Change of education domain. However, the Ministry did not ask for consent. Forgetfulness?


Change domain education, necessary to have more space and not only Migration takes place in a virtual environment managed by SPA. The Mi (Ministry of Education) has forgotten, however, what the GDPR and the implementing decree 101/18 on the protection of personal data impose.

Change of domain education, good news.

Change domain education, finally turn the page! Who had activated an email address like that [email protected] each time he experienced two critical points: a paltry capacity for the present times (100 Mb); a maximum email size (including attachments) of approximately 20 MB.
To these critical issues must also be added the delays in sending messages or opening your @ address.
Now, however, with the change of domain you can have a larger space of up to 500 Mb (not the maximum, but you have to be satisfied) and above all a new, more efficient cloud architecture.

The Communication of the warns me of the change

This change was announced by a communication sent by the Mi to each user I report because it will be useful for the purposes of the reflection that I intend to do.
Dear user, we inform you that we are setting up a new institutional e-mail system. Soon you will have a much larger 500 MB box based on a new cloud infrastructure. Your email address will become [email protected].
Only the domain will change, but the one preceding the @ will remain unchanged. If your box is
[email protected] with the transition to the new system it will become [email protected]
We invite you to check the current box in the next few days because here you will receive the new credentials and detailed information on access to the new system.
Even if the email address changes, you will continue to access the services of the reserved area of ​​the ministerial portal without having to change any parameters and your email address will be updated automatically within the information system of the Ministry of Education, at the moment the deactivation of the old address.
If, on the other hand, you registered with the e-mail address @ on sites external to the institutional portal, it will be your responsibility to insert the new address @ posta., when it is active. The messages in the current box will not be migrated to the new one, so we invite you to save the important ones as soon as possible. Attached you will find a short guide that will help you in archiving messages and that you can use to do this immediately.
Best regards

There is a big problem with the personal data transferred to a SPA

The e-mail address is considered personal data. In addition, through e-mail messages we more or less consciously release other information with different private degrees. Your treatment therefore always requires the explicit consent of the interested party. The GDPR (European regulation for the protection of personal data) unequivocally defines consent as a “any manifestation of free, specific, informed and unequivocal will of the interested party, with which the same expresses its consent, through unequivocal declaration or positive action, that the personal data concerning him are subject to treatment “.
Obviously if the subject that processes the data changes or the environment within moves the data, the subject must be informed and therefore be put in the condition to express a possible new consent or to revoke the previous one.
The migration of the address in an environment explicitly managed by Aruba (A SPA that offers IT services of data centers, web hosting, e-mail, PEC and domain registration) in my opinion required more explicit information. In the above communication, no mention is made of this company. I should add that the guides made available while presenting Aruba, deal with technical aspects (setting filters, exporting folders …).

Personal data is the gold of the 21st century

The commercial nature of Aruba objectively represents a risk, favoring potential deviations. I wrote it a few days on this portal, dealing with the platforms used for Dad: “To understand what is at stake, it is necessary to reflect on the current hybrid profile of the world of information, many of which convey personal and sensitive data (interests, trends, political and sexual orientations …) … All this is well known by the big giants of the Web. Hence the commitment to develop strategies to reach the majority of potential users who continuously release personal data (the “bread crumbs” 2.0), which as I wrote above represent the necessary material for profiling and loyalty. R. Nazzini, professor of antitrust law at King’s College London, writes “The offer of free services can also be a business strategy to enter a new market and establish a strong presence in it”.
In these days, the same Guarantor for Privacy has shown himself to be very cautious on the use of spaces belonging to giants of the Web. His reasoning referred to the platforms used for Dad, but the procedural similarity allows its application also to the context of which we’re talking about.

The request for a clarification from the Mi

Considering the current context and also confirmed by the implementing Decree 101/18, the Mi must publish a more explicit information, communicating to the user the change of the data controller (Aruba). It is also indispensable that the company makes known to me the contract stipulated with the SPA which must be limited to the treatment of the mailing address only and not extended to other data possibly held by the Administration. Finally, it is necessary to confirm the protection of personal data (address @) from possible profiling, produced by the crossing with other “bread crumbs 2.0” disseminated on the Web by the user and which ultimately lead to loyalty.
These elements must constitute the informed consent model to be submitted to the user, who must however also foresee the possibility for the latter not to consent to the new treatment.

Source link


Please enter your comment!
Please enter your name here