Privacy and Data Protection Law

  In today’s digital economy, artificial intelligence (AI) is  reshaping industries, including journalism, by leveraging vast amounts of data to train its algorithms. However, this transformation raises pressing concerns about the intersection of AI, data protection, and individual privacy. Recent debates surrounding the use of journalistic content for AI training have highlighted the ethical and legal challenges that must be addressed to safeguard personal data in the age of intelligent algorithms. The AI Hunger for Data: Journalism as a Target AI models thrive on data, and news articles have become a critical source for feeding these systems. Companies like OpenAI and Microsoft have faced backlash for using journalistic content without proper licensing to train their AI systems. This practice has resulted in lawsuits, especially in the United States, where publishers accuse tech companies of unauthorized “web scraping” and data exploitation. To preempt conflicts, many pu...

  Artificial intelligence (AI) is revolutionizing recruitment by offering faster and more efficient processes while claiming to reduce human biases. However, as highlighted in the UK Information Commissioner’s Office (ICO) report published in November 2024, using AI in hiring comes with ethical and legal responsibilities. HR professionals must ensure compliance, safeguard candidate rights, and foster trust by aligning their practices with these recommendations. The ICO's audit of AI tools, conducted between August 2023 and May 2024, exposed both strengths and risks in their application. While some providers showed positive efforts in monitoring bias and accuracy, others revealed alarming practices, such as excessive data collection and opaque decision-making. With nearly 300 recommendations outlined, the report provides a clear roadmap for HR teams and AI developers to improve compliance. Addressing Key HR Activities with AI Tools The ICO's findings emphasize the need for HR te...

In the digital era, data protection has become one of the most critical aspects of business operations. Whether you run a small startup or a multinational corporation, ensuring the privacy and security of customer data is essential. With GDPR (General Data Protection Regulation) in full effect, the challenge for many businesses is how to effectively comply with complex legal requirements. Enter Olivia, a groundbreaking tool launched by Garante Privacy—Italy’s data protection authority—that aims to make GDPR compliance easier for everyone. What is Olivia? Olivia is a powerful and intuitive tool designed to assist businesses in meeting their data privacy obligations under GDPR. Developed by Garante Privacy, the Italian authority responsible for protecting personal data, Olivia provides automated features and guidance to help companies safeguard personal information, avoid costly data breaches, and ensure full regulatory compliance. Key Features of Olivia 1. Automated GDPR Audits Olivia s...

    The Italian data protection authority ('Garante') launched, on 10 December 2020, a public consultation on its draft guidelines on cookies and other similar tracking technologies 1 ('the Guidelines'). In particular, the Guidelines aim to illustrate the legislation applicable to the storing of information, or the gaining of access to information already stored, in the terminal equipment of users, as well as to specify the lawful means to provide the cookie policy and collect online consent of data subjects, where necessary, in light of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In addition, the Guidelines note that the Garante's previous guidance on Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies 2 , while maintaining its relevance, need to be integrated with specific reference to certain aspects such as scrolling as a lawful means to collect consent for profiling cookies ...

In an effort to  protect business environment and employees from Coronavirus infection, employers are compelled to implement different measures, and some of them will undoubtedly involve collecting personal information from employees.  The Italian Data Protection Authority published a list of frequently asked questions (“FAQs”) and answers on data protection and COVID-19. Among other topics, the FAQs below cover data processing by private employers in the context of the COVID-19 health emergency .

  In the last months, several fines have been issued against organisations for unlawful cookie practice, GDPR and electronic communications code breaches. For instance, the French data protection authority ('CNIL') fined Carrefour Banque €800,000 for failures under GDPR to provide adequate and complete information on its website in accordance with Article 13 of the GDPR on the right to be informed as well as for placing cookies on users' devices upon their access of the website, without first having obtained users' consent to the application of cookies. The Spanish data protection authority ('AEPD') fined Miguel Ibanez Bezanilla SL €3,000 for unlawful cookie practices and lack of security measures. In particular, following an individual complaint, the AEPD found that, in relation to Miguel Ibanez Bezanilla's cookie practices, the website does not present a first layer or banner providing information on cookies, as well as that, within the 'privacy noti...