On 28 July last, the committee of experts working under the auspices of the Spokeswoman of the Chamber of Deputies, has adopted the “Declaration of the rights in the Internet” (to view the full text in Italian click here).
This declaration has no legal value and is expressly intended as an authoritative exhortation or guidance for the legislator (not only the Italian one) to legislate in certain key areas concerning the effective exercise of certain fundamental rights in the Internet. Indeed, the declaration has been designed as a high level bill of fundamental rights in the specific web environment, according to the legislative technique typical of constitutional norms, rather than of specific sector legislation. As such, the document is a commendable effort, in that it identifies the structure that any legislative attempt in this field should have.
At the same time, the declaration’s contents are innovative to a limited extent. Considerable part of it is dedicated to the issue of personal data processing in the Internet. These are in particular articles 5, 6, 8, 9, 10 and 11. The latter article in particular is a reinstatement of the “right to be forgotten”, which has now established law in the EU after the Google Spain case and the subsequent interpretations provided by the Article 29 WP and the Commission. The flip side of this right is provided by the provision of article 9, titled as “The right to one’s identity”. This article is not eye catching, when it asserts all individuals’ right to have an accurate and up to date representation of their identity in the web. This principle is in fact clearly already enshrined in the EU data protection legal framework.
However, of interest is the provision of the third paragraph, reading that “All individuals concerned must be made aware of the use of algorithms and of probabilistic techniques and, in any invent, said individuals may oppose the construction and dissemination of profiles concerning themselves”. This provision clearly deals with data mining techniques, which enable the making of inferences about individuals’ behaviour and build on that basis predictive knowledge models. Where again the declaration proposes the creation of proper new rights, is in article 10, providing for the right for the “protection of anonymity”.
As it is stated, this right is not a mere reinstatement of anonymization as a technique that data controllers should use to minimize the impact of data processing. Indeed, article 10 establishes a real right for the individuals concerned to have access to technical tools to protect anonymity and prevent the collection of personal data, “in particular when exercising civil and political liberties and without undergoing censorship or discrimination”. This principle would in fact erect the “do not track” tools as a privacy enhancing technology, to be mandatorily made available by any web service provider or data controller in the web. Such tools should of course be effective and devoid of any gaps or backdoors which would indeed enable de-anonymysation. If such a principle were passed into law, it would certainly go beyond the generic assertion of “privacy by design” which can now be found in the draft general data privacy regulation, because it would prescribe a specific outcome.
Of interest in the catalogue of rights of the Declaration is the provision of article 4, which deals with the “net neutrality” principle. According to this article, “Everyone has the right that data transmitted in or received from the Internet are not discriminated, restricted or tampered with, regardless of the sender, recipient, type or content of the data, device or applications being used or, in general, the individuals’ legitimate choices”. This article identifies certainly one of the main issues today at stake in the context of the Internet, as there is an increasing pressure from certain economic circles to indeed price and technology discriminate, also because of the technical constraints that exist and make access to the Internet at the same conditions regardless of the type of service called for more and more difficult. The question thus arises whether “net neutrality” should not be achieved trough existing more flexible legal tools, such as competition law or the constitutional right to be informed, rather than through a rigid principle of law.
Other articles of the declaration call for the interpretation of Individuals’ right in the Internet in the light of the principles of human dignity, freedom, equality and respect for diversity which, as such, shall work as the “basic principles on the basis of which any balancing exercise with other rights shall be performed”. These principles enshrined in article 1 seem intended to elevate the Rights in the Internet provided in the charter to the level of fundamental human rights, in order to recognise the direct impact that the Internet has on democracy. In this vein article 2 (right to access) and 3 (right to knowledge and education in the web), qualify as exemplifications of how in reality the dignity of human beings in the web should be secured.
All in all, this Declaration is a commendable attempt by Italy to give rise to a debate, which ideally should end up with some legal (constitutional) recognition of the specificity of the Internet. What is questionable, is that the attempt, while placing itself at the level of universal declaration of rights, seems to consider the Internet as a secluded environment and such a seclusion is a risk, to the extent that it is far from certain that in the years to come technological evolution will not make such declaration age quickly.