How can the General Data Protection Regulation (GDPR) be effectively enforced so as to uphold fundamental rights and freedoms and at the same time, allow for the free flow of data within the Union? This is a question I have been pondering since well before Monday’s publication of the Irish Council for Civil Liberties’s (ICCL) 2021 report on the ...
14Jul 2020
Italian Data Protection Authority fines Wind 17 million Euro and Iliad 800,000 Euro
The Italian Data Protection Authority has continued its investigation into telephone operators following a significant number of complaints related to marketing activities, fining Wind Tre Spa approximately 17 million Euro for unlawful data processing. In the course if its investigation, the authority found that users had been contacted by SMS, email, fax, phone and automated calls in absence of having ...
27Apr 2020
UPDATE (II): “PUBLIC HEALTH AND PRIVACY” AND NOT “PUBLIC HEALTH OR PRIVACY”: A COLLECTION OF GUIDANCE ON COVID-19
In the evolving COVID-19 scenario in which business continuity also depends on adequate data protection and cybersecurity practices on the part of organizations, knowledge mapping of privacy & data protection guidance and cybersecurity best practices has taken on an even more important role. It’s for that very reason that, without the presumption of completeness, I ...
09Apr 2020
“PUBLIC HEALTH AND PRIVACY” AND NOT “PUBLIC HEALTH OR PRIVACY”: Surveillance in the fight against COVID-19
“Hopefully COVID-19 will be gone at some point, but tracking technologies may stay for longer and permanently hamper the rights and freedoms of individuals” As part of my blog series on #PublicHealthANDprivacy in light of the COVID-19 pandemic, this short reflection will focus on digital surveillance. There is no doubt that data and technology have the ...
26Mar 2020
“Public health AND Privacy” and not “Public health OR Privacy”: A collection of Guidance on COVID-19
Below is an attempt (without the presumption of completeness) to map all the official resources providing guidance on the correct processing of personal data in the context of COVID-19 and Cybersecurity-related information on working remotely in the context of the COVID-19 pandemic. I genuinely hope this will help in the effort of achieving "Public health AND Privacy"! Stay safe and ...
10Mar 2020
GDPR and the Coronavirus in Italy
The COVID-19 outbreak has affected the lives of millions of individuals across the globe. Among those affected are the residents of my native Italy who are currently under a mandatory lockdown (nationwide travel restrictions have been enacted) until April 3rd. In this time of crisis, however, it's important to not forget that data ...
03Jan 2020
Joint Controllership: A collection of recent guidance
Article 26 GDPR on Joint controllers determines that, "Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the ...
01Aug 2019
Don’t use consent for the processing of employee data! Greek DPA issues first fine under GDPR
The Hellenic DPA in Decision no 26/2019 decided that for personal data to be processed in compliance with the GDPR, all the principles outlined in Article 5(1) GDPR should be met. The Decision came to light after the DPA received complaints concerning the processing of PriceWaterhouseCoopers employee data where employees were required to provide their ...
06May 2019
European elections 2019: The Grante Privacy on electoral campaigns and political communication
On 19 April 2019, the Italian Data Protection Authority, or Garante Privacy, announced the approval of a new measure (Register of measures n. 96 of 18 April 2019) that is soon to be published in the Official Gazette, which establishes rules that govern voter data use on the part of political parties, movements, committees, candidates, ...
16Nov 2018
My contribution at ENISA’s Security of Personal Data Processing Event
Last month I attended ENISA's Security of Personal Data Processing Event in Athens, Greece. The event was organised together with the Digital SME Alliance and the Hellenic Data Protection Authority. During the day experts in the field, including myself, shared their advice and journey of complying with the General Data Protection Regulation with a focus ...
CONNECT