PRIVACY

Search
Generic filters

The Italian Data Protection Authority issued a 600.000 euro fine to UniCredit.

The Italian Data Protection Authority has heavily sanctioned a leading Italian credit institution in connection with a series of shortcomings in the implementation of minimum security measures discovered after a personal data breach suffered by the bank’s IT systems between 2016 and 2017 and subsequently notified to the authority.

Norway: COVID-19 contact tracing app blocked by watchdog.

Just over two months after its implementation, the Norwegian Data Protection Authority temporarily suspended the processing operations carried out through the app developed and adopted at national level for the purpose of monitoring and containing the spread of the COVID-19 virus (the “coronavirus”), addressing them as disproportionate and unnecessary due to various shortcomings in relation to the protection of users’ privacy.

How to defend ourselves from the risks of “digital infection” from ransomware.

With COVID emergency and the consequent lockdown, the number of people who use internet and digital devices has increased considerably. The number of cases of “digital infection”,  particularly from ransomware, has increased accordingly. The Italian Data Protection Authority has recently published an informative guide lines regarding preventive methods to be adopted.

Right to be forgotten and balance with the right to information.

The Italian Supreme Court (Corte di Cassazione), recently returned to the topic of the so-called right to be forgotten, affirmed the need to preserve the historicity of news when it is of interest to the community and to the economic and social history of a Country, while reaffirming the need to balance the interest of the community to maintain the memory of past news with the interest of the individual to maintain control of his or her personal data. From this point of view, the Court considers the deindexing of news on the web together with its updating to be an appropriate measure to balance the individual’s right to be forgotten with the collective right to information.

Data breach: accidental dissemination of whistleblowers’ data.

Rome’s University “La Sapienza” ended up in the Italian Data Protection Authority’s sights after having notified a violation of personal data as required by art. 33 of the Regulations. Such violation concerned the disclosure of personal data processed through the University’s platform used for the management of offence reports by employees and third parties within the whistleblowing regime. Following the notification breach, the Authority initiated investigations. Violations of the measures provided in the Regulations for the protection of personal data were ascertained, with particular emphasis to the provisions relating to the current security measures in force.