Data Protection & Cybersecurity
Here you can read some articles on Italian and international privacy, cybersecurity and data protection issues drafted by either Giulio Coraggio or the other authors of GamingTechLaw.
The potential classification of activities associated with ransomware cyberattacks, including ransom payments by victims, as a crime has long been an unresolved issue, also in Italy. This concern has now led Italy to introduce a groundbreaking legislative proposal aimed at enhancing cybersecurity and mitigating threats posed by digital extortionists.
On 4 June 2025, the European Data Protection Board (hereinafter, "EDPB") adopted the final version of Guidelines 02/2024 on Article 48 of the GDPR (hereinafter, the "EDPB Guidelines"). The purpose of the EDPB Guidelines is to clarify the scope of Article 48 of the GDPR โ which governs the limits on the recognition and enforcement of judicial or administrative decisions from third countries requiring the transfer of personal data โ in order to provide practical mechanisms for companies called upon to respond to requests for the transfer or disclosure of personal data from authorities of third countries.
The Italian Data Protection Authority (the Garante) issued its first GDPR fine on, among others, the unlawful retention of metadata from employeesโ emails and web browsing activities applying in Italy for the first time its highly discussed guidelines of 2024 on the use of metadata in workplace email systems.