Data Protection & Cybersecurity Archives | GamingTechLaw by Giulio Coraggio

30

The upcoming "Schrems III case" on 3 September 2025 could invalidate the EU–US Data Privacy Framework (DPF), once again disrupting data transfers between the European Union and the United States and forcing businesses to fall back on alternative solutions such as the Standard Contractual Clauses and Transfer Impact Assessments creating a potential panic moment for many businesses.

ByGiulio Coraggio 0Comments

15

Aug 2025

Data Protection & Cybersecurity

Why the definition of “Personal Data” Could Make or Break AI Compliance

The relationship between AI, personal data, and the GDPR is under intense scrutiny — and an upcoming judgment from the Court of Justice of the European Union (CJEU) could redefine how businesses approach compliance with substantial positive or negative effects, depending on the outcome.

ByGiulio Coraggio 0Comments

07

Aug 2025

Data Protection & Cybersecurity

Works Agreements Are Not a Legal Basis Under GDPR According to the ECJ

The recent ECJ judgment in Case C-65/23 (MK v K GmbH) delivers a clear and far-reaching message for employers across the EU: a works agreement cannot serve as a valid legal basis under the GDPR.

ByGiulio Coraggio 0Comments

05

Aug 2025

Data Protection & Cybersecurity

Influencer rules change in Italy with new AGCOM guidelines

Influencer rules have officially changed in Italy —and if you’re a brand, agency, or digital talent with serious reach, you need to pay attention to the AGCOM guidelines on the matter.

ByRebecca Rossi 0Comments

29

Jul 2025

Data Protection & Cybersecurity

Are your NIS 2 information sharing agreements ready for the July 31 deadline in Italy?

NIS 2 information sharing agreements are a central focus of Italy’s cybersecurity compliance landscape this July 2025.

ByGiulia Zappaterra 0Comments

28

Jul 2025

Data Protection & Cybersecurity

Personal data anonymization and the risk of the DPO being an executor

The Italian Data Protection Authority's recent decision gave guidance on the true meaning of personal data anonymization and the crucial distinction between the DPO as a monitor – not an executor. In a world driven by AI and public surveillance, both concepts are more relevant than ever.

ByGiulio Coraggio 0Comments

18

Jul 2025

Data Protection & Cybersecurity

ENISA Guidelines on Compliance with NIS 2 Directive Published

On June 26, 2025, the European Union Agency for Cybersecurity (ENISA) published two sets of guidelines to help businesses ensure their organizational compliance with the NIS2 Directive.

ByGiulia Zappaterra 0Comments

17

Jul 2025

Data Protection & Cybersecurity

Privacy Fine in Italy to Use Private Chats in Disciplinary Actions on the Workplace

The Italian Data Protection Authority (Garante) has fined a company EUR 420,000 for violating privacy laws in the workplace. The decision centers on the employer’s use of content from Facebook, WhatsApp, and Messenger—shared from the employee’s personal accounts—for disciplinary purposes.

ByGiulio Coraggio 0Comments

01

Jul 2025

Data Protection & Cybersecurity

Marketing Privacy Consent in Italy – Is Double Opt-In Now Mandatory?

A recent and far-reaching decision by the Italian Data Protection Authority (Garante) has significantly altered the rules governing marketing privacy consent in Italy, introducing a potential obligation to…

ByGiulio Coraggio 0Comments

23

Jun 2025

Data Protection & Cybersecurity

Ransomware and Crime – A Proposal to Tackle Cyber Extortion in Italy

The potential classification of activities associated with ransomware cyberattacks, including ransom payments by victims, as a crime has long been an unresolved issue, also in Italy. This concern has now led Italy to introduce a groundbreaking legislative proposal aimed at enhancing cybersecurity and mitigating threats posed by digital extortionists.

ByGiulio Coraggio 0Comments