Recent Posts by Paolo Balboni

Whistleblowing: Italian DPA fines “La Sapienza” University € 30,000

The Italian DPA fined La Sapienza University in Rome € 30,000 for having spread the names of two individuals who had reported potential wrongdoings online. In doing so, the DPA stressed the importance of employers adopting adequate technological procedures for ensuring the the anonymous reporting of potentially illicit behaviour, also known as whistleblowing. Specifically the ...

Happy Safer Internet Day: A call for data security by design

Today, Safer Internet Day, represents a good opportunity to remind organizations of the importance of embedding data protection and security into the design of processes, products and services. This consideration is, in fact, embodied in the first principle of five which I have identified as the foundation of Socially Responsible Data Protection and which are ...

Successful kick-off of the Data Protection as a Corporate Social Responsibility project

Yesterday, 6 February 2020, the Data Protection as a Corporate Social Responsibility project kick-off meeting was held within the European Centre on Privacy and Cybersecurity (ECPC) within the Faculty of Law at Maastricht University.  The project aims to trigger virtuous data protection competition between companies by creating an environment that identifies and promotes data protection as ...

Launching the Data Protection as a Corporate Social Responsibility research project at ECPC

There’s no better day than today, European Data Protection Day, to announce the 6 February kickoff meeting of the Data Protection as a Corporate Social Responsibility Research Project that I am leading at the European Centre on Privacy & Cybersecurity (ECPC) at Maastricht University.  In our data-centric global economy businesses need to consider privacy and data protection as assets rather than simply ...

Sector-specific codes of conduct contribute to application of GDPR

In a note from the Presidency to the Permanent Representatives Committee (Part 2)/Council, published on 19 December 2019, "Council position and findings on the application of the General Data Protection Regulation (GDPR)", the Presidency underlined the usefulness of Codes of Conduct, writing that: "Drafting sector-specific codes of conduct in accordance with Article 40 of ...

Joint Controllership: A collection of recent guidance

Article 26 GDPR on Joint controllers determines that, "Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the ...

Italian Garante: Not permissible to keep a former employee’s mail account active after the termination of the employment relationship

The Italian DPA (Garante) has stated that it is not allowed for a company to keep the email account of a former employee active following termination of the employment relationship and to access the emails contained in the inbox. The Decision  of the Garante follows a complaint from an individual who complained that their privacy ...

Dutch DPA investigates use of tracking cookies

The Dutch DPA carried out an audit of approximately 175 websites including those of web shops, municipalities, and  the media, in order to ascertain whether they comply with the requirements for the placing of tracking cookies. Almost half of the websites that use tracking cookies do not meet the consent requirements. The DPA found that “Virtually ...

EDPS announces investigation into European Parliament’s 2019 election activities and is taking enforcement actions

On 28 November 2019 the European Data Protection Supervisor announced that "it is carrying out an investigation into the European Parliament’s use of a US-based political campaigning company to process personal data as part of its activities relating to the 2019 EU parliamentary election." In its press release the EDPS stressed that "Election campaigns are ...

Brexit and data protection: What’s next?

On 12 December 2019 in the UK general election, Boris Johnson secured his position as UK Prime Minister, with his Conservative party winning its first substantial majority in decades. The results of the election have set the way for the UK to exit the European Union by its scheduled exit date of 31 January 2020.  The results ...

Recent Comments by Paolo Balboni

    No comments by Paolo Balboni yet.