Ukraine, because even the Privacy Guarantor puts Kaspersky in the corner

by Chiara Rossi

The Privacy Guarantor has launched an investigation into the risks associated with the Kaspersky antivirus. Requested the number and type of Italian customers from the Russian company. All the details

Another title for Kaspersky in Italy. Today "the Guarantor for the protection of personal data has opened an investigation to assess the potential risks relating to the processing of personal data of Italian customers carried out by the Russian company that supplies the Kaspersky antivirus software". This was announced by the Authority chaired by Pasquale Stanzione. The initiative - explains the Authority - "was necessary in relation to the war events in Ukraine, in order to investigate the alarms launched by numerous Italian and European bodies specialized in IT security on the possible use of that product for cyber attacks against users. Italians ". The reference is to the alarm launched by the National Cybersecurity Agency, according to which it is "appropriate to consider the security implications deriving from the use of information technologies provided by companies linked to the Russian Federation". And on Thursday 17 March, Consip, the spa of the Treasury Ministry that manages purchases for the public administration, issued a communication to economic operators with the subject "Catalog adjustment to possible regulatory interventions". In fact, the law is on its way, announced earlier this week by Undersecretary with responsibility for cybersecurity Gabrielli, with which the Government will allocate funds to PAs to purchase new software (and thus replace the Kaspersky antivirus). From Palazzo Chigi to the Ministry of Defense, from the Ministry of Justice to the Ministry of the Interior - Department of Public Security, the Kaspersky antivirus is currently installed on all the main IT systems of Italian institutions. This week the BSI, the German Federal Agency for Security in Technical Information, also rejected the Russian software. The German BSI advised "to replace the Kaspersky antivirus with alternative products". All the details. THE REQUESTS OF THE PRIVACY GUARANTOR IN KASPERSKY The Guarantor asked Kaspersky Lab "to provide the number and type of Italian customers, as well as detailed information on the processing of personal data carried out in the context of the various security products or services, including telemetry or diagnostic ones". THE TRANSFER OF ITALIAN DATA "The company must also clarify whether, in the course of processing, the data are transferred outside the European Union (for example to the Russian Federation) or otherwise made accessible to third countries". WHAT THE RUSSIAN COMPANY MUST COMMUNICATE Finally, Kaspersky Lab "must indicate the number of requests for acquisition or communication of personal data, referring to Italian data subjects, addressed to the company by governmental authorities of third countries, starting from January 1, 2021. In doing so, the company will have to distinguish them by country and indicate for how many of them Kaspersky has provided a positive response ”. THE POSITION OF THE COMPANY LEADED BY EVGENIJ KASPERSKIJ "Kaspersky is a privately held global cybersecurity company and, as a private company, has no connection with the Russian government or any other government." Thus the company founded and led by the Russian Yevgeny Kaspersky replied this week in an official note. "The National Security Agency - added Kaspersky - stated that it would be 'appropriate to consider the security implications deriving from the use of information technologies provided by companies linked to the Russian Federation'. We share the fact that these statements are based on decisions related to a geopolitical problem related to the current context and are not the result of a technical evaluation of Kaspersky products. To support risk analysis, we invite institutions to visit our transparency center in Zurich. As part of the Global Transparency Initiative, Kaspersky moved the data processing infrastructure to Zurich, Switzerland. As the company explained in a recent interview: “Malicious and suspicious files (data related to cyber threats) voluntarily shared by users of Kaspersky products in Europe, the United States, Canada and several Asia-Pacific countries are processed and stored in two Swiss data centers offering world-class facilities to ensure the highest levels of security ”.