Italian GDPR harmonization law is now in force

On September 19, 2018, Legislative Decree n. 101/2018 harmonizing the Italian privacy law with the General Data Protection Regulation (GDPR) entered into force. Legislative Decree was published on the Official Italian Gazette (Gazzetta ufficiale n. 205 04-09-2018) on September 4, 2018. More on the Legislative Decree and the Italian Privacy Code (Legislative Decree 196/2003) is available […]

Tags: ,

ECJ’s recommendations to national courts on preliminary ruling procedure

CJEU: in the references for preliminary rulings the national judge must anonymise the data   On July 20, 2018, the Official Journal of the European Union (C 257/1) published a document in which the European Court of Justice (“ECJ”) clarifies to national courts and tribunals the essential characteristics of the preliminary ruling procedure and the […]

Tags: ,

ICO fines Emma’s Diary £140,000

On August 20, 2018, the Information Commissioner Officer, ICO – the British data protection authority – fined Lifecycle Marketing (Mother and Baby) Ltd, aka Emma’s Diary, £140,000 for failing to comply with the data protection ‘fairness’ principle. The principle imposes a transparency duty requiring data controllers to provide data subjects with information about the purposes […]

Tags: ,

Italian DPA prohibits company’s geo-location system on its vehicles

On June 28, 2018, the Garante per la Protezione dei Dati Personali, Italy’s Data Protection Authority (DPA), rendered a decision reminding that privacy must be protected from the design phase of a product or service. With its decision, the Italian DPA prohibited the processing of data to the company that installed the geo-localization system on […]

Tags: ,

Cross-border cooperation and consistency procedures – State of play

On July 4 and 5, 2018,  the European Data Protection Board (EDPB) held its second plenary meeting where it discussed the cooperation systems among data protection supervisory authorities, the first experiences on the functioning of the One-Stop Shop mechanism, the performance of the Internal Market Information System (IMI), and the challenges the data protection authorities […]

Tags: ,

Italian DPA issues 2017 annual activity report – some interesting (and perhaps unexpected) information

On July 10, 2018, the Italian Data Protection Authority (DPA), the Garante per la Protezione dei Dati Personali, issued the annual report on its activity for 2017. The English version of the report is not yet available. However, we extracted some numbers for you from the Italian text. Overall, there is a decrease in the number of […]

Tags: ,

ICO investigation on data analytics used for political purposes

On July 10, 2018, the Information Commissioner Officer, ICO, issued a report of the office investigations into the use of data analytics in political campaigns. According to the ICO, data analytics is causing information asymmetry between different groups of voters. The report details some of the organizations under investigation, as well as the enforcement actions […]

Tags: ,

CNIL published guidelines on data protection in the health sector

In June 2018, the CNIL, Commission Nationale Informatique & Libertes, published guidelines for the protection of personal data in the health sector. In particular, the French Data Protection Authority (DPA) provides professionals in the health sector with tips to comply with the EU Privacy Regulation 2016/679, GDPR: limit the information collected to what is necessary […]

EU-US Privacy Shield doesn’t provide enough protection: US must comply by September 1, MEPs say

The European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) calls on the European Commission to suspend the EU-US Privacy Shield since it does not provide enough protection for EU data subjects. The United States has to comply by September 1, 2018. According to MEPs, the EU-US Privacy Shield should also remain suspended […]

Tags: ,

UK NIS regime

On May 10, 2018, the new regulations on the Security of Network and Information Systems came in to force in the UK. The new regulation is called the Network and Information Systems Regulations 2018 – the NIS regime. The NIS follows the adoption of the EU Cybersecurity Directive according to which “Operators of essential services” (OESs) […]

Tags: ,

1 2 3 21