Generic filters

The Italian Data Protection Authority issued a 600.000 euro fine to UniCredit.

The Italian Data Protection Authority has heavily sanctioned a leading Italian credit institution in connection with a series of shortcomings in the implementation of minimum security measures discovered after a personal data breach suffered by the bank’s IT systems between 2016 and 2017 and subsequently notified to the authority.

Company Leasing Contracts and Rental Agreements: distinguishing elements.

The Supreme Court in its statement dated 17 February 2020 n. 3888 provides the opportunity to identify distinguishing elements between Company Leasing Contracts and Rental Agreements. The Court lingers on the elements which characterize the company, in particular the organization of the same, an element that must pre-exist at the signing of the contract and therefore the analyze of the differences between the companys’ lease contract and its rental agreement.


WIPO – The World Intellectual Property Organization – adds a new economical digital service called “wipo-proof” to the existing systems of intellectual property protection. Wipo-proof is a digital time mark that allows proof of the actual existence of a particular file at a certain time, it is extremely useful in cases of litigation concerning the paternity of the invention; however, it is not an alternative to the registration of patents or other IP protections.

Norway: COVID-19 contact tracing app blocked by watchdog.

Just over two months after its implementation, the Norwegian Data Protection Authority temporarily suspended the processing operations carried out through the app developed and adopted at national level for the purpose of monitoring and containing the spread of the COVID-19 virus (the “coronavirus”), addressing them as disproportionate and unnecessary due to various shortcomings in relation to the protection of users’ privacy.

How to defend ourselves from the risks of “digital infection” from ransomware.

With COVID emergency and the consequent lockdown, the number of people who use internet and digital devices has increased considerably. The number of cases of “digital infection”,  particularly from ransomware, has increased accordingly. The Italian Data Protection Authority has recently published an informative guide lines regarding preventive methods to be adopted.

Right to be forgotten and balance with the right to information.

The Italian Supreme Court (Corte di Cassazione), recently returned to the topic of the so-called right to be forgotten, affirmed the need to preserve the historicity of news when it is of interest to the community and to the economic and social history of a Country, while reaffirming the need to balance the interest of the community to maintain the memory of past news with the interest of the individual to maintain control of his or her personal data. From this point of view, the Court considers the deindexing of news on the web together with its updating to be an appropriate measure to balance the individual’s right to be forgotten with the collective right to information.

Leasing contract transfer: applicable regulations in case of termination.

In the event of termination of the contract, the rules on the sale by retainment of the title may apply, with particular emphasis on the rule providing for the restoration of the original position of the contracting parties, which may only be applicable in the event that the termination of said contract was for failure.
However, in the case of consensual termination, the previous relationship is retrospectively invalid from the beginning, as such the aforementioned legal regulations do not apply

Data breach: accidental dissemination of whistleblowers’ data.

Rome’s University “La Sapienza” ended up in the Italian Data Protection Authority’s sights after having notified a violation of personal data as required by art. 33 of the Regulations. Such violation concerned the disclosure of personal data processed through the University’s platform used for the management of offence reports by employees and third parties within the whistleblowing regime. Following the notification breach, the Authority initiated investigations. Violations of the measures provided in the Regulations for the protection of personal data were ascertained, with particular emphasis to the provisions relating to the current security measures in force.