Skip to content

Category Archives: Privacy and Data Protection

About GDPR and Extraterritoriality

The extra-territorial aspect of the GDPR has been designed mimicking the criminal law approach enforced to punish crimes committed abroad by a national citizen. But while this approach works for criminal law, it doesn’t for civil (in the Continental meaning of the word) law that is strongly based on the jurisdiction (meant as “geographical limit […]

The Agenzia delle entrate possible data-breach and the Italian Data Protection Authority’s reaction

According to Il Sole24 Ore (the Italian financial daily newspaper), the Agenzia delle entrate (the public body entitled to the processing of Italian citizen’s tax information – about 20 billion, says the newspaper) has been shut down because of a bug allowing unrestricted access to those tax related information. This is a clear infringement of […]

The European Data Protection Supervisor on HowTo Give GDPR-related Information when Hiring

A couple of weeks ago the European Data Protection Supervisor  released the call for application CA6/2017 to hire a data and social scientist

A landmark decision about privacy from Indian Supreme Court?

Thanks to professor Raymond Wacks, possibly the world leading authority on privacy and privacy-related issues, I had the chance to read a more-than-500-pages-long privacy decision issued by the Indian Supreme Court last August 27. Definitely, a text that worth to be read.

The Basic Unfairness of the GDPR: a Regulation with No Teeth

A basic rule when designing a law is to create a precise link between the “order” part (thou shall not…) and the fine deriving from the non compliance (… otherwise shall go to jail.) But this is not enough, because to have a law working properly or being effective, it must be actually enforceable, otherwise […]

Bloomberg’s Article Delivers Misleading Information on Robot Insecurity

“Popular Robots are Dangerously Easy to Hack, Cybersecurity Firm Says” is an article by Jeremy Kahn published on Bloomberg Technology’s website that accounts for some vulnerabilities found in robot deployed in the industrial and home sectors.

GDPR is for Filing System Processed Data Only

A fair quantity of data processing, though digitally performed, is outside of the GDPR’s reach. I do not have figures comparing database-based processing to instantaneous, non-filing-system-handled data manning, nevertheless it is fair to say that the latter are a relevant part of the digital ecosystem (think of the instant messaging sector, where end-to-end communication is […]

The GDPR and the problem of “simple” wording-based consent

An always present “advice” about GDPR’s consent gathering is “keep it simple and clear”. This call for clarity, mainly advocated by the Data Protection Authorities themselves, is based on the assumption that legalese is actually a way to deceive the data subject into releasing a non well understood consent. Clarity is a good thing but, […]

The GDPR doesn’t work for Data Retention

A simple syllogism.

The EU Court of Justice: privacy and data protection are different rights. Data Protection Authorities are on notice

The press release 84/2017 issued by the EU Court of Justice on the EU-Canada PNR transfer contains¬† an important (though unnoticed) statement: … the transfer of PNR data from the EU to Canada, and the rules laid down in the envisaged agreement on the retention of data, its use and its possible subsequent transfer to […]