#DataProtectionDay: Committing to Transparency in 2022 with ECPC Data Protection Icons

Today is International Data Protection Day, in celebration of the 41st anniversary of the first binding international treaty concerning the topic of data protection being opened for signature: the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. Since the early 1980s, both the quantity and economic importance of data ...

“Easy privacy information via icons? Yes, you can!”: The European Centre on Privacy and Cybersecurity (ECPC) Data Protection Icons win transparency contest organized by the Italian Data Protection Authority

We are very pleased to announce that the European Centre on Privacy and Cybersecurity (ECPC) is among the winners of the Italian Data Protection Authority’s “Easy privacy information via icons? Yes, you can!” data protection icons contest! Launched on 15 March 2021, the contest called upon members of the public to develop a set of icons which may be ...

Italian Data Protection Authority fines Wind 17 million Euro and Iliad 800,000 Euro

The Italian Data Protection Authority has continued its investigation into telephone operators following a significant number of complaints related to marketing activities, fining Wind Tre Spa approximately 17 million Euro for unlawful data processing. In the course if its investigation, the authority found that users had been contacted by SMS, email, fax, phone and automated calls in absence of having ...

UPDATE (II): “PUBLIC HEALTH AND PRIVACY” AND NOT “PUBLIC HEALTH OR PRIVACY”: A COLLECTION OF GUIDANCE ON COVID-19

In the evolving COVID-19 scenario in which business continuity also depends on adequate data protection and cybersecurity practices on the part of organizations, knowledge mapping of privacy & data protection guidance and cybersecurity best practices has taken on an even more important role. It’s for that very reason that, without the presumption of completeness, I ...

“PUBLIC HEALTH AND PRIVACY” AND NOT “PUBLIC HEALTH OR PRIVACY”: Surveillance in the fight against COVID-19

“Hopefully COVID-19 will be gone at some point, but tracking technologies may stay for longer and permanently hamper the rights and freedoms of individuals” As part of my blog series on #PublicHealthANDprivacy in light of the COVID-19 pandemic, this short reflection will focus on digital surveillance. There is no doubt that data and technology have the ...

“Public health AND Privacy” and not “Public health OR Privacy”: A collection of Guidance on COVID-19

Below is an attempt (without the presumption of completeness) to map all the official resources providing guidance on the correct processing of personal data in the context of COVID-19 and Cybersecurity-related information on working remotely in the context of the COVID-19 pandemic. I genuinely hope this will help in the effort of achieving "Public health AND Privacy"! Stay safe and ...

GDPR and the Coronavirus in Italy

The COVID-19 outbreak has affected the lives of millions of individuals across the globe. Among those affected are the residents of my native Italy who are currently under a mandatory lockdown (nationwide travel restrictions have been enacted) until April 3rd. In this time of crisis, however, it's important to not forget that data ...

Whistleblowing: Italian DPA fines “La Sapienza” University € 30,000

The Italian DPA fined La Sapienza University in Rome € 30,000 for having spread the names of two individuals who had reported potential wrongdoings online. In doing so, the DPA stressed the importance of employers adopting adequate technological procedures for ensuring the the anonymous reporting of potentially illicit behaviour, also known as whistleblowing. Specifically the ...

Italian Garante: Not permissible to keep a former employee’s mail account active after the termination of the employment relationship

The Italian DPA (Garante) has stated that it is not allowed for a company to keep the email account of a former employee active following termination of the employment relationship and to access the emails contained in the inbox. The Decision  of the Garante follows a complaint from an individual who complained that their privacy ...

Italian DPA: Second semester inspection plan focuses on whistleblowing

The Italian Data Protection Supervisory Authority recently published the measure whereby it decided on the audit plan for this six-month period, citing one of the processing activities that could be inspected: “1. For the period from July to December 2019, the auditing activity initiated and carried out by the Data Protection Supervisory Authority, including through the Guardia di ...