The hunt for the "crafty ones" of the Covid-19 bonus costs INPS a fine of 300 thousand euros
The Privacy Guarantor condemned the processes adopted to verify the allocation of the 600 euro bonus to national and local politicians
(Photo by Simona Granati - Corbis / Getty Images) personal data has sanctioned the National Institute of Social Security with a fine of 300 thousand euros, for not having correctly used the data of some categories that have requested the Covid-19 bonus. The Guarantor's investigation concerns the processing of members' data to trace the politicians who had requested the € 600 bonus. A case that exploded last summer and which saw the Authority committed to shedding light on the INPS data analysis procedures since August.The results led to the sanction of 300 thousand euros. This is because, as stated in a note from the Guarantor, INPS has not "adequately planned the processing" of the data and "has not been able to demonstrate that it has carried out the checks in compliance with the Regulation, violating the principles of privacy by design, privacy by default and accountability ". In summary, the cornerstones on which the Gdpr is based, the European regulation for data protection that regulates these activities.
During the investigations, the Authority verified how the INPS carried out elaborations and cross-referencing of data without first establishing whether parliamentarians and local administrators were or were not holders of financial assistance benefits. Thus going to violate the principles of lawfulness, fairness and transparency established by the Gdpr.
In addition, INPS would not even have respected the principle of data minimization, having carried out checks for the recovery of the bonus even on those who did not obtain it, because the request was rejected. Basically, sweeping checks, which for the Authority again do not take into account the European principles for the protection of personal data. There is talk of tens of thousands of citizens with political posts scrutinized by the body. The Guarantor therefore established INPS's failure to assess the risks "related to such delicate data processing" and in the "definition of the criteria for processing data".
INPS makes it known that it has having acknowledged the decision of the Guarantor and specified that "in the analysis and checks carried out, for which the institute observed complete confidentiality, no sensitive data or even data that were not visible to the public were used". The social security institution, "while considering the system of overall judgment excessive, will promptly activate the impact assessment requested and the cancellation of unnecessary data" and specifies that "the application of privacy by design and by default - indicated by the Guarantor in each of its theoretical declination as binding for all activities - can, for an Institute that manages tens of millions of benefits for the State and citizens in social security and assistance, create in practice many uncertainties in the functioning of the administration, which tends more and more to automated and digital management, and in its legitimate actions of massive control and rapid anti-fraud that a fair, efficient and agile state requires ".
Media - 45 minutes ago
100 thousand dead: the symbolic number that brings us back to the real tragedy that st we live
adsJSCode ("nativeADV1", [[2,1]], "true", "1"); Medicine - 1 hour ago
Here's why the South African variant of the coronavirus worries more than the others
adsJSCode ("nativeADV2", [[2,1]], "true", "2") ; Politics - 1 hour ago
US and EU close, cooperation on vaccines is a mirage
Topics
Bonus Coronavirus Gdpr Privacy globalData.fldTopic = "Bonus, Coronavirus, Gdpr , Privacy "
You May Also Interest
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.