At Pinngle we are delighted to present you our today´s guest, Héctor Guzmán Rodríguez, expert in the area of Protection of Personal Data and Privacy. He holds a Law Degree from the Ibeoamerican University, is Diplomate in Corporate Law from the Ibeoamerican University, Master in Law from the European Union from the Complutense University of Madrid and has one more Law Degree from the University of Zaragoza (Homologation), he is also a member of the International Association of Privacy Professionals (IAPP), the Madrid Bar Association (Ilustre Colegio de Abogados de Madrid), ISMS Forum Spain and APEP (Asociación Profesional Española de Privacidad), as well as collaborates in the Iberoamerican Observatory of Data Protection (Observatorio Iberoamericano de Protección de Datos).
Pinngle: Nowadays one of the main computer rights that all people have is to be informed. Pinngle is an application that works all over the world, even with 2G Internet and in the countries, where other instant messaging apps are blocked. In addition to being a very convenient way to make free calls and send free messages, we have opened Public Channels, following which each person can receive news from around the world and on various topics of interest. Do you think that these means can help people to exercise their main IT right? What other measures do you recommend to improve access to information on a global level?
Héctor: The sophistication of current apps allows them to be increasingly versatile; the possibility of having access to public channels to receive news will always be good news for any user who wants to obtain information and for that reason Pinngle can be proud of its offer.
From a general point of view, the challenge of access to information revolves around its quantity and quality. We know that quantity does not equal quality, and that the information that flows on the internet contains false news or distorted facts. The plurality of information is vital; nowadays the information search results are biased by the application of algorithms that “decide” what can be interesting for each one; it is necessary to recover access to news and content without the direct intervention of algorithms.
Pinngle: The information and its accessibility have a great influence in the contemporary world, but sometimes the resources provided by the Internet become disadvantages, since private and confidential information appears on the network in public availability. What are the legal means, which can help resolve this ambiguity and find a balance? Do you think the technological innovations, such as ‘serverless’ operation, adopted by Pinngle, can help achieve this goal?
Héctor: Any technology that reinforces the privacy of users and the confidentiality of the information they can share, will always be welcome.
I think that legal means already exist, what remains to be solved is the fulfillment of those means.
We continue to face the resistance of many sectors to compliance with laws on data protection and privacy, to the adoption of security measures to protect information; all of which results in the citizen’s information being more exposed to violations or leaks.
Undoubtedly, providing services in which there is no storage of user data, beyond those strictly necessary for the provision of the service, is an alternative that can provide benefits for all.
Pinngle: Our messaging application provides perhaps the best quality in calls. We have also made the cost of international calls very affordable. Knowing that each country has its own legal regulations on personal data online, Pinngle uses end-to-end encryption for both calls and instant messages, and operates on a serverless basis. Do you think that this is a necessary and sufficient basis to offer a safe service?
Héctor: No doubt this feature will make Pinngle stand out from many applications or services; To a certain extent, it reminds me of the use of “walkie talkies”, but in a world in which smartphones are an extension of people.
On the basis that there is no “100%” security, I do believe that the “serverless” operation will place Pinngle in the category of “very safe” services, within the entire range of messaging and calling service providers that to a greater or lesser extent worry about the privacy of their users.
Faced with the application of laws on data protection of various countries, this feature certainly provides a level of security to meet legal requirements in many parts of the world.
Pinngle: We have already mentioned that there are national regulations in each country, and these differ from each other. As a member of the IAPP (International Association of Privacy Professionals) and a consultant on personal data protection in several multinational companies, please tell us, are there any online data protection standards that are accepted globally? If not, which ones do you think should be?
Héctor: I think that “online data protection” is a specific concept that no national law uses as such.
The protection of personal data requires, as a starting point, the existence of standards, principles and requirements applicable to any type of processing system (manual or electronic), to prevent the laws that regulate this protection from becoming rapidly out of step with the state of the technology.
On the other hand, we are far from reaching an international agreement on these principles and how to put them into practice (the example of the United States and the European Union is very illustrative in this regard).
In this line, I consider that international standards are currently the best example of “globally accepted standards”, whose adoption can provide a general level of compliance for the protection of all types of information (including personal data) no matter where is an organization located.
As an example of this type of standards, aimed at the security of information and personal data, we can cite the following:
– ISO/IEC 27000:2018: Information technology – Security techniques – Information security management systems – Overview and vocabulary
– ISO/IEC 27001:2013: Information technology – Security techniques – Information security management systems – Requirements
– ISO / IEC 27018: 2014: Information technology – Security techniques – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
Pinngle: Finally, can you give our readers some tips on how to improve their privacy online?
Héctor: I think we should be very serious about it and accept a reality: users are the weakest link in the chain of information protection (our own and of third parties).
We must change our passive attitude to a completely active one.
As users we must stop expecting that “the others” (including service providers) are the only ones obliged to provide security to our data.
So for example, we must avoid weak passwords, avoid using the same password for all our services and stop sharing them (yes, there are still people who share their passwords).
Actively, we should look for information about identity theft and how it can happen to us; if you don’t know how you can be cheated, then how can you avoid it?
If we want the internet to be safe for us, we must do our part.
Pinngle: Thank you very much, Héctor, for accepting our invitation and sharing this important knowledge and ideas with our readers!
