GDPR

The Italian DPA fines Eni Gas e Luce 11.5 million EUR

With decisions no. 231 and 232 of 2019, the Italian Data Protection Authority
imposed two substantial fines on the well-known company Eni Gas e Luce
(hereinafter “EGL”) amounting to € 3,000,000 and € 8,500,000 at the end of two different proceedings relating to the infringement
of data protection laws in the context […]

By |09 03 2020|Uncategorized|0 Comments|

New EDPB’s Guidelines on the geographical application of the GDPR

With the publication of the Guidelines concerning the interpretation of Article
3 of EU Regulation no. 679/2016 (GDPR), the European Data Protection Board (EDPB)
provided some clarifications on the territorial scope of the GDPR. Article 3 GDPR,
in fact, provides for three different criteria for the application of the
European privacy law: 1) […]

By |22 01 2020|Uncategorized|0 Comments|

The ECJ rules on the matter of pre-ticked checkboxes and cookie consent

With a recent decision (C-673/17) dated October 1 2019, the European Court of
Justice ruled on a reference for a preliminary ruling proposed by the
Bundesgerichtshof (the German Supreme Court), concerning the validity of the
consent to use cookies, given by means of pre-ticked checkboxes.

The dispute arose from an online
promotional lottery organised […]

By |25 11 2019|Uncategorized|0 Comments|

The Italian Data Protection Authority grants the right to be forgotten in the event of a criminal conviction

With judgement no. 153 of last July 24, the Italian Data Protection
Authority (DPA) ruled on the matter of the right to be forgotten and upheld a
claim against Google LLC, brought by a citizen involved in a criminal
proceeding.

The applicant had sought an order against
Google to remove two URLs, resulting from […]

By |08 11 2019|Uncategorized|0 Comments|

The Italian DPA issued instructions on the processing of special categories of data

By order no. 146/2019 published at the end of July, the Italian Data
Protection Authority (DPA) issued specific provisions for the processing of
special categories of data in compliance with the GDPR. Herein we will
highlight the most important provisions.

The processing of special categories of data in
the employment context

The processing of special […]

By |16 09 2019|Uncategorized|0 Comments|

Data breach under the GDPR: clarifications from the Italian Data Protection Authority

With a recent decision, the Italian Data Protection
Authority (“Garante”) provided some useful guidelines regarding the data breach
procedure in case of a personal data violation.

Article 33 of EU Regulation 679/2016 (“GDPR”) establishes
that the data controller shall notify each breach of security leading to the
accidental or unlawful destruction, loss, alteration, […]

By |04 07 2019|Uncategorized|0 Comments|

The Italian Data Protection Authority imposes an administrative fine on Wind Tre for unsolicited direct marketing

By Luigi Manna and Laura Spagnoli

By an order dated 29 November 2018, the Italian Data Protection Authority (Garante per la protezione dei dati personali) imposed a 600,000 EUR fine on Wind Tre S.p.A. for the infringement of several provisions of the (Italian) Personal Data Protection Code[1] (applicable to the […]

By |18 03 2019|Uncategorized|0 Comments|