Generic filters

Covid-19 Emergency and online education: the instructions of the Data Protection Authority.

The Italian government with its Legislative decree of 8 March 2020, suspended all educational activities from kindergartens to universities for children/students and their teachers. In the same decree a provision for teaching methods at a distance was activated. As a result of the same, the Italian Data Protection Authority in answer to the questions/reports received from the schools’ DPO, teachers and families, regarding the processing a preliminary guide on how schools and universities should use such tools, guaranteeing the protection of the personal data of the students, their families and their teachers.

Coronavirus: new guidelines on containing the spread of the virus adopted

In light of the approval, of the “Shared Protocol for the regulation of measures to combat and contain the spread of the Covid-19 virus in the workplace” (the “Protocol”) on March 14, 2020, we deem necessary to update our previous newsletter having as object the relationship between the autonomous initiatives of employers in order to manage the emergency related to the spread of the COVID-19 virus (“Coronavirus”) and the legislation on the protection of personal data.

The Italian Data Protection Authority against ENI: multimillion-dollar fine

Following the emergency measures adopted by the Italian Government as a consequence of the recent spread of the COVID-19 virus (known to most as “coronavirus”) in Italy and the consequent state of agitation among the public, the Italian Data Protection Authority issued a specific statement inviting public and private entities to comply with the procedures put in place by the competent authorities for the prevention and containment of the epidemic, avoiding the implementation of uncoordinated and unhelpful initiatives that could potentially violate the right to confidentiality of the data subjects concerned.

Unsolicited promotional activities: the Italian Data Protection Authority fines Eni Gas e Luce for 8 million euros.

The company Eni Gas e Luce has received from the Italian Data Protection Authority an administrative sanction of € 8,500,000.00 for unwanted telemarketing activities and unlawful management of contact data used for marketing campaigns. The company was sanctioned for having made advertising calls without the consent of the data subjects, for not having adopted adequate technical and organizational measures to implement the expressions of will of the data subjects and for having kept the data of the data subjects for a longer period than the necessary period to pursue the purposes. This is what emerged from the investigations of the Guarantor, which began following some reports received by the Authority during 2018 and 2019.

The Italian Data Protection Authority against ENI: multimillion-dollar fine.

Unsolicited contracts, inaccurate data and false subscriptions: the manifestly incorrect and fraudulent conduct of one of its agencies and the failure to apply adequate controls has cost Eni Gas e Luce S.p.A. a 3 million euro fine due to the several breaches found by the Italian Data Protection Authority with reference to the processing of personal data connected to the activation of energy supply contracts.

Commercial communications and the consent of its data subjects.

Sending commercial communications for promotional purposes to users must always be preceded by the acquisition of a valid consent, which must be free, specific and accountable. The Data Controller is also responsible for implementing adequate organizational and technical measures in order to guarantee the correct management of the rights of the data subjects, with particular reference to the right to object to the processing.
This is what is established by the provision of the Data Protection Authority n. 133 of 20 June 2019.

Online services: EDPB guidelines available online.

Following a public consultation process, the European Data Protection Board has adopted the final version of the Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) of Regulation (EU) 2016/679 – General Data Protection Regulation (the “GDPR”) in the context of the provision of online services to data subjects.

Procedure for dispute resolution regarding the Domain name: instructions and requirements for claims.

The domain name is a technical device to indicate in a comprehensible manner the address of a website in the world wide web, which corresponds to a single sequence of numbers.
The possibility to use letters combined with numbers allows to obtain domain names with a strong commercial impact. From this derives the need to create a system of protection against abuse of domain names similar and confusing with the legitimate owners’ ones.
It seems useful to examine the remedies available with reference to domains with geographical extension .it, relating to Italy.