Security and Privacy Consultant – Adeia Consulting
Speaks at ID WORLD on Privacy & Data Protection
Andrea Marrocco, is the Security and Privacy Consultant of Adeia Consulting, a company that provides specialized consultancy in Security, Privacy and Legal Compliance.
He got a degree of Sciences of Investigation at Universita degli Studi de L’Aquila, giving a presentation of its thesis about “Business Intelligence and Corporate Security”. He expects to get a master of Crime and Security technologies at Universita Cattolica del Sacro Cuore in Milan.
He did an internship at the UNODC (United Nations Office on Drug and Crime) Department in Vienna for the Statistics and Surveys/Policy Analysis and Research Section, taking part in the “Data for Africa Project,” in particular working for the contents and the publication of the Ghana and Kenya executive summaries.
He also worked for a Private Detective and Consultancy Agency as due diligence and private investigations Assistant, personally acting for the set up of the Security section. He is a member of ASIS International and AISFIC (Italian association of forensics, investigations and criminology), and has the AISFIC Criminal investigations for experts certification.
“TRACKING AND PROFILING THROUGH RFID TECHNOLOGIES: ANALYSIS OF NOVELTIES BY THE EU DATA PROTECTION AUTHORITY”
The purpose of this presentation is to go through the EU Data Protection Authority’s new approach in order to regulate the increasing use and diffusion of RFID technologies that invade our daily life, especially with respect to the retail sector applications. The presentation will address the comparison between the two new industry- prepared frameworks based on the European Commission Recommendation.
The European Commission issued a Recommendation dated 12 May 2009 on the implementation of privacy and data protection principles in Radio Frequency Identification Applications (the so-called RFID Recommendation).
In that Recommendation, the Commission established a requirement for the endorsement by the Article 29 Data Protection Working Party of an industry-prepared framework for Personal Data and Privacy impact assessments of RFID Applications. These assessments are commonly referred to as Privacy impact assessments, or PIAs. The PIAs can be considered as that requirement.
Through the PIAs process these recommendations require to the RFID Operator to conduct a structured analysis and assessment before an RFID Application is deployed and to show the results to the competent Authority. The PIAs first version has not received the full approval by the Working Party because of its several shortcomings. The presentation will concern the following issues:
-Privacy concerns for people because of RFID technologies, in particular focused on the retail sector
-Short description of the existing regulatory frameworks provided in the Data Protection Directive and the ePrivacy Directive
-Recommendation May 12th: key concepts and PIAs
-PIAs: purpose, objectives (benefits), process structure and application
-Strenghts and weaknesses of the two PIAs versions
-RFID technology and the retail sector: focusing on the Points 11 and 12 of the EU Recommendation
-Conclusions and critical points of view