At the end of 2024 the Italian Data Protection Authority issued a 15 million euro fine in the first generative AI-related case brought under GDPR. According to Garante (the Italian authority), OpenAI trained ChatGPT with...more
The Italian Data Protection Authority (“Garante per la Protezione dei Dati Personali”) published a provision in which it established that some services for e-mail management are configured to collect and store metadata...more
Italy plays a prominent role in EU AI Act negotiations and engages in political discussions for future laws. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently, there are no specific laws,...more
On January 29, 2024, the Italian Data Protection Authority (Garante) notified OpenAI of breaches of data protection laws involving its ChatGPT platform....more
By now, many of us are using AI, advising others about how to use AI, and waiting for some legislative miracle to give us some guardrails for what we can or cannot be doing with AI. A lot of effort has been put into tracking...more
As we noted in our 2023 DSIR, there has been a flurry of activity within the information governance space, at home and abroad. This activity deserves further analysis, because while it seems from a distance that there are...more
On 2 August 2021, the Italian supervisory authority (Garante) announced that is has imposed a fine of EUR 2.5 million against a food delivery company Deliveroo Italy s.r.l. (Deliveroo) for violation of several requirements of...more
The Italian Data Protection Authority ("DPA") has issued guidelines on data protection rules applying to COVID-19 vaccinations at the workplace. On May 13, 2021, the Italian DPA issued guidelines on data protection rules...more
Garante, the Italian data protection authority, has issued FAQ's on CCTV surveillance and data protection. Highlighting the European Data Protection Board's (EDPB) guidelines on the topic, here are some takeaways: Area of...more
Following the outbreak of COVID-19 and its development into a global pandemic, organizations have been implementing exceptional measures to safeguard employees, customers and others against the health threat that is being...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? Old legislation has been updated....more
New Decree Law n. 101/2019, effective on September 5, 2019, introduces a minimum legal framework for gig workers, providing the applicability of the discipline of subordinate employment relationships. The remuneration of the...more
Italian Data protection Authority, Garante privacy, ordered a company that did not acquire granular consent for marketing from members of its loyalty programs to: (i) stop processing personal data for marketing purposes...more
Setting the scene - The Italian Competition Authority ("ICA"), recently published a set of Guidelines and Policy recommendations relating to the Digital Sector ("Guidelines"), focusing on antitrust, privacy regulation and...more
Caveat Data Processor. Italian Data Protection Authority, Garante, has issued a 50,000 EUR fine against a data processor platform for its failures to implement several information security measures....more
The Italian Data Protection Authority (“IDPA”) issued its first decision interpreting the amended Section 4 of the “Workers’ Bill of Rights,” concerning the monitoring of employees’ internet access and e-mail use. In...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
On March 10, Italy’s data protection authority, Il Garante per la protezione dei dati personali (the “Garante”), announced that it had ordered fines totaling more than €11 million on five companies operating in the money...more
The Court of Justice of the European Union (‘CJEU’) has recently clarified how participation in cartels can be presumed under EU competition rules. An online booking system used for package holidays had sent to travel agents...more