Search

(Italian Official Gazette no. 266, November 13, 2013) The Italian Data Protection Authority issued detailed rules for the processing of personal data by call centers located outside the EU, which operate on behalf of Italian data controllers to provide customer care or for marketing purposes. According to Directive 95/46/EC the transfer of personal data to […]

On July 4, 2019, the Commission Nationale de l’informatique et des Libertés (CNIL), the French Data Protection Authority (DPA) adopted new guidelines on cookies and other tracking devices (“Guidelines”). According to the press release, the scrolling down or swiping through a website or application is no longer viewed as a valid expression of consent to the […]

On March 12, 2019, the European Data Protection Board (EDPB) published an opinion defining the GDPR’s scope of application and providing an interpretation on data protection authorities’ competences, tasks and powers. The Belgian Data Protection Authority (DPA) requested the EDPB to examine and issue an opinion on the interplay between the ePrivacy Directive (2002/58/EC) and […]

On October 8, 2018, the Italian Garante per la Protezione dei Dati Personali, the Italian data protection authority, DPA, released instructions on how to maintain a record of processing activities, as well as a sample document compliant with Regulation (EU) no. 679/2016, the General Data Protection Regulation, GDPR. The record – to be maintained by […]

Update: In October 2019, the European Court of Justice held that in order to store cookies on user devices, the users must actively consent and that pre-checked checkbox that users must actively deselect is not a valid form of consent. The European Court of Justice also stated that all types of cookies require active consent, […]

On May 16, 2018, the Garante per la Protezione dei Dati Personali, Italy’s Data Protection Authority (DPA), authorized the transfer of personal data using Binding Corporate Rules, BCR, approved by May 24, 2018. What is BCR. BCRs are a tool to allow the transfer of personal data among branches belonging to the same multinational company […]

EU Data Protection Authorities released useful Data Protection Impact Assessment tools (DPIAS) Belgium: the Commission for the Protection of Privacy, Commissie voor de bescherming van de persoonlijke levenssfeer (CBPL) issued a Recommandation d’initiative concernant l’analyse d’impact relative à la protection des données (n° 01/2018)   Cyprus: the Office of the Commissioner for Personal Data Protection, Γραφείου Επιτρόπου Προστασίας Δεδομένων […]

In an early effort to adapt Italian privacy law to the GDP, in November 2017, a new Article 110bis was approved for introduction in the Italian Privacy Code, redrafting the discipline concerning the re-use of data for scientific research or statistical purposes. The new Article 110bis, Italian Privacy Code, (Legislative Decree n. 196/2003) introduced three changes that […]

On December 12, 2017, a new Article 110bis of the Italian Privacy Code came into force, redrafting the discipline concerning use of data for scientific research or statistical purposes. The new Article 110bis, Italian Privacy Code, (Legislative Decree n. 196/2003) introduced three changes that might have harmful consequences for scientific developments. First, it restricts the possibility […]

  The Italian Data Protection Authority, Garante per la privacy issued Guidelines for the implementation of Regulation EU/2016/679 on Personal Data Protection (GDPR). The DPA suggests some actions that can be carried out right away to comply with the GDPR and provides a general overview of the major innovations introduced by the legislation. The guidelines […]