The Italian privacy authority has published the plan of inspections for the first half of 2022, which indicates the areas where their dawn raids will be concentrated.
There are no major surprises in the inspection plan of the Italian data protection authority (the Garante) for the first half of 2022 because the areas where they will focus are:
1. the processing of personal data with regard to “database providers“ – the fight against telemarketing continues with all the major GDPR fines issued by the Garante that were concentrated in this area. The situation is expected to further heat up with the approval of the new so-called “Register of Oppositions”, the Robinson list for telemarketing that is now being extended to mobile numbers and automated calls;
2. the processing of personal data carried out by platforms and websites with regard to the correct management of cookies – this move was definitely likely after the entry into force of the new guidelines on cookies by the Italian data protection authority, and the decision of the Austrian privacy authority on Google Analytics, which also highlights the issue of the need to carry out assessments of transfers outside the EEA:
3. the processing of personal data in the field of CCTV systems – this area is always a hot topic, and the Garante has recently published a summary of practices to be followed on the topic;
4. data processing by dating sites, operators in the field of data monetization and by producers and distributors of smart toys – these are sensitive activities because sometimes they take advantage of the weakness of individuals;
5. the use of algorithms and artificial intelligence in public and private sectors – it is a topic that has been the subject of recent GDPR fines by the Garante against food delivery companies, but the problem is wider since any business is using AI systems to review their customers and employees, increase its performance, revenues and efficiency;
6. the data processing through the usage of App and other computer applications with reference to the acquisition of information and personal data by apps on smartphones also for verification of the so-called green pass certificates – the pandemic has made someone feel “entitled” to overcome privacy rules, but the Italian data protection authority has always had a firm position on the subject, and stringent obligations arise for the processing of green pass certificates and information on vaccinated and infected individuals.
Inspections from the Italian privacy authority are normally invasive for any business, and it is likely to be the case in 2022, especially if the pandemic is over. They can originate from a review of cookies on the company’s website, but then the scope of inspections can broaden to cover other topics. Besides, they are run in the form of dawn raids, and normally businesses are not ready to handle them.
On the same topic, you can find interesting the article “Top 5 immediate actions to get ready for Italian privacy dawn raids“.