Lettera aperta: appello per uno spazio collaborativo di FAQ sulla protezione dei dati

Chiediamo alla comunità internazionale di esperti in materia di privacy e IT di stabilire una base di conoscenze collaborative su Internet per la protezione dei dati (GDPR FAQ).

A programmer working alone from home
Un programmatore che lavora da solo da casa.
Versione in lingua Inglese Francese Tedesco Italiano
on-line :gb: aperto :fr: aperto :de: aperto :it: aperto
PDF :gb: aperto :fr: aperto :de: aperto :it: aperto
Bruxelles, 6 giugno 2018

Cari professionisti della protezione dei dati e dell’IT,

Il nuovo Regolamento Generale sulla Protezione dei Dati (in breve RGPD) si applica a decorrere dal 25 maggio 2018. È costituito da 99 articoli e 173 considerando che occupano 88 pagine nella pubblicazione ufficiale. A differenza di un documento di normalizzazione tecnica, molti di questi articoli devono essere prima interpretati alla luce della giurisprudenza già consolidata e dei pareri precedentemente emanati dalle autorità di protezione dei dati. Di conseguenza, persino questioni di conformità per applicazioni relativamente semplici come una mailing list non possono essere risolti senza uno studio approfondito di diversi documenti giuridici. Concetti complessi come la privacy by design e la pseudonimizzazione sono fonte di molte domande a cui si deve ancora rispondere.

Allo stesso tempo, da molti anni nel settore dell’alta tecnologia si lavora a soluzioni agili che permettano la raccolta e il trattamento dei dati personali. Grazie a Google Sheets, Doodle, Mailchimp, o Wordpress, anche i non esperti, oggigiorno, possono diventare responsabili del trattamento di dati personali in pochi clic o passaggi. Lo sviluppo di protocolli peer-to-peer per database modulabili, come Bitcoin, Dat o IPFS, è in grado di ridurre ulteriormente le difficoltà iniziali per diventare responsabile del trattamento di dati, fino ad uno stadio di inconsapevolezza del responsabile.

Offener Brief: Aufruf zur Gründung einer kollaborativen FAQ für Datenschutz

Wir rufen die internationale Gemeinschaft der Datenschutz- und IT-Experten zur Gründung einer kollaborativen Internet-Wissensdatenbank zum Thema Datenschutz auf (GDPR FAQ/DSGVO FAQ).

A programmer working alone from home
A programmer working alone from home.
Sprachversionen Englisch Französisch Deutsch Italienisch
Online :gb: öffnen :fr: öffnen :de: öffnen :it: öffnen
PDF :gb: öffnen :fr: öffnen :de: öffnen :it: öffnen
Brüssel, den 6. Juni 2018

Sehr geehrte Datenschutz- und IT-Expert_innen,

Die neue EU-Datenschutz-Grundverordnung (DSGVO) gilt ab dem 25. Mai 2018. Sie besteht aus 99 Artikeln und 173 Erwägungsgründen und umfasst 88 Seiten in der amtlichen Fassung. Anders als technische Normen ist die DSGVO ein Gesetz und wird von der Rechtsprechung und den Rechtsanwender, allen voran den Datenschutzbehörden, durch Urteile bzw. Stellungnahmen ausgelegt. Dadurch können auch Fragen zu simplen Anwendungen wie Mailinglisten nicht ohne gründliches Studium vieler Rechtsdokumente beantwortet werden. Komplexe Konzepte wie Privacy by Design oder Pseudonymisierung sind erst recht Quelle vieler Fragen, die es zu beantworten gilt.

Gleichzeitig arbeiten Technologiefirmen schon seit Jahren an Lösungen, um die Verarbeitung von persönlichen Daten relativ einfach zu gestalten. Dank Google Sheets, Doodle, Mailchimp oder Wordpress können heutzutage auch Nicht-Experten mit wenigen Klicks zu Verantwortlichen im Sinne der DSGVO zu werden. Peer-to-Peer-Protokolle für verteilte Datenbanken, z.B. Bitcoin, Dat oder IPFS könnten die Zugangsbarrieren weiter abbauen—bis hin zur Unmerklichkeit der Verarbeitung seitens der Verantwortliche.

First Gem: jekyll-onebox

I published my first Ruby gem. The Liquid tag jekyll-onebox allows to display HTML previews (embeds) for links to popular websites.

Initially, I wanted to blog about my travels. In the end, I refactored old code on my computer to publish eventually my first Ruby gem in the official repo at RubyGems. Welcome now jekyll-onebox on Github and RubyGems! :tada: :clap:

So if you use Jekyll for blogging, you can install this plugin and add HTML previews for links to popular websites very easily.

Security Issues due to bad Mail Practices: The LyonMUN case

So many associations use GMail for their general communication with members. Often, this comprises the sending of newsletters. Recently, the organisers of the UN politics simulation MUN LyonMUN leaked this way by accident a large number of participants mail addresses (mine as well). I decided to raise awareness of the security risks by a little experiment and also to test the reaction of the organisers.

Incident

On Friday 0:251, I received a mail from the organisers of this year’s [Model United Nations] (MUN) conference in Lyon called LyonMUN. The mail has been sent from lyonmun2017@gmail.com to 222 people, that either participated in earlier editions in the conference or already signed up for this year’s edition. Purpose of the mailing: promote the upcoming edition and urge people to pay the conference fees.

The problems in here are:

  • The sender mail address is difficult to verify (I come back to this later).
  • All 222 people have now the mail addresses of all others. That means, many personal mail addresses have been assumably accidentally leaked by the organisers.

Due to the way mail works, you cannot undo a mail once it has been sent. The only possible measures are to inform the data subjects in a transparent manner on the incident and potential security implications and to take precautions to prevent future incidents.

I made a bad experience when I made during the last year’s edition LyonMUN 2016 in the role of a participant the remark that one aspect of their conference may intimidate the participants: They offered to allow sending anonymously roses to individual participants with a message read out loud by the organisers in front of the assembly without prior consent of the receiver. I thought this may open doors to potential bullying. The then president of LyonMUN Mélanie Villar and now secretary general just made a IMHO snide remark and that’s all what happened. I was certainly a bit disappointed and expected a debate taking into account that promoting debating is one of the purposes of MUN associations and events.

For that reason, I though of a more creative approach to initiate a discourse. It is not like security in the internet is not a topic for LyonMUN. On their website, the press team posted not even 2 weeks ago an article concerning cyber defence. Unfortunately, LyonMUN has apparently not adopted adequate measures on their own. Let’s see what happened!

  1. Maybe the sender was tired after working past midnight and less attentive of what s/he is doing. ↩︎

INSA Pedagogy Colloquium

Last week, I got the chance to present at the 5th Colloquium on Pedagogy my field report on the education of first years engineering students at INSA Lyon as I observed it during my soon 2 years teaching experience.

You may also want to read a communication entitled What does Active Learning Mean for Mathematicians? published in the Notices of the American Mathematical Society (AMS, Vol. 64, Nr. 2) earlier this year (2017).

Pagination