“Public health AND Privacy” and not “Public health OR Privacy”: A collection of Guidance on COVID-19

Below is an attempt (without the presumption of completeness) to map all the official resources providing guidance on the correct processing of personal data in the context of COVID-19 and Cybersecurity-related information on working remotely in the context of the COVID-19 pandemic. I genuinely hope this will help in the effort of achieving "Public health AND Privacy"! Stay safe and ...

GDPR and the Coronavirus in Italy

The COVID-19 outbreak has affected the lives of millions of individuals across the globe. Among those affected are the residents of my native Italy who are currently under a mandatory lockdown (nationwide travel restrictions have been enacted) until April 3rd. In this time of crisis, however, it's important to not forget that data ...

Whistleblowing: Italian DPA fines “La Sapienza” University € 30,000

The Italian DPA fined La Sapienza University in Rome € 30,000 for having spread the names of two individuals who had reported potential wrongdoings online. In doing so, the DPA stressed the importance of employers adopting adequate technological procedures for ensuring the the anonymous reporting of potentially illicit behaviour, also known as whistleblowing. Specifically the ...

Italian Garante: Not permissible to keep a former employee’s mail account active after the termination of the employment relationship

The Italian DPA (Garante) has stated that it is not allowed for a company to keep the email account of a former employee active following termination of the employment relationship and to access the emails contained in the inbox. The Decision  of the Garante follows a complaint from an individual who complained that their privacy ...

Italian DPA: Second semester inspection plan focuses on whistleblowing

The Italian Data Protection Supervisory Authority recently published the measure whereby it decided on the audit plan for this six-month period, citing one of the processing activities that could be inspected: “1. For the period from July to December 2019, the auditing activity initiated and carried out by the Data Protection Supervisory Authority, including through the Guardia di ...

European elections 2019: The Grante Privacy on electoral campaigns and political communication

On 19 April 2019, the Italian Data Protection Authority, or Garante Privacy, announced the approval of a new measure (Register of measures n.  96 of 18 April 2019) that is soon to be published in the Official Gazette, which establishes rules that govern voter data use on the part of political parties, movements, committees, candidates, ...

Garante Privacy: “Taking Stock Of The First 4 Months Of Implementing The GDPR”

According to the Italian DPA, the Garante Privacy, as of 28 September 2018, four months after the GDPR became fully applicable in Italy: 40,738 appointed DPO's contact information was communicated 2,547 complaints and reports were received 305 data breach notifications were made 7,200 requests to the Garante's font office were made These numbers show a significant ...

Italian DPA prohibits companies from using software that monitors employees

On 8 March 2018, the Italian Data Protection Authority banned any further processing activities of the Customer Care employees’ data, carried out by an important Italian telecommunication company through a software (namely, Salesforce Arcadia) that handled the calls to subscribers. The software not only processed n data related to the calls of the customers and their ...

The Italian Garante on the Data Protection Officer in the private sphere

On 26 March 2018, the Italian Data Protection Authority published its new “frequently asked questions”  related to the figure of the Data Protection Officer (DPO) in the private sphere. The FAQs are a useful tool that can provide addition clarification regarding the figure of DPO together with the Article 29 Working Party (“WP29”) Opinion on ...