Banks: Garante determines employees are not allowed to furtively view current accounts

On 22 June 2017, the Italian Data Protection Authority confirmed the unlawful processing of personal data by an Italian bank which permitted one of its employees to illicitly view and communicate current account data of one its clients to third parties. In the case at stake, an account holder argued before the Garante that specific data relating ...

3rd Annual India Privacy Summit: Privacy & Security in the Age of Intelligent Machines

I will be a speaker at the 3rd Annual India Privacy Summit on September 21, 2017 at Taj West End, Bangalore. Speakers will deliberate on best practices and field-tested solutions for the latest privacy issues facing a wide range of businesses and expert speakers are invited by the Executive Committee will give keynote speeches and all issues ...

Italy approves 6 year data retention

On 19 July 2017, during a session dedicated to the fulfilment of obligations resulting from EU membership, the Italian Chamber of Deputies approved an amendment which extends the period of retention of telephone and electronic communication traffic data to 6 years with a view of detecting and suppressing criminal offences and terrorism. The amendment still has to ...

New Article 29 Working Party Opinion Published: Opinion 2/2017 on data processing at work

The Article 29 Working Party adopted Opinion 2/2017 on data processing at work on 8 June 2017. The Opinion builds on Opinion 8/2001 and its 2002 Working Document on the surveillance of electronic communications in the workplace, adapting to the context of present technologies that have changed the field of employee data processing and therefore impacting the ...

Cloud technology options towards Free Flow of Data: A whitepaper from the DPSP Cluster

I am part of the DPSP Cluster, focused on Data Protection, Security and Privacy in the Cloud.  The Cluster is a result of the first call of H2020 LEIT WP2014-2015 which provided a number of grants for research on privacy in the cloud, data protection and data security. The whitepaper looks at technology solutions that the projects in the ...

David and Goliath: the GDPR and regulating the data-centric society

One year from the direct applicability of the new European Privacy Regulation... “Regulating the internet giants: The world’s most valuable resource is no longer oil, but data” published in the May 6th 2017 edition of The Economist explains the enormous power that Internet companies have due to their control over data.  It rightly describes that “uantity ...

Committee on Industry, Research and Energy Draft Opinion on ePrivacy

The Draft Opinion from Rapporteur MEP Kaja Kallas (ITRE) welcomes the change of legal instrument from a Directive to a Regulation, the extension of its scope, and the Commission's attempt to be technologically neutral, but proposes several amendments to the Draft ePrivacy Regulation. Specific qualms from the Committee on Industry, Research and Energy include provisions on tracking and ...

The Italian DPA issued its first guidelines on the GDPR

My article published on Lexology. Scenario On 28 April the Italian Data Protection Authority (“Garante”) issued its first guidance on the new provisions of the General Data Protection Regulation (“GDPR”), consisting of a schematic overview of the changes in the current legal framework and recommendations on how to face them. The Garante focused on six specific aspects: Lawfulness ...