Category Archives: Legal framework

“PERSONAL DATA MADE PUBLIC BY THE ‘DATA SUBJECT’ AND USE OF INFORMATION PUBLISHED ON SOCIAL NETWORKS: INITIAL OBSERVATIONS OF THE GDPR ART. 9, para. 2, letter e)” [SECOND PART]

Turning to the provisions of the GDPR at issue, it is necessary to underline that art. 9, para. 2, letter e) constitutes an exception to the general principle that sets forth in an absolute prohibition on the processing of personal data belonging to the specific categories indicated paragraph 1: in summary, the provision states that… Read More »

“PERSONAL DATA MADE PUBLIC BY THE ‘DATA SUBJECT’ AND USE OF INFORMATION PUBLISHED ON SOCIAL NETWORKS: EARLY OBSERVATIONS OF GDPR ART. 9, para. 2, letter e) [FIRST PART]

GDPR art. 9, entitled “Processing of special categories of personal data”, after having setting forth the general rule, specifically that “1. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a… Read More »

Survey GDPR. Need your help! (in Italian)

Europrivacy and Global Cyber Security Center have prepared an online survey on how the companies are preparing for the GDPR. Please contribute answering 25 simple questions! (in Italian) Results will be published by the year end on the website and incorporate in the Clusit ICT Security report. The survey starts here: http://bit.ly/2dDOiqm thanks to Elena Agresti and Giancarlo… Read More »

DATA PROTECTION BY DESIGN AND BY DEFAULT: EVOLUTION AND IMPLICATIONS

During last years there has been an increase on variety and amount of data available, a development of channels to access data and a business globalization. This situation has created a data governance and compliance complexity, besides a growth of potential threats to confidentiality requirements, integrity and availability of information. In this context the need… Read More »

GDPR: A practical handbook

First advice: the regulations should be read; it is not enough merely to consult a few articles or to follow one or two conferences to understand what is necessary to do. The authors and the relaters bring their own interpretations, often very debatable. Simply by reading the regulatory text you can actually understand what is… Read More »

GDPR guidance… simple informative text

I have found at this link a guidance to GDPR. It is written in Italian because it has been provided by the Italian DPA. It is high level, non technical, simple and informative. Is uses a lot of graphics and address the general public. I think is necessary to communicate to EU citizens the value of this new… Read More »

Looking at the rest of the world

We all are so concentrated on the new EU Regulation that we disregard easily what is going on in the rest of the world. Hereafter you can find some news from far east and far west: all over the world private data protection and security are getting more and more relevant for policy makers, citizens… Read More »

The new EU-US privacy shield

The Commission adopted on 12 July 2016 its decision on the EU-U.S. Privacy Shield. The decision follows the decision of the Court of Justice of the European Union that, on 6 October 2015, had declared the Commission’s 2000 Decision on EU-US Safe Harbour invalid. The article 29 Data Protection working party adopted an opinion about… Read More »

THE INTERNAL DATA PROCESSOR AND THE GDPR

One of the faults of the current legislation, that has been maintained in GDPR, is the use of the same term for both the internal data processors in an organization (usually managers or officials) or external ones (generally outsourcers companies or service providers). Leaving out the current consequences of these definitions we take into account… Read More »

GRDP and Brexit

When the Brexit referendum will be put in concrete actions, Great Britain will be subjected to the Chapter V of the Regulation, which defines the rules for data transfer outside UE. According to point 1 of Article 45 “A transfer of personal data to a third country or an international organisation may take place where… Read More »