RobertoLofaro.com - Knowledge Portal - human-generated content
Change, with and without technology
for updates on publications, follow @robertolofaro on Instagram or @changerulebook on Twitter, you can also support on Patreon or subscribe on YouTube


You are here: Home > Diritto di Voto / EU, Italy, Turin > #crowdsourcing , #commons , and... #compliance - a couple of #GDPR cases in Italy

Viewed 6933 times | words: 2835
Published on 2019-12-19 23:33:28 | words: 2835

Say- before the week-end, I was planning to expand and share some ideas I already shared mainly privately in the past (and today).

Subject: my take on compliance in business-to-consumer transactions (remember that I consider business both private and public- be it State, local authorities, or companies participated or owned by either of them).

The reason? In my birth country, I saw first since re-registering in 2012, and then at an increasing pace since 2015, something I wasn't used to.

Yes, there was always a significant degree of individualism and opportunism, as well as famous quarreling via the courts.

But the level of tension, micro-violence, and overall continuous stream of quarrels astonished me, even frivolous quarrels set up as revenge against journalists or competing politicians or commentators.

Up to the point that recently newspapers articles starting complaining about the use of litigation against journalists as a way to "mob" them into silence (as, in Italy, once it starts, it can last for a long, long time- even a victory, is a Pyrrhic victory, if you are proved innocent after years of expensive litigation that absorb your time).

I am nobody, but for my previous articles on local business and politics, routinely I got used to see and hear in Italy what I had got from Italians while living in Brussels.

When I started writing online about Italy in 2007 while living in Brussels, and immediately got my stalking and mobbing, such as suddenly Italians appearing at a table nearby and talking about my affairs to elicit a reaction, and people appearing in a pub, then disappearing for few days, and reporting what they had checked in Italy to what we previously discussed.

Something that I saw in Southern Italy while living there for a couple of years in the early 1970s, as a kid with my parents (we had a company before we moved in, we left without a company).

I did not expect to see this in Turin, my birthplace: but it is true that the previous time when I lived full-time in Turin... frankly, was in the late 1980s, and I was actually in town only during week-ends, as I worked around Italy, first for an American, then for a French company.

So, I never really lived the town since after I left high school in 1984.

Crowdsourcing and circular economy are often quoted as the future for the smart city that Turin plans to be, thanks to its past as an "automotive company town" and present as a "mobility town"- but, frankly, both require a continuous feeling of "belonging" and "sense of the commons".

Yes, we have routine "flashmobs" that claim to be politics, social actions, etc.

Since the Second Republic started in the early 1990s, this happened every few years, but usually either faded quickly away, turned into seat-grabbing, or dissolved after a single issue was solved- few generated "organized long-term politics".

Therefore, on both crowdsourcing and circular economy, in my view there is still a long way to go.

And I think that a circular economy based on a data-centric society will see a continuous expanding and restructuring of compliance, to a pace that would sound unbearable to many organizations.

Serendipity converges, usually.

So, tonight a Facebook friend shared within a group a link to MIT Solve.

Well, as I had been, while walking today, thinking about crowdsourcing within the compliance context, I "resurrected" memories, e.g. from where I worked on a mission to jointly deliver a book on social networking, 2008-2009 in Brussels.

Eventually, in 2013, returned and expanded on the subject with one of my mini-books.

My commentary on tonight's post was therefore a kind of "mental rosary" sharing some memory bits on crowdsourcing:
funny- I was planning to post something about a completely different application of crowdsourcing, based upon some recent issues I was involved in

but I think that we have to get used to more crowdsourcing through a different approach- SETI was a first example long, long ago (do you remember the screen saver using the CPU while idle to process signals?)

but that was a "passive" version

more active was "foldit" https://en.wikipedia.org/wiki/Foldit

as well as applications over a decade ago from some companies, e.g. Dell Ideastorm, and all the "Wikinomics" applications

my related software skills aren't yet good enough, also if in terms of algorithms worked long enough (few decades) in related areas tohave some ideas, but I like the approach of Kaggle, to crowdsource data science https://kaggle.com - as we have more data than we have people processing them (e.g. just think about all the data from Hubble, Landsat, etc)

My traditional concept about customer support is something longer-term than what I saw here since 2012.

Yes, any customer, myself included, would like to fix an issue once and forever, and usually the routine includes asking for an economic redress, reimbursement, etc.

But as my past customers, past colleagues, and current and past friends know, I routinely think that wasting my personal time (a non-recurring resource) should at least result into avoiding that others waste their own time to redo the same.

Moreover because, while I worked also on auditing projects, suppliers, teams, etc for few decades on dozens of activities since the late 1980s, and therefore I am used processes, contracts, regulations, etc, average consumers are routinely lost around sand-bagging by suppliers.

When dealing with companies (utilities, etc), usually the various watchdogs eventually set up a fine- and recently e.g. in Italy the telco watchdog said that companies that switched from solar month to 28-days months, before being reprimanded and returning to "standard months" have until end of this year to reimburse customers.

Well, I appreciated this morning that one of the operators published an announce stating that customers are entitled to get free services, or get a reimbursement, even if they were customers before, and aren't anymore.

But I wasn't a TIM customer when the "solar-to-lunar month" switch happened.

My operator at the time? Completely different behavior.

Well, I will probably get through the complaint system with the watchdog, but in the end, as I said often, I think that getting damages etc is closer to a robbing Peter to pay Paul, i.e. the cost of that side of compliance is factored into "costs of doing business", and transferred to customers.

But it is a private business, so that's the way regulated industries work.

In my view, it would be better to fix processes, but that is what happened with the watchdog: slower that should become the norm in the future, but still they fixed it.

When it comes to the public sector, I find it puzzling: in that case, fixing the process should be every citizen's priority, as any reimbursement or penalty paid by a public authority to a citizen has a cost that, eventually, is shared between citizens.

It a matter of "sense of the commons" and "belonging"- what we need to get onto the "circular economy" bandwagon and reap all the benefits that a data-centric society (and a smart-city) can deliver (for examples and the concept, e.g see my previous article on smart cities, automotive, and banking).

We live in a society where we have data stored and transmitted everywhere, and eventually any interaction with anybody and anything will involve sharing, storing, trasmitting data.

Frankly, as I wrote in previous posts (and a mini-book) on GDPR and data-centric society since 2018, the regulation that started being enforced in May 2018 isn't about penalties.

It is about, first and foremost, consent, explicit consent, and some "pillars" (key expectations of what puts you "within scope", "in compliance", and "outside scope" or even "in violation").

Now, every Italian I talked with in Piedmont (where I live now) is routinely pestered by marketeers that have access to data that they never consented to share with said marketeers (or the companies that they reportedly work for- as I catched often blatantly fake identifications, notably for those offering financial services based abroad).

Personally, I have a caller that calls me some weeks twice or more a week, two calls each time, and... uses information about utilities contracts that I had until end February 2018, while being resident in Turin, despite having told her repeatedly to stop calling, and having asked where did she get the data.

I checked online- many complaints have been notified on those boards that allow to file commentary on a caller.

It seems that she switched operators, but uses always the same modus operandi.

Another common category in Italy is those offering financial products- they use information blatantly provided from Italy, but, to circumvent regulations, usually call from UK numbers or from Italian numbers that are actually re-routed abroad.

Yes, both are GDPR violations, structural violations: but what is the point about filing a complaint against a phone number associated to an individual that switched frequently employer? Just block the number.

Let's be frank: many regulations (GDPR included) assume a "logical" sequence that might be true for new systems, and when you have a "single point of potential failure", but when legacy systems are involved, moreover when outsourced suppliers and subcontractors or service companies are involved, there are too many points of failure.

Again, with a private supplier- it is their problem to solve it, and regulations protect the customer (up to a point).

With public authorities, I think that it is more important to solve the issue, not to score a point, as otherwise you are just feeding a litigation industry that is paid, for both sides,... by taxpayers.

And this reminds me a book I read years ago about commercial litigation in USSR: how do you settle, when both companies belong, in reality, to the same "owner"?

But I am referring to the "sense of the commons" (shared resources), not "sense of the commies" (for my American friends), in this post.

Obviously, there will be cases where it is a priority to restore a wrong- but, in most cases, "fixing once and for all" would, in the end, be more beneficial for all.

In GDPR there isn't a simple on/off: you have the right to access data stored about you, and consent has to be stored (timestamped).

If a failure happens, there isn't an immediate penalty- you have to have repeatedly done nothing to fix it, or show a "systemic failure" (e.g. data stored and transferred to other purposes from those that the consent was expressed for).

As I shared with relevant authorities over the last year about other issues, when they advised me to file a complaint with a mediator to seek a potential economic redress, I wasn't interested- if I waste time, I hope that that helps to improve the process to avoid another occurrence.

So, even recently I did so: whenever it involves a public authority or something with a potential wider impact, I notify where I hope that the issue can be solved, considering, as a litmus test, the potential impact as a taxpayer, not as an individual.

That is "sense of the common" joining forces with "crowdsourcing".

Actually, this week happened twice- and in both cases did the same: if I have to waste time, I waste time in a way that I hope is overall productive.

I do not really know all that happened since the late 1990s (when I first relocated abroad) to make instead so common "mobbing behavior" such as that that I wrote about, but I do know that the only way to change is to... change.

In a country where routinely you are asked to provide personal data and documents for anything from purchasing contact lenses (if you want then to get a tax deduction), to any interaction with local and national authorities, GDPR is a powerful tool to fix processes and behaviors, and create a different approach to compliance.

If used correctly: and some countries actually dropped the "penalties" side.

Our societies will have probably an expansion of compliance issues in the future, notably after the introduction of, say, devices that will exchange data with you and your car, mobile phone, and maybe even clothes and accessories while you travel through your environment.

We cannot expect a "monolith of compliance"- as even routine activities will involve dozens of suppliers, and sometimes even micro-suppliers.

Automation? Can help, e.g. under the shape of "smart contracts"- but that will be just one of the elements, that cannot replace... using your own common sense- better "sense of the commons".

Early in 2020, I have scheduled the publication of a follow-up to previous books on data-centric issues, but the title of this post, and sharing my personal unpleasant experience in Turin since 2012 and with more intensity since late 2015 was a painful but needed digression to make a point.

To have personal and social benefits from all the (sometimes excessive) exchanges of data, each citizen should become more active: we cannot just clog courts with litigation about "data leaks", as only a continuous tuning can make it all work.

GDPR is a framework (e.g. the "privacy by design" and "privacy by default" elements), and just converting court litigation into e.g. websites powered by Artificial Intelligence to continuously adjudicate cases on a massive scale would not be enough to extract value from data, and actually would act as a "barrier to entry" for new providers.

What we need instead is to "crowdsource compliance": whenever there is an issue that represents a potential compliance issue (or is perceived as such), at least when it concerns data and is not generating irrevocable damages, it would be better to have a "layered" approach such as the one contained within GDPR.

So, first notify to activate those that can solve, providing as much information as possible to enable the identification of the issue and "points-of-failure".

If it is not solved, or the solution is not considered acceptable, then there should be an automated escalation toward further levels focused on resolution, redress, fines, etc.

Therefore, the first layer should always be collaborative.

Just the opposite of what is common now in Italy- generating the need for a massive set of overhead structures and associated costs.

Personally, for the time being I see my long-term future abroad- on a personal and professional level it seems that this is not my environment, or, better, I am not Italian enough.

Anyway, while I will still be here, I will continue to aim for fixing, not just for settling.

Incidentally: in business, it is common since decades ago, as part of the continuous improvement, as both supplier and customer have perspective that might contribute toward improvement.

The difference is that, in the future, in reality it will be common also for individual consumers to be contributors to the value chain (and maybe eventually also extract value, as I wrote in previous posts), and not just with public authorities as taxpayers, also with suppliers.

But it all begins with a change in the perception of what the role of each party is.

Alternative? Fade into litigation, and drain resources until nobody takes any risk to improve anything.

So much for "circular economy" and "smart cities"...

...instead, an economy built around multiple micro-transactions could result in an expansion of "unregulated operator": put in jail few hundreds as happened today, but that would just spawn few thousands, if the cultural background doesn't change.