Data Protection & Cybersecurity Archives | GamingTechLaw by Giulio Coraggio

Will Schrems III Trigger Another Panic Moment for EU–US Data Transfers?

The upcoming "Schrems III case" on 3 September 2025 could invalidate the EU–US Data Privacy Framework (DPF), once again disrupting data transfers between the European Union and the United States and forcing businesses to fall back on alternative solutions such as the Standard Contractual Clauses and Transfer Impact Assessments creating a potential panic moment for many businesses.

15

Why the definition of “Personal Data” Could Make or Break AI Compliance

The relationship between AI, personal data, and the GDPR is under intense scrutiny — and an upcoming judgment from the Court of Justice of the European Union (CJEU) could redefine how businesses approach compliance with substantial positive or negative effects, depending on the outcome.

07

Works Agreements Are Not a Legal Basis Under GDPR According to the ECJ

The recent ECJ judgment in Case C-65/23 (MK v K GmbH) delivers a clear and far-reaching message for employers across the EU: a works agreement cannot serve as a valid legal basis under the GDPR.

05

ByRebecca Rossi 0Comments

Influencer rules change in Italy with new AGCOM guidelines

Influencer rules have officially changed in Italy —and if you’re a brand, agency, or digital talent with serious reach, you need to pay attention to the AGCOM guidelines on the matter.

29

ByGiulia Zappaterra 0Comments

Are your NIS 2 information sharing agreements ready for the July 31 deadline in Italy?

NIS 2 information sharing agreements are a central focus of Italy’s cybersecurity compliance landscape this July 2025.

28

Personal data anonymization and the risk of the DPO being an executor

The Italian Data Protection Authority's recent decision gave guidance on the true meaning of personal data anonymization and the crucial distinction between the DPO as a monitor – not an executor. In a world driven by AI and public surveillance, both concepts are more relevant than ever.

18

ByGiulia Zappaterra 0Comments

ENISA Guidelines on Compliance with NIS 2 Directive Published

On June 26, 2025, the European Union Agency for Cybersecurity (ENISA) published two sets of guidelines to help businesses ensure their organizational compliance with the NIS2 Directive.

17

Privacy Fine in Italy to Use Private Chats in Disciplinary Actions on the Workplace

The Italian Data Protection Authority (Garante) has fined a company EUR 420,000 for violating privacy laws in the workplace. The decision centers on the employer’s use of content from Facebook, WhatsApp, and Messenger—shared from the employee’s personal accounts—for disciplinary purposes.

01

Marketing Privacy Consent in Italy – Is Double Opt-In Now Mandatory?

A recent and far-reaching decision by the Italian Data Protection Authority (Garante) has significantly altered the rules governing marketing privacy consent in Italy, introducing a potential obligation to…