Anticipated by the work of the High-Level Expert Group on AI (Ethics Guidelines for Trustworthy AI of April 2019 and Policy and Investment Recommendations for Trustworthy AI of June 2019) and the EU Commission’s own White Paper on AI (19/2/2020), the proposed Artificial Intelligence Act

On June 18, 2021, the European Committee released the updated version (v.2.0) of Recommendations 1/2020 on additional measures to be adopted in the event that those provided by Article 46 of the GDPR to legitimize data transfers to third countries, are not sufficient following the

The discipline of the use of the green pass, as indicated by the Legislative Decree 52/2021 and 127/2021 and as reiterated by the regulation 2021/953, inevitably involves the processing of personal data so, within these areas, you must make sure to comply with both disciplines.

The Covid pandemic has forced us to a difficult exercise of new balances between fundamental rights and freedoms, some synergistic – such as public and private health as well as protection of personal data – others where there was more evidence of a backward step

Often, even in the course of this Covid-19 pandemic, we have witnessed uncertainties on the part of the legislators of individual EU member states in identifying ways to intervene in issues and rights already governed by European law. Especially in the field of personal data

The appointment of the EU Representative is required if the company in question is subject to the law of a country which is not a member of the European Union and only under certain circumstances and conditions.   Summary     How to determine if

We resume our analysis of the European data strategy and the main purpose of promoting the development of a “data driven” economy of the union.  In the Alert of July 22nd, 2021, we highlighted the strategic value of “data” and examined the ranking of the

After two years since its approval on June 12, 2019 (see Editorial of 6/27/2019), on May 27, 2021, the “Code of Conduct prepared by the National Association between Business Information and Credit Management Companies (Ancic)” (“Code on commercial information”) came into force in Italy through

The Legal Information Service will be paused for the month of August and will recommence with the bulletin of September 2nd. We complete the analysis of the EU Commissione 2021/915 decision which adopts the standard clauses between data controllers and data processors, considering their structure

The European Commission, with the publication of the “European data strategy” document of 2020, launched the five-year strategic plan for the creation of the European Common Data Space and the Data-based digital economy. The plan starts from the observation that the two major “players” of

The Privacy Garante – following the public consultation completed in 2020 – has released the new guidelines on cookies that update those of 2014 following the changes made by the GDPR. Although they come out in the middle of the negotiation of the trilogue between

Let’s go back to examining the new standard clauses adopted by the EU Commission aimed at legitimizing the transfer of personal data to third countries (see Alert of 10/6/2021). The transfer of personal data to a third country (i.e. neither belonging to the EU nor

The sentence of 29 March 2021 of the Italian Council of State (in Italian) – which concluded the first group of the charges made by the Antitrust (“AGCM”) to Facebook for the unfair commercial practices carried out in relation to the use of the personal

There is an aphorism in the world of information security that says “do not ask yourself if you will ever have a data breach, but rather when it will be your turn”. In the domain of personal data protection, data security is a principle of

The first round of the Italian antitrust (“AGCM”) litigation case against Facebook, started on 6 April 2018 to challenge alleged unfair commercial practices implemented by the social provider in the use of personal data of its users / consumers, has come to a conclusion. The

The second round in the confrontation between the AGCM and Facebook also came to an end with the imposition of a new overall fine of € 7 million against Facebook Ireland Ltd. and Facebook Inc. jointly and severally. The story shows how the current business

The EU Commission’s proposal for the new ePrivacy regulation did not explicitly refer to the circumstances that practice has identified with the terms “cookie banner”, “cookie barrier” and “cookie wall”.  The version of Parliament approved by the LIBE commission provides for the prohibition of “cookie

Individual advertising or “direct” promotion, in a broad sense, is that promotional operations that address the advertising message directly to the potential customer (therefore also called “direct marketing”); this aspect distinguishes it from general advertising which, on the other hand, is aimed at a general

Within a few days, answers were given, albeit not definitive, to the stringent expectations that followed the decision of the CJEU on the Schrems II case.  The decision of the Court, as is known, invalidated the Privacy Shield agreement and considered the standard or “SCC”

The EU Cyber Security Agency (ENISA) has published the 2019-2020 threat scenario. This is the eighth edition but also the first since the entry into force of the Cybersecurity Act which strengthened the role and competences of the agency by giving it a permanent mandate.

Following a major security incident that caused the breach of sensitive personal data of over 400,000 individuals (passengers), the British Information Commissioner (“ICO”) the 08/07/2019 communicated to the airline the intention to sanction it for the significant sum of 183.39 million pounds (€ 204M) for

After an initial postponement in February 2020, on 26th of August the Brazilian Senate approved the entry into force of the Brazilian law on the protection of personal data “Lei Geral de Proteção de Dados Pessoais” (LGPD) with effect from 15 August 2020, ie two

Learning from previous cases The provisions of the national supervisory authorities, together with the guidelines and opinions of the EDPB, if read in watermark allow us to obtain important information on how to operate in organizations in order to respond adequately to the principle of

On 16 July 2020, the Court of Justice of the European Union issued the expected decision on the preliminary ruling in the case known as Schrems II (C-311/18) which deemed the Privacy Shield instrument invalid, with immediate effect and clarified some aspects regarding the scope

Last week’s Alert pointed out hacker opportunism taking advantage of emergencies, as recorded in these Coronavirus times. There are many profiles of increased vulnerability in this situation: work outside the corporate context, where the level of protection – physical and logical – is certainly higher