The Case of Standard Contractual Clauses: The Irish Data Protection Commissioner & Max Schrems

“The supervisory authorities should have the power to prohibit or suspend a data transfer or a set of transfers based on the standard contractual clauses in those exceptional cases where it is established that a transfer on contractual basis is likely to have a substantial adverse effect on the warranties and obligations providing adequate protection ...

Italian employers can no longer control employees’ e-mails and communications when private-professional use of corporate devices are allowed

Background information/scenario Since the publication of the Guidelines Applying to the Use of E-Mails and the Internet in the Employment Context, the Italian Data Protection Authority (“Garante”) has had more than one opportunity to state its view on the controls of IT devices provided to employees to perform their job. In the case at stake, a ...

The Italian Data Protection Authority forbids the use of contact details of companies and professionals for marketing purposes without prior consent

Background information/scenario Do marketing purposes need specific consent and does such consent apply even when targeting professionals and companies whose contacts are publicly available on Internet? In one of its first decisions dated 2017, the Italian Data Protection Authority  (“Garante”) restated that all data controllers must collect a freely given and specific consent in order to ...

Privacy, maratona di eventi per aziende e professionisti

Adnkronos, 16/02/2017:  "A poco più di un anno dalla scadenza del 25 maggio 2018, imprese e pubbliche amministrazioni devono adeguarsi al nuovo Regolamento sulla protezione dei dati personali. Da nord a sud della penisola, sono ben 15 le giornate di formazione organizzate o patrocinate da Federprivacy nel giro di un mese e mezzo, in cui gli ...

COE adopts Guidelines on #BIGDATA

On 23 January 2017 the Consultative Committee of the Council of Europe´s data protection convention  adopted Guidelines on the protection of individuals with regard to the processing of personal data in a world of Big Data which provide suggested measures for preventing any possible negative effects of the use of Big Data on human rights and ...

Data Retention: CJEU reaffirms that exceptions to privacy should only apply if strictly necessary

On 21 December 2016 the Court of Justice of the European Union provided its Judgment in Joined Cases C-203/15 Tele2 Sverige AB v Post-och telestyrelsen and C-698/15 Secretary of State for the Home Department v Tom Watson and Others prohibiting the application of Member State laws that call for general and indiscriminate electronic communications data ...

New EDPS guidelines on web services and mobile applications

Today the European Data Protection Supervisor published two very welcomed guidelines on personal data protection. The first deals with the protection of personal data processed through web services and the second personal data processed by mobile applications provided by European Union institutions. You can find the complete guidelines below. Guidelines on the protection of personal data processed through ...

Changing the privacy game: Class action lawsuits

The decision of the Austrian Supreme Court on 12 September 2016 to refer the class action suit brought against Facebook by Privacy advocate Max Schrems to the European Court of Justice will have widespread consequences for both companies and consumers in Europe. Class actions on privacy-related matters represent a game changer for both consumers and businesses ...