Tuesday, April 23, 2024

Vogon Today

Selected News from the Galaxy

StartMag

All the jostling between institutions on the IO app

3 years ago babelfish

All the jostling between institutions on the IO app

Institutional tensions on the IO app. The resolution of the Privacy Guarantor. The ministerial snorts. And the criticisms of the state company PagoPA. Here are the details

Tensions between institutions on the IO pro Green Pass apps. All the details.

The reason for the dispute is the security of the data of Italian citizens who pass through the IO app , downloaded by 11 and a half million people to communicate with the Public Administration and to request, among others, the holiday bonus and cashless. To date, the IO app has recorded over 12 million transactions for an economic value of approximately 2.5 billion euros in the month of May alone.

Immune yes, app IO no 

The Government had provided that citizens could download the QR code for the Green Pass , the certificate that, after vaccination, negative swab or recovery, allows facilitated movements on the national territory, through the electronic file, the Immuni application or the IO app. Yesterday, the Guarantor for the protection of personal data "following long and fruitful discussions with the Ministry of Health, gave a favorable opinion on the implementation decree scheme, which activates the National Platform-DGC for the issue of the green pass, providing for adequate guarantees for the use of green certifications ". The Guarantor, however, also said "no" to using the IO app because it is not secure enough. 

The security problems of the App IO

With an ad hoc provision, the Guarantor said that for now the IO app cannot be used to download the certificate “due to the critical issues encountered regarding it ”. It also ordered to "temporarily block some data processing carried out" through IO because the application developed by the public company PagoPA transfers sensitive data to third countries such as the United States, India and Australia through interaction with the services of the American companies Google and Mixpanel. The Guarantor has ordered "the provisional limitation" of the treatments carried out through the IO App which provide for the interaction with "the services of Google LLC , allowing only the treatments necessary for sending push notifications to users of the IO App who have explicitly and freely activated this functionality for certain services "and" Mixpanel Inc. services , suspending the storage of data on users' devices, access to such data and the collection of the same on Mixpanel systems, as well as interrupting any other processing of data already sent to Mixpanel carried out, also by other subjects, for purposes other than the mere conservation of the same ". 

Guido Scorza: "Working to eliminate critical issues"

Guido Scorza , member of the Guarantor for the protection of personal data, spoke on the Digital Agenda , to explain the reason for the decision of the Guarantor. “Until this criticality is resolved, we have simply postponed any evaluation regarding the possibility of making the greenpass available also through IO – says Guido Scorza -. If, as we hope, these critical issues, which are important on the privacy side but not central to the app's operating economy, are eliminated, even IO users will soon be able to find, if they so wish, their Green Pass in the APP " . It remains to be understood why transfers of the data of citizens who have downloaded the app take place abroad. "The perception of our offices is that these are transfers that are not essential to the functioning of the app and – concludes Scorza -, therefore, that can be eliminated without compromising the stability of the APP that has so far played and it is desirable to continue to play a valuable role in digital transformation of the country ".

India, Australia and USA countries not compliant with the GDPR 

" India, Australia and the United States are not among the countries for which there is an adequacy decision of the GDPR (General Data Protection Regulation), which is one of the criteria that allow the transfer of data". To tell Wired this is the lawyer Giovanni Battista Gallus , data protection expert. "With the Io app we wanted to create a central system in the provision of services to citizens by the public administration, and it is clear that a legal basis is needed to allow them to be transferred abroad, otherwise they cannot leave the Union European – continues Gullus -. The principle is reaffirmed that citizens' data must also be protected from state intrusions. Problem that arises in the United States given the inspection powers of the various agencies in the country ".

The replica of PagoPa

After the publication of the provisions of the Guarantor, the reply from PagoPa , the company that developed the IO app, arrived. The state company PagoPA " denies the assertion " of the Guarantor and as proof of the goodness of its products, the company recalls that "the same Guarantor has given a favorable opinion to all the services displayed on the IO App including the Cashback and the Holiday Bonus , which remain active for millions of citizens, precisely because it operates in full compliance with the European Regulation on the protection of personal data (GDPR) ". Nevertheless, PagoPA "together with the Department for digital transformation and, is examining the technical and legal details of the provision for each appropriate initiative and, with a collaborative and determined spirit, has started a table with the Guarantor structures to quickly bring the Green Pass to the App ME , in the interest of the millions of Italian citizens who use the same app ".

What is PagoPa

PagoPa is a company created in December 2018 with the so-called Simplifications decree. Within it, some activities previously carried out by the Presidency of the Council of Ministers, the Digital Team and Agid have been merged. PagoPa is wholly owned by the Ministry of Economy and Finance . The company works to spread electronic payment systems and become the sole means of all payments to the Italian public administration.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/tutti-gli-spintoni-tra-istituzioni-sullapp-io/ on Fri, 11 Jun 2021 13:39:05 +0000.