Garante per la protezione dei dati personali - 9356568
|Garante per la protezione dei dati personali - 9356568|
|Authority:||Garante per la protezione dei dati personali (Italy)|
|Relevant Law:||Article 36 GDPR|
Article 36(5) GDPR
|National Case Number/Name:||9356568|
|European Case Law Identifier:||n/a|
|Original Source:||Garante per la protezione dei dati personali (in IT)|
The Garante per la protezione dei dati personali has authorised the Ministry of Health to initiate the processing of the Covid-19 alert system (through the app "Immuni"). The Garante has, however, decided to impose a series of further measures aimed at strengthening the security of the processing.
English Summary[edit | edit source]
Facts[edit | edit source]
Under Article 36(5) GDPR, the Italian Ministry of Health has submitted the Data Protection Impact Assessment of the "Covid-19 Alert System" (and its official mobile application “Immuni”).
The impact assessment, “supported by extensive documentation”, describes the technical and organizational measures adopted by the Ministry in order to ensure an appropriate level of security of the processing.
Dispute[edit | edit source]
In accordance with Article 36 GDPR, the Garante must decide on the adequacy of the intended processing under the GDPR.
Holding[edit | edit source]
After careful examination, the Garante authorized the processing whilst prescribing further safeguards to be implemented within thirty days of the decision. Main integrations requested are as follows:
- Describe the algorithm punctually within the Data Protection Impact Assessment, specifying configuration parameters, assumptions and other factors, and making it available to the scientific community;
- Users should receive clear and intelligible information about the algorithm, also by means of infographics and similar tools;
- Inform users about the possibility that the app generates exposure notifications that do not always reflect an actual risk condition (false "positives");
- Allow users to temporarily deactivate the app it through an easily accessible function;
- Identify appropriate methods to protect the analytics in the app backend, avoiding any form of re-association to identifiable subjects, also adopting appropriate security measures and anonymisation techniques, to be identified according to the specific purposes actually pursued, in compliance with the principles of privacy by design and by default;
- Integrate the impact assessment and privacy policies in relation to how to exercise the right of deletion and objection;
- Integrate the impact assessment and describe in further details the role of processors and other subjects involved in the processing activities, highlighting the existence of any risks for the data subjects;
- Only store the users' IP addresses to the extent strictly necessary for the detection of anomalies and attacks, and then have them deleted;
- Implement measures to ensure the tracking of operations carried out by system administrators on operating systems, network and databases (not only log in/off).
Comment[edit | edit source]
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Italian original. Please refer to the Italian original for more details.