Data Protection & Cybersecurity Archives | GamingTechLaw by Giulio Coraggio

DPO Liability Regime and Cyber Fraud: Italian Court Sets the Rules

A new Italian court ruling on the DPO liability regime under GDPR in the context of cyber fraud confirms that Data Protection Officers bear no responsibility for cybersecurity breaches caused by their clients' failure to act on documented recommendations.

Data Protection & Cybersecurity Technology

Jun 2026

The Italian Data Protection Authority Issues A Decision on AI Sentiment Analysis in the Workplace

AI sentiment analysis in the workplace raises critical questions under both the GDPR and the AI Act, as confirmed by a recent warning issued by the Italian Data Protection Authority against Myndoor S.r.l., a company offering a stress-detection plug-in for Slack and Teams corporate chats.

May 2026

ByGiulia Zappaterra 0Comments

NIS2 Categorization in Italy: ACN’s Operational Guidance for NIS Entities

The new framework on NIS2 categorization in Italy introduces significant compliance obligations for entities falling within the scope of the Italian NIS2 regime. The purpose of the categorization exercise is to enable ACN to determine which additional cybersecurity measures will apply depending on the services provided by the relevant entity.

Privacy vs Innovation and Competitiveness: Are We Getting the Balance Wrong?

Privacy vs innovation and competitiveness is no longer a theoretical debate—it is becoming one of the defining policy tensions shaping the future of the European economy.

Tracking Pixels in Emails: the Italian Garante Guidelines and a Comparison with the French CNIL Recommendations

On 17 April 2026, the Italian Data Protection Authority, the Garante, adopted the Guidelines on the use of tracking pixels in email communications (available here), currently pending publication in the Official Gazette. Around one month earlier, on 12 March 2026, the French Privacy Authority, the CNIL had adopted its own Recommendation on the same subject (available here), following a public consultation launched in June 2025.

ByEnila Elezi 0Comments

ByGiulia Zappaterra 0Comments

NIS2 Supply Chain Management in Italy: New ACN Rules Changing Supplier Management

NIS2 supply chain management rules in Italy have recently changed, and the new ACN requirements are reshaping how companies manage suppliers, introducing a continuous compliance model that international businesses cannot afford to overlook.

The Italian Garante Sets (Almost) No Limits to Former Employees’ Email Access

The Italian Data Protection Authority (the Garante) issued a decision that significantly expands the right of access by former employees to their work related emails putting companies at risk of the disclosure of considerable trade secrets and confidential information. While the ruling reinforces the right of access under Article 15 GDPR, it also creates a difficult — and potentially risky — scenario for businesses handling corporate email accounts.

Legitimate Interest under GDPR: Why It Still Fails in Practice (and What the Garante Is Telling Us)

Legitimate interest under the GDPR continues to be one of the most used, and most misunderstood, legal bases. But what are the most relevant issues to be addressed, and how to use it properly?

Mar 2026

When Can a GDPR Access Request Be Rejected? The CJEU Draws a Clear Line

With its judgment in Brillen Rottler (C-526/24), the Court of Justice of the European Union (CJEU) has now clarified that, under specific circumstances, a data controller is entitled to refuse an access request — even if it is the first one submitted by the data subject.

Mar 2026

Are Advertising Cookie Identifiers Personal Data? A French Court Decision Raises Questions for AdTech and AI Training

A recent decision advertising cookie identifiers of the French Conseil d’État has reignited a fundamental debate in EU data protection law: when do online identifiers qualify as personal data under the GDPR?