Page - 202 - in Intelligent Environments 2019 - Workshop Proceedings of the 15th International Conference on Intelligent Environments

f) processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or illicit treatment and against loss, destruction or accidental damage, through the application of appropriate technical or organizational measures ("integrity and confidentiality »). On the other hand access to data -public and private- of the citizen in an environment of public and private agents for commercial or non-commercial purposes, in the context of the so-called internet of things, with the volume, variety and speed in the management thereof, can hardly rely on the consent of the affected. It is a task practically impossible in practice. It is true that this consent will not be precise when the personal data are collected for the exercise of the functions of the Public Administrations within the scope of their powers; however, it is no less true that (1) sometimes, private agents access those data; (2) that - in spite of all the precautions of anonymization of the data - to date there are formulas to deanonymize the encrypted data, referencing behaviors and attitudes to perfectly identified individuals; and (3) that the communication of data to a third party does require consent unless it is authorized by law. To this day, positive law is being built on the basis of the community regulation of conventional data and the consent technique. Not in vain the Working Group of Article 29 on Data Protection in its Opinion 6/2013 recalls that access and reuse of personal data that have been made available to the public are still subject to data protection legislation. On the other hand, Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free circulation of these data (General Data Protection Regulation), is still committed to this approach and its innovations in data control are mainly focused on the right to be forgotten and the right to privacy [15]. In our opinion, the principle of Open Administration must be rethought, valuing the undoubted advantages of access to data and its reuse, but being aware that it is not feasible to subject it to the consent of the affected party. It is necessary to radically rethink the model of data transfer in a new environment, which is the same as macro data, because otherwise access to data and its reuse run the risk of becoming a purely programmatic statement. It doesn’t make sense that the Regulation (EU) 2016/679 contemplates in Chapter III the rights of the interested party, specially the information that must be given to the owner of the data (articles 13 and 14), when in practice this is never done. A formula of administrative control in order to avoid abuses could be, in the context of administrative police activity, to include in a standard the obligation of the operator to stop any transmission or use of data in which the owner expresses his contrary will, followed of an infringing type with an exemplary sanction. F.J.BauzáMartorell / IntelligenceTourismandPublicAdministration202