Grazie ...infinite per questo prozioso riferimento: lo meto in *cassaforte* :-) Se, ovviamente compatibilmente con le risorse di ciascuno e senza nessun impegno :-), i giuristi in lista avessero qualche contestazione sostanziale all'analisi svolta da noyb.eu noi siamo tutto orecchi La sostanza delle cose è che la quasi totalità - manca Google Classroom, si veda a pag. 8 del report - degli strumenti utilizzati per la scuola a distanza oggi non rispettano il GDPR. In altre parole, il GDPR serve solo a dare l'illusione che sia protetta la privacy dei cittadini della EU, oltre ovviamente a complicare (inutilmente?) la vita di tutti quelli che non ci pensano nemmeno di striscio a raccogliere *laqualunque* dai propri utenti. Alberto Cammozzo <ac+nexa@zeromx.net> writes:
[...]
Read the full report <https://noyb.eu/sites/default/files/2020-04/noyb_-_report_on_privacy_policie...>
--8<---------------cut here---------------start------------->8--- However, Zoom’s claims have been shown to be misleading and false. Zoom does not actually use end- to-end encryption as commonly understood, but only transport layer encryption [...] Zoom appears to also have poorly implemented their “Company Directory” feature, leaking both email addresses and photos [...] Often, policies were poorly structured, overly long, or simply not user friendly, with information distributed in various places and not clearly linked or accessible straight from the main privacy policy. [...] Most companies see themselves as processors and not as controllers in the context of their video conferencing service. This means that the user of the software would be the controller and could therefore be deemed responsible for compliance with the GDPR, which may indicate liability for any illegal processing by the processor. (Cosa?!? n.d.r.) [...] The GDPR imposes a number of responsibilities on controllers beyond the information obligations investigated in this report, ranging from implementing appropriate technical and organisational security measures to choosing only such processors that provide sufficient guarantees. [...] It is beyond the scope of this report to assess in detail in which circumstances a video conferencing provider qualifies as a controller or/and a processor in the context of video conferencing. However, since we assume that such providers all qualify as controllers for at least a part of the processing operations involved 17 , we assessed the privacy policies against the standard of being a controller. [...] --8<---------------cut here---------------end--------------->8--- Saluti, Giovanni -- Giovanni Biscuolo Xelera IT Infrastructures