Here comes the first practical effect of the clash that sees opposites on the one hand the Privacy Guarantor and on the other PagoPa and the Ministry of Innovation: PagoPa is evaluating removing MixPanel from the IO app, that manages. This is what you read in the Privacy Policy that opens within the same app (even if after a lot of clicks).
Second as written by PagoPa in the IO app and communicated to the user, MixPanel (the US company that deals with the app’s software libraries) should analyze the data that arrives from the app itself, but only in 3 cases: for assistance, debugging and app improvement. And instead it would do a “systematic monitoring” of all the user’s activities on IO, including services that concern very important information, such as payments to the Public Administration and credit card payments via Cashback.
Green pass from the Privacy Guarantor. Hard fight with Colao on the IO app
by Alessandro Longo
The extra MixPanel activities in the IO app, therefore, would be detrimental to privacy, at least according to the analysis published by the Italian guarantor: “The MixPanel tracking libraries present within IO are configured for automatically and systematically send the data relating to a plurality of events (generated during the use of the app by the user) to the MixPanel systems together with a unique user identifier “, wrote the guarantor in the technical report published downstream of the provision on IO and in response to the denial issued by PagoPa and the ministry.
Again: “MixPanel libraries involve systematic monitoring of IO usage, treatment that is not necessary for the pursuit of the alleged (from PagoPa, ed) purposes of assistance, debugging and improvement of the app nor strictly necessary to provide services explicitly requested by a user within the app “. All this” without the user being adequately informed of this circumstance or that he can express his consent required by the privacy rules “.
I (here our user guide) is the app that oversees relations between citizens and PA, but also manages the Cashback and the Holiday Bonus and for the government it should also host the Green Pass linked to the coronavirus, also on this hypothesis was blocked by the guarantor, precisely for privacy concerns.
The Privacy Guarantor blocks Mitiga, the app to go to the stadium
The Privacy Policy of the app highlights that PagoPa itself had already had a first afterthought on MixPanel, so much so that in the part of the app dedicated to service providers, various revisions of the contract emerge, with which PagoPa obtained (at a later time compared to the debut of the app) that the data were hosted on the European territory. But this point does not also extend to MixPanel partners and therefore, the guarantor pointed out, some data from Italians can still end up on servers outside the EU.
“PagoPa had already realized that MixPanel was a partner at risk and he had tried to run for cover, but not enough“, is the reflection of the lawyer Riccardo Berti. Last week, PagoPa and the Ministry of Innovation had minimized with a joint note the risks mentioned by the guarantor, but the hypothesis of replacing the service provider now seems to be right in direction indicated by the Authority.
.