Italian DPA issues fines totaling 11 million to group for a data breach

Posted on by Federica Romanelli
In February 2017, the Italian Data Protection Authority (Garante per la protezione dei Dati Personali)  fined five companies over 11 million euros for the unlawful processing of personal data. The companies, which operate in the money transfer field, unlawfully processed the personal data of over 2 millions people. To avoid money laundering legislation, the companies would use the data of completely unaware customers to send money in China. Since the data was processed without the data Read more [...]

ECJ considered the right to be forgotten in companies’ registers

Posted on by Federica Romanelli
On March 9, 2017, the Court of Justice of the European Union (ECJ) considers that there is no right to be forgotten in companies' registers. However, upon expiry of a sufficiently long period after dissolution of the company concerned, Member States may provide for restricted access to such data by third parties in exceptional cases. In case C-393/15, the Corte di Cassazione (the Italian Supreme Court) requested a preliminary ruling from the ECJ to clarify the right of individuals to be forgotten, Read more [...]

Update on the Irish High Court’s proceeding to decide request for ECJ’s preliminary ruling on Model Clauses

Posted on by Federica Romanelli
According to the Irish Data Protection Authority (DPA) the hearing before the Irish High Court brought by the DPA against Facebook Ireland Ltd and Mr Schrems over EU-US data transfers will possibly take another additional week (or two addition weeks) to conclude. More information on the case is available here. According to the available sources (see here and here), as of March 3, 2017: Opening submissions have been made by the DPA, Facebook and Schrems; Mr Schrems’ expert witness, Read more [...]

Italian judge blocks Italian access to US-hosted website for privacy violation

Posted on by Federica Romanelli
According to this source, in February 2017, an Italian judge for the preliminary investigations (usually referred as “GIP”, from Giudice per le Indagini Preliminari) ordered to obscure a website hosted in the US allegedly violating the privacy of an Italian citizen.  The latter had found that his personal data had been published on the website without his consent. As a interim measure while the case proceeds to court, the GIP ordered the national service providers to prevent connections from Read more [...]

Irlanda sta decidendo se sottoporre alla CGUE la pregiudiziale sulle clausole contrattuali tipo per il trasferimento internazionale di dati

Posted on by Federica Romanelli
La Corte Suprema irlandese sta decidendo se sottoporre alla Corte di Giustizia dell’Unione europea (CGUE) una questione pregiudiziale sulle clausole contrattuali tipo per il trasferimento di dati verso paesi terzi. Dal 7 febbraio 2017, la Corte Suprema irlandese si è riunita per decidere sulla causa intentata dal Garante Privacy irlandese contro Facebook Ireland Ltd e Max Schrems sul trasferimenti di dati internazionale UE-USA dopo lo scandalo Snowden. A seguito della decisione con cui la Read more [...]