Data Protection & Cybersecurity Archives | GamingTechLaw by Giulio Coraggio

Privacy Fine in Italy to Use Private Chats in Disciplinary Actions on the Workplace

The Italian Data Protection Authority (Garante) has fined a company EUR 420,000 for violating privacy laws in the workplace. The decision centers on the employer’s use of content from Facebook, WhatsApp, and Messenger—shared from the employee’s personal accounts—for disciplinary purposes.

01

Jul 2025

Marketing Privacy Consent in Italy – Is Double Opt-In Now Mandatory?

A recent and far-reaching decision by the Italian Data Protection Authority (Garante) has significantly altered the rules governing marketing privacy consent in Italy, introducing a potential obligation to…

23

Jun 2025

Ransomware and Crime – A Proposal to Tackle Cyber Extortion in Italy

The potential classification of activities associated with ransomware cyberattacks, including ransom payments by victims, as a crime has long been an unresolved issue, also in Italy. This concern has now led Italy to introduce a groundbreaking legislative proposal aimed at enhancing cybersecurity and mitigating threats posed by digital extortionists.

12

Jun 2025

ByFederico Toscani 0Comments

EDPB Guidelines for Controllers and Processors in the Event of Requests from Third Countries

On 4 June 2025, the European Data Protection Board (hereinafter, "EDPB") adopted the final version of Guidelines 02/2024 on Article 48 of the GDPR (hereinafter, the "EDPB Guidelines"). The purpose of the EDPB Guidelines is to clarify the scope of Article 48 of the GDPR – which governs the limits on the recognition and enforcement of judicial or administrative decisions from third countries requiring the transfer of personal data – in order to provide practical mechanisms for companies called upon to respond to requests for the transfer or disclosure of personal data from authorities of third countries.

03

Jun 2025

The Garante Issues First GDPR Fine Over Employees Email Metadata Privacy Breach in Italy

The Italian Data Protection Authority (the Garante) issued its first GDPR fine on, among others, the unlawful retention of metadata from employees’ emails and web browsing activities applying in Italy for the first time its highly discussed guidelines of 2024 on the use of metadata in workplace email systems.

27

Google, Privacy & $1.3B Fine: Who’s Tougher — US or EU?

Google has agreed to pay a $ 1.375 billion fine to settle two major privacy lawsuits in Texas—its largest data-related payout ever. But is the U.S. finally outpacing the EU in regulating Big Tech?

26

NIS 2 – Personal Liability of Directors For Lack of Compliance

The NIS 2 Directive has issued a significant warning to companies within the European Union: the personal liability of directors for lack of compliance is now a critical issue that cannot be ignored and the responsible directors must be notified by the end of May 2025.

22

Proposed Major GDPR Reform by the EC to Ease Compliance for Growing Businesses

The European Commission has just unveiled a draft regulation that proposed important reform to the General Data Protection Regulation (GDPR), as part of a broader initiative to reduce administrative burdens and promote competitiveness across the EU.

12