Personal Data Transfers to Non-EEA Domains: A Tool for Citizens and An Analysis on Italian Public Administration Websites
Authors: 
Lorenzo Laudadio, 
Antonio Vetrò, Riccardo Coppola, Juan Carlos De Martin, 
Marco TorchianoAuthors Info & Claims
Lorenzo Laudadio, Antonio Vetrò, Riccardo Coppola, Juan Carlos De Martin, Marco TorchianoAuthors Info & ClaimsPages 1 - 4
Abstract
Six years after the entry into force of the GDPR, European companies and organizations still have difficulties complying with it: the amount of fines issued by the European data protection authorities is continuously increasing. Personal data transfers are no exception. In this work we analyse the personal data transfers from more than 20000 Italian Public Administration (PA) entities to third countries. We developed "Minos", a user-friendly application which allows to navigate the web while recording HTTP requests. Then, we used the back-end of Minos to automate the analysis. We found that about 14% of the PAs websites transferred data out of the European Economic Area (EEA). This number is an underestimation because only visits to the home pages were object of the analysis. The top 3 destinations of the data transfers are Amazon, Google and Fonticons, accounting for about the 70% of the bad requests. The most recurrent services which are the object of the requests are cloud computing services and content delivery networks (CDNs). Our results highlight that, in Italy, a relevant portion of Public Administration websites transfers personal data to non EEA countries. In terms of technology policy, these results stress the need for further incentives to improve the PA digital infrastructures. Finally, while working on refinements of Minos, the version here described is openly available on Zenodo: it can be helpful to a variety of actors (citizens, researchers, activists, policy makers) to increase awareness and enlarge the investigation.
References
[1]
Reuben Binns. 2018. webXray Domain Owner List. https://github.com/RDBinns/webXray_Domain_Owner_List.
[2]
ebmaj7 and Giacomo Tesio. 2024. ebmaj7/Minos: MINOS_v1.0.0. https://doi.org/10.5281/zenodo.11384690
[3]
Federprivacy. 2019. Privacy, il 47% dei siti dei comuni italiani è a rischio hacker. https://www.federprivacy.org/informazione/societa/privacy-il-47-dei-siti-dei-comuni-italiani-e-a-rischio-hacker.
[4]
Daniele Granata, Michele Mastroianni, Massimiliano Rak, Pasquale Cantiello, and Giovanni Salzillo. 2024. GDPR compliance through standard security controls: An automated approach. Journal of High Speed Networks 30, 2 (Jan. 2024). https://doi.org/10.3233/JHS-230080 Publisher: IOS Press.
[5]
Danny S. Guamán, Jose M. Del Alamo, and Julio C. Caiza. 2021. GDPR Compliance Assessment for Cross-Border Personal Data Transfers in Android Apps. IEEE Access 9 (2021), 15961–15982. https://doi.org/10.1109/ACCESS.2021.3053130
[6]
The Guardian. 2013. Edward Snowden: the whistleblower behind the NSA surveillance revelations. https://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance.
[7]
The Guardian. 2018. Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach. https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election.
[8]
Amnesty International. 2023. Israel and Occupied Palestinian Territories: Automated Apartheid: How facial recognition fragments, segregates and controls Palestinians in the OPT. https://www.amnesty.org/en/documents/mde15/6701/2023/en/.
[9]
Timothy Libert. 2015. Exposing the Hidden Web: An Analysis of Third-Party HTTP Requests on 1 Million Websites. https://doi.org/10.48550/arXiv.1511.00619 arXiv:1511.00619 [cs].
[10]
Filippo Lorè, Pierpaolo Basile, Annalisa Appice, Marco de Gemmis, Donato Malerba, and Giovanni Semeraro. 2023. An AI framework to support decisions on GDPR compliance. Journal of Intelligent Information Systems 61, 2 (Oct. 2023). https://doi.org/10.1007/s10844-023-00782-4
[11]
Paolo Monella. 2021. Education and GAFAM: from awareness to responsibility. Umanistica Digitale 5, 11 (Jan. 2021), 27–45. https://doi.org/10.6092/issn.2532-8816/13685
[12]
Shoshana Zuboff. 2018. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power (1st ed.).
Index Terms
- Personal Data Transfers to Non-EEA Domains: A Tool for Citizens and An Analysis on Italian Public Administration Websites
Recommendations
European public administration, information technology and management: implications for Italian public administration
This work starts from research concerning European Public Administration (EPA) and the implications of competition for Italian Public Administration. For this reason, the data is from 16 countries, focused mainly on the analysis of the degree of ...
Public Administration and Information and Communication Technologies: The Case of the Greater Bangalore Municipal Corporation
This article critically examines the role of Information and Communication Technologies (ICTs) in governmental reform processes in development through a case study of the Greater Bangalore Municipal Corporation. The study explores the increasing use of ...
Analysis of Citizens' Blind Participation in Public Administration in Environmental Group Events
ICEME '18: Proceedings of the 2018 9th International Conference on E-business, Management and EconomicsIn recent years, as well as the rapid development of the economy, Chinese awareness of environmental protection is increasing. The contradiction between economic construction and living environment led to frequent occurrence of environmental group ...
Comments
Information & Contributors
Information
Published In
September 2024
481 pages
ISBN:9798400710940
DOI:10.1145/3677525
Copyright © 2024 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 September 2024
Check for updates
Qualifiers
- Work in progress
- Research
- Refereed limited
Conference
GoodIT '24
Sponsor:
GoodIT '24: International Conference on Information Technology for Social Good
September 4 - 6, 2024
Bremen, Germany
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 28Total Downloads
- Downloads (Last 12 months)28
- Downloads (Last 6 weeks)28
Reflects downloads up to 04 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format