PRIVACY

Privacy & Cybersecurity

Nel mondo digitale ed interconnesso la protezione dei dati personali e, più in generale, la tutela delle informazioni aziendali non è solo una necessità ma una vera e propria sfida, normativa e regolatoria. Tali dati ed informazioni costituiscono infatti un asset strategico e la loro sicurezza richiede un’attenzione costante e una competenza senza compromessi.

Il nostro Team offre consulenza d’eccellenza a livello nazionale ed internazionale nella privacy e nella cybersecurity con soluzioni su misura per le esigenze di imprese e di gruppi societari complessi e in continua evoluzione. Il nostro approccio nella gestione delle questioni legate alla protezione dei dati e alla cybersecurity ci consente di assistere con successo i nostri Clienti nella gestione dei rischi connessi alle sicurezza delle informazioni, lavorando sempre per garantire un equo contemperamento tra esigenze di legalità e di business.

Intelligenza Artificiale & Diritto delle nuove tecnologie

Nel contesto attuale, le tecnologie emergenti stanno trasformando radicalmente il panorama operativo e normativo in cui le imprese si trovano ad operare. L’Intelligenza Artificiale (IA), in particolare, ha aperto nuove opportunità ma comporta, allo stesso tempo, anche sfide significative in termini di compliance rispetto a nuove normative. Il nostro studio legale è specializzato nell’offrire consulenza d’eccellenza nel campo del diritto delle nuove tecnologie, aiutando le aziende a navigare con successo nel labirinto delle regolamentazioni, in particolare con il nuovo Regolamento in materia di Intelligenza Artificiale dell’Unione Europea (AI Act).

L’era digitale sta evolvendo rapidamente e, con essa, le normative che disciplinano l’utilizzo dei dati e dei servizi online. Il Data Act, il Digital Services Act e il Data Governance Act, il Digital Markets Act  sono solo alcuni dei regolamenti chiave che plasmeranno il futuro dell’Unione europea. Queste nuove normative pongono sfide legali complesse per imprese, società e gruppi societari complessi offrendo, allo stesso tempo, significative opportunità per una gestione più sicura, trasparente ed efficiente delle tecnologie digitali.

Il nostro studio legale è al fianco delle imprese per navigare con successo tra questi nuovi obblighi normativi. Offriamo consulenza strategica e operativa per garantire la piena conformità ai requisiti delle nuove normative emergenti, minimizzando i rischi legali e ottimizzando la gestione del cambiamento in ambito digitale.

Search

Data breach: accidental dissemination of whistleblowers’ data.

Rome’s University “La Sapienza” ended up in the Italian Data Protection Authority’s sights after having notified a violation of personal data as required by art. 33 of the Regulations. Such violation concerned the disclosure of personal data processed through the University’s platform used for the management of offence reports by employees and third parties within the whistleblowing regime. Following the notification breach, the Authority initiated investigations. Violations of the measures provided in the Regulations for the protection of personal data were ascertained, with particular emphasis to the provisions relating to the current security measures in force.

Cookies and consent: relevant news from the EDPB.

On May 4, 2020, the European Data Protection Board adopted an updated version of the Guidelines on consent under Regulation 2016/679, originally drafted by Article 29 Working Party back in 2017 and already subject to a first revision on April 10, 2018, introducing some important new features regarding cookies.

FAQ of the Data Protection Authority: data processing at work in context with the current health emergency.

The measures imposed on public and private companies for the containment of the Covid-19 virus, provided for by current legislation and the “Shared protocol for the regulation of measures to contain the spreading of the Covid-19 virus in the place of work” of 14 March 2020, as amended and integrated, include provisions involving the processing of personal data by employers, both in the data relating to employees and to any third parties accessing company’s premises, ensuring the health and safety within the place of work. Therefore, more specifically to the critical data protection issues, the Data Protection Authority has intervened providing companies with concrete indications regarding the correct processing of personal data in the current emergency situation.

COVID, mobile apps and privacy: European Commission guidance available online (pt. II).

As part of a Community approach to combating and containing the diffusion of the COVID-19 virus (the “coronavirus”), the European Commission has adopted the Guide to Data Protection in Applications to Support the Fight Against the COVID 19 Pandemic (the “Guide”).
Herewith below you can find the second part of the analysis of the aforesaid guidelines (the first part is available here) concerning privacy by design and by default, measures to be taken in order to ensure compliance with the principles of lawfulness, purposes of data minimization, access and storage limitation, based on the various features of the apps under review.

COVID, mobile apps and privacy: European Commission guidance available online (pt. I).

As part of an EU approach to fighting and containing the diffusion of the COVID-19 virus (the “coronavirus”), the European Commission has issued its guidelines for mobile applications supporting the fight against the pandemic, specifically focusing on the related data protection features.
The implementation of digital technologies (e.g. “contact tracing”) seems to represent a useful tool for national health authorities to monitor and contain the diffusion of the virus, especially in the post-emergency phase when containment measures are lifted, provided that the use of such solutions are made in the full respect of the citizens’ fundamental rights and freedoms, including, first and foremost, the individuals’ right to privacy and respect for their private lives.
Herewith below is the first part of the analysis of the aforesaid guidelines, that set out a number of general principles intended for the application, regardless of the specific characteristics of the individual applications.

Data breach management: what arises from the 2019 sweep results.

The Global Privacy Enforcement Network’s annual survey focused on the management of data breaches by public and private entities; the 2019 sweep survey involved 16 Authorities for the processing of personal data, including the Italian one. The investigation has taken into account various aspects of the management of a data breach, including how the reports/notifications and the implementation of the counter-measurements to prevent the repetition of the breach were managed.  The Study revealed that only a few entities have an in-depth knowledge of data breach management.

Generic filters