Here you can read some articles on Italian and international privacy, cybersecurity and data protection issues drafted by either Giulio Coraggio or the other authors of GamingTechLaw.
The new framework on NIS2 categorization in Italy introduces significant compliance obligations for entities falling within the scope of the Italian NIS2 regime. The purpose of the categorization exercise is to enable ACN to determine which additional cybersecurity measures will apply depending on the services provided by the relevant entity.
The Italian Data Protection Authority (the Garante) issued a decision that significantly expands the right of access by former employees to their work related emails putting companies at risk of the disclosure of considerable trade secrets and confidential information. While the ruling reinforces the right of access under Article 15 GDPR, it also creates a difficult — and potentially risky — scenario for businesses handling corporate email accounts.
With its judgment in Brillen Rottler (C-526/24), the Court of Justice of the European Union (CJEU) has now clarified that, under specific circumstances, a data controller is entitled to refuse an access request — even if it is the first one submitted by the data subject.
The European Commission has just published for feedback its long-awaited draft guidance to assist companies in applying the Cyber Resilience Act (CRA), a landmark EU regulation aiming to strengthen cybersecurity across the digital product landscape.
EDPB binding decisions are challengeable under the GDPR: with its judgment of 10 February 2026 in Case C-97/23 P, the Court of Justice of the European Union confirmed that binding decisions adopted by the European Data Protection Board under Article 65 GDPR can be directly challenged before the EU Courts under Article 263 TFEU.
