Organizations are left with no practical legal grounds to transfer personal data to the United States. “A new age of data transfers” Part III

After the official statements of the European Data Protection Board (EDPB) and several Supervisory Authorities (SAs), it is clear that at the moment there is no practical way for data to lawfully flow from the EU to the US. The reasoning in 5 steps: On 16 July 2020 the Court of Justice of the European Union (CJEU) invalidated the European ...

Privacy Shield is invalid. Here’s what you need to do now. “A new age of data transfers” Part I

This blog is part of a multi-part series, “A new age of data transfers”, which will explore the practical implications of the Court of Justice of the European Union’s judgement in  Case C-311/18 “Schrems II”.  Following the invalidation of the Privacy Shield on 16 July 2020 by the Court of Justice of the European Union, the situation ...

Italian Data Protection Authority fines Wind 17 million Euro and Iliad 800,000 Euro

The Italian Data Protection Authority has continued its investigation into telephone operators following a significant number of complaints related to marketing activities, fining Wind Tre Spa approximately 17 million Euro for unlawful data processing. In the course if its investigation, the authority found that users had been contacted by SMS, email, fax, phone and automated calls in absence of having ...

Privacy “Nutrition Labels”, Transparency, and Data Protection as a Corporate Social Responsibility

Last week Apple announced an important strategic step forward in the protection of the privacy and data protection rights of its users by way of an enhanced privacy feature that it has called a "Privacy Nutrition label".  Using icons in combination with clear and simple language, the information provided by way of Apple’s pop-up "label" ...

UPDATE (i): “PUBLIC HEALTH AND PRIVACY” AND NOT “PUBLIC HEALTH OR PRIVACY”: A COLLECTION OF GUIDANCE ON COVID-19

In the evolving COVID-19 scenario in which business continuity also depends on adequate data protection and cybersecurity practices on the part of organizations, knowledge mapping of privacy & data protection guidance and cybersecurity best practices has taken on an even more important role. It’s for that very reason that, without the presumption of completeness, I ...

“PUBLIC HEALTH AND PRIVACY” AND NOT “PUBLIC HEALTH OR PRIVACY”: Surveillance in the fight against COVID-19

“Hopefully COVID-19 will be gone at some point, but tracking technologies may stay for longer and permanently hamper the rights and freedoms of individuals” As part of my blog series on #PublicHealthANDprivacy in light of the COVID-19 pandemic, this short reflection will focus on digital surveillance. There is no doubt that data and technology have the ...

“Public health AND Privacy” and not “Public health OR Privacy”: A collection of Guidance on COVID-19

Below is an attempt (without the presumption of completeness) to map all the official resources providing guidance on the correct processing of personal data in the context of COVID-19 and Cybersecurity-related information on working remotely in the context of the COVID-19 pandemic. I genuinely hope this will help in the effort of achieving "Public health AND Privacy"! Stay safe and ...

“Public Health AND Privacy” vs. “Public Health OR Privacy” in the time of the COVID-19 pandemic

The COVID-19 outbreak has touched the lives of millions of individuals across the globe. Among those severely affected are the residents of my native Italy who are currently under a mandatory lockdown  (nationwide travel restrictions have been enacted) until an undefined date.  But how should the collection of potentially special category personal data (health data) be managed in a pandemic? Several data protection authorities have provided ...

EDPB on personal data processing in the COVID-19 outbreak

On 16 March the Chair of the European Data Protection Board (EDPB) Andrea Jelinek released a statement to help guide the data processing activities of public authorities, governments, and private organizations within the context of the COVID-19 pandemic. Andrea Jelinek noted that: “Data protection rules (such as GDPR) do not hinder measures taken in ...

Irish DPA Issues Guidance for Protecting Personal Data When Working Remotely

In light if the COVID-19 crisis, many organizations have decided to implement smart working for their employees. To this end, the Irish DPA has issued useful Guidance to protection personal data when working from home which can be found here. DPC Ireland's advice is divided into three macro categories: Devices, Emails, and Cloud/Network Access. Below ...