Banks: Garante determines employees are not allowed to furtively view current accounts

On 22 June 2017, the Italian Data Protection Authority confirmed the unlawful processing of personal data by an Italian bank which permitted one of its employees to illicitly view and communicate current account data of one its clients to third parties. In the case at stake, an account holder argued before the Garante that specific data relating ...

New Article 29 Working Party Opinion Published: Opinion 2/2017 on data processing at work

The Article 29 Working Party adopted Opinion 2/2017 on data processing at work on 8 June 2017. The Opinion builds on Opinion 8/2001 and its 2002 Working Document on the surveillance of electronic communications in the workplace, adapting to the context of present technologies that have changed the field of employee data processing and therefore impacting the ...

David and Goliath: the GDPR and regulating the data-centric society

One year from the direct applicability of the new European Privacy Regulation... “Regulating the internet giants: The world’s most valuable resource is no longer oil, but data” published in the May 6th 2017 edition of The Economist explains the enormous power that Internet companies have due to their control over data.  It rightly describes that “uantity ...

The Italian DPA issued its first guidelines on the GDPR

My article published on Lexology. Scenario On 28 April the Italian Data Protection Authority (“Garante”) issued its first guidance on the new provisions of the General Data Protection Regulation (“GDPR”), consisting of a schematic overview of the changes in the current legal framework and recommendations on how to face them. The Garante focused on six specific aspects: Lawfulness ...

Italian DPA releases GDPR Guide

On 28 April 2017 the Italian Data Protection Authority released a Guide for the implementation of the General Data Protection Regulation (Guida all'applicazione del Regolamento europeo in materia di protezione dei dati personali). The Guide provides an overview of the main aspects that should be considered with regards to EU Regulation 2016/679 before it is implemented ...

Complementing the GDPR: The ePrivacy Regulation Part I

This is the first blog of a series of posts which will explore aspects of the ePrivacy Regulation adopted on 10 January 2017 which aims to provide stronger privacy protections in electronic communications. On 10 January 2017 the European Commission adopted the Proposal for a Regulation on Privacy and Electronic Communications (the Draft ePrivacy Regulation) concerning ...

Brexit and the future of data transfers to the UK

On 29 March 2017 Theresa May, the Prime Minister of the United Kingdom, officially invoked Article 50 of the Treaty on European Union, effectively triggering Brexit.  But what does that mean for us as data protection and privacy experts and how will companies be affected by Brexit? The Lisbon Treaty establishes that countries exiting the EU ...

Article 29 Working Party publishes Privacy Shield enforcement documents

The Article 29 Working Party is preparing for enforcement as the nine-month grace period for US Companies that self-certified before 30 September 2016 comes to an end on 30 June 2017. As of today there are a total of 1,750 organizations signed up to the EU-US Privacy Shield List, which applies to the transfer of all ...

Privacy, maratona di eventi per aziende e professionisti

Adnkronos, 16/02/2017:  "A poco più di un anno dalla scadenza del 25 maggio 2018, imprese e pubbliche amministrazioni devono adeguarsi al nuovo Regolamento sulla protezione dei dati personali. Da nord a sud della penisola, sono ben 15 le giornate di formazione organizzate o patrocinate da Federprivacy nel giro di un mese e mezzo, in cui gli ...