Generic filters

Data breach: accidental dissemination of whistleblowers’ data.

Rome’s University “La Sapienza” ended up in the Italian Data Protection Authority’s sights after having notified a violation of personal data as required by art. 33 of the Regulations. Such violation concerned the disclosure of personal data processed through the University’s platform used for the management of offence reports by employees and third parties within the whistleblowing regime. Following the notification breach, the Authority initiated investigations. Violations of the measures provided in the Regulations for the protection of personal data were ascertained, with particular emphasis to the provisions relating to the current security measures in force.

Cookies and consent: relevant news from the EDPB.

On May 4, 2020, the European Data Protection Board adopted an updated version of the Guidelines on consent under Regulation 2016/679, originally drafted by Article 29 Working Party back in 2017 and already subject to a first revision on April 10, 2018, introducing some important new features regarding cookies.

FAQ of the Data Protection Authority: data processing at work in context with the current health emergency.

The measures imposed on public and private companies for the containment of the Covid-19 virus, provided for by current legislation and the “Shared protocol for the regulation of measures to contain the spreading of the Covid-19 virus in the place of work” of 14 March 2020, as amended and integrated, include provisions involving the processing of personal data by employers, both in the data relating to employees and to any third parties accessing company’s premises, ensuring the health and safety within the place of work. Therefore, more specifically to the critical data protection issues, the Data Protection Authority has intervened providing companies with concrete indications regarding the correct processing of personal data in the current emergency situation.

COVID, mobile apps and privacy: European Commission guidance available online (pt. II).

As part of a Community approach to combating and containing the diffusion of the COVID-19 virus (the “coronavirus”), the European Commission has adopted the Guide to Data Protection in Applications to Support the Fight Against the COVID 19 Pandemic (the “Guide”).
Herewith below you can find the second part of the analysis of the aforesaid guidelines (the first part is available here) concerning privacy by design and by default, measures to be taken in order to ensure compliance with the principles of lawfulness, purposes of data minimization, access and storage limitation, based on the various features of the apps under review.

COVID, mobile apps and privacy: European Commission guidance available online (pt. I).

As part of an EU approach to fighting and containing the diffusion of the COVID-19 virus (the “coronavirus”), the European Commission has issued its guidelines for mobile applications supporting the fight against the pandemic, specifically focusing on the related data protection features.
The implementation of digital technologies (e.g. “contact tracing”) seems to represent a useful tool for national health authorities to monitor and contain the diffusion of the virus, especially in the post-emergency phase when containment measures are lifted, provided that the use of such solutions are made in the full respect of the citizens’ fundamental rights and freedoms, including, first and foremost, the individuals’ right to privacy and respect for their private lives.
Herewith below is the first part of the analysis of the aforesaid guidelines, that set out a number of general principles intended for the application, regardless of the specific characteristics of the individual applications.

Data breach management: what arises from the 2019 sweep results.

The Global Privacy Enforcement Network’s annual survey focused on the management of data breaches by public and private entities; the 2019 sweep survey involved 16 Authorities for the processing of personal data, including the Italian one. The investigation has taken into account various aspects of the management of a data breach, including how the reports/notifications and the implementation of the counter-measurements to prevent the repetition of the breach were managed.  The Study revealed that only a few entities have an in-depth knowledge of data breach management.