohibited such total surveillance on several occasions is simply brushed aside. Then, unfortunately, the only option is to go back to the courts.

Whoever is serious about data protection, with the least bureaucratic burden possible, and wants to protect civil liberties, must not screen all of our communications and then also commission Facebook to do the same.”

Tomorrow, the EU Commission will publicly present its draft EU law on mandatory chat control. The law would require all providers of email, messenger and chat services to conduct mass chat checks and would undermine secure end-to-end encryption.

EDRi has criticised chat control as the “inevitable result of such technologies” and stresses these “would be unthinkable for those that are wrongly accused. The German Child Protection Association has also denounced the EU Commission’s plan to scan private communications via messenger or email without any reason as disproportionate and ineffective. Instead, it says, that the majority of child pornography material is shared via platforms and forums. What is needed “above all is the expansion of human and technical resources at law enforcement agencies, more visible police presence on the net, more state reporting offices, and the decriminalisation of the dissemination of self-generated material among young people.”

Breyer’s information page on chat control

patrick-breyer.de/en/destructi…

Limousine Beach \ Gengis Khan : Cosa direste se vi proponessero un gruppo musicale che riuscisse a fondere Thin Lizzy, Kiss, Van Halen e il glam rock anni settanta ?

iyezine.com/the-queen-is-dead-…

The Queen is Dead 49 - Limousine Beach Gengis Khan

Limousine Beach Gengis Khan : Cosa direste se vi proponessero un gruppo musicale che riuscisse a fondere Thin Lizzy, Kiss, Van Halen e il glam rock anni settanta ?

^{In Your Eyes ezine}