How important is it to protect our smartphone privacy?
Being used to the constant and ordinary use of the smartphone, that we could say it’s essential, we dwell too little on what are the risks that our phone privacy can incur.
The protection of the personal data on the mobile devices, whether if they’re smartphones, tablets or personal computers, is fundamental, but there’s very little talk about it.
As a matter of fact, it’s been recently introduced the GDPR or General Data Protection Regulation adopted by the European Union, regulation n.2016/679.
With this regulation, the European Union meant to discipline the topic of the privacy and personal data treatment.
After the adoption of the UE regulation, it’s been imposed the adoption of measures for the protection of personal data.
But still, too often, the companies don’t treat data in an appropriate way and they limit themselves to have a shallow protection, also for what concern the mobile devices that they give to their employees.
The freelancers are even more at risk because they use the same mobile device for work and for their personal life.
These circumstances lead to expose their own business and their personal and private life to the risks of violation.
At this point, it’s not wrong to say that our personal data need more protection, especially if we consider that these data are too often present in the in the devices that we carry around everyday, with which we conduct the 90% of our personal and professional activities and that we usually use not thoroughly safe Wi-Fi connections.
It might seem exaggerated to talk about such a big quantity of conducted activities, and yet think about how our simple phones are already smartphones and that their first single function of calling is now just one of many others that these devices have.
Risks concerning the phone privacy
The cellphone is not just a tool to call: the smartphone has been developed and implemented in order to become more and more an effective working tool, a tool for the exchange of information and capable of containing an incredible amount of data and apps necessary for the professional and/or corporate business.
Many companies, indeed, give to their employees a corporate device, whether if it’s a personal computer, a tablet or a smartphone, in order to use them for the exchange of private information and sensitive data, such as personal photos, medical certificates and information about the employees health status, data related to the clients and to the practices in progress with them, personal documents, reserved information.
Thanks to their functions, the cellphones are crucial and delicate tools but that, beside their function, are often are often kept at the margin in the matter of privacy protection.
Data on the cellphones are subjects at risk of attacks from a series of means, such as malwares, phishing, hacker attacks.
The phone privacy and the risk of the mobile devices in the processing of personal data of employees and clients should be an independent voice in a company’s impact assessment.
The exchange of data and information is increasingly carried out via messaging services like Telegram, WhatsApp, Messenger or other mail services directly from the smartphones.
The safety of a cellphone starts with the access moment: every mobile device permits to use protection codes, such as PIN or password.
Introducing a double recognition system at the access moment allows to block and avoid that unknown subjects use the cellphone: just recently, since September 2019, the P2D2 Directive required as mandatory two-factor authentication for online payments.
Therefore, you’ll be able to set up the geolocation of your device, so you’ll be able to trace back its position in cases of theft or loss: it’s an available function on smartphones and Android and Apple devices.
In this way, you can block the access to you device from remote, in order to stop whoever took it from using it.
Another useful thing might be to remove the notifications that pops up on the cellphone and the mobile devices, to prevent previewing of confidential information by setting silent notifications on the icon.
Phone records storing
In the field of phone privacy, it’s important to know that the use of a cyber communication service leaves behind digital traces that constitute the digital footprint of a person.
Besidethe information related to che telematic communications, everyone leaves information related as well to the phone communications, like phone numbers and called contacts, your location when you made the communication, and perhaps even the content of the communication itself.
These pieces of information are recorded in order to be accessible by people legitimised by law, such as the Judicial Authority and the Judicial Police.
In the version of the privacy code updated by the GDPR, the art. 132 stipulates that the provider of electronic communications services must provide for the processing of data for the purpose of detecting and prosecuting criminal offences.
The privacy code provides that the records of the traffic history are produced by the service provider; the telecommunications code in the art. 96 forces the electronic communications operators to fulfil the obligations towards the Judicial Authority: basically, the service provider must record the internet conncections, the the mobile operator must record the incoming and outgoing calls from its users and the service provider must keep the references of the users communications.
Data retention periods
Data retention shall be carried out by telecommunications operators.
As a result of the various changes that have taken place over time in both the Community and national spheres, nowadays the art. 132 of the privacy code provides clear rules for the retention of traffic data for detection and prosecution purposes.
Indeed, it is expected that:
- telephone traffic data must be stored for 24 months from the date of communication;
- telematic traffic data must be stored for 12 months from the date of notification;
- data of unanswered calls must be store for 30 days from the date of notification;
Nevertheless, the rule 167/2017 in the art.24 provides that data retention must be extended to 72 months for the referred crimes, i.e. crimes committed or attempted for the purpose of terrorism and for the offences provided for in Article 407 cpp 2, letter a).
For this reason, since it we don’t know in advance for what purposes data may be requested later, the retention period is 72 months for all users.