The Italian Data Protection Authority on access to online services: use secure protocols 

The Data Protection Authority fined EUR 15,000 a water service provider for failing to appropriately protect the data of customers stored in the reserved area of its website. 

In particular, the Authority found that access to the Data Controller’s website dedicated to ‘online services’ was via an unencrypted network protocol (‘http’). 

The Data Protection Authority pointed out that protecting the transmission of personal data via cryptographic protocols avoids the risk of identity theft. 

Read the provision 


First Convention implementing the Memorandum between the Italian DPA and the CINI signed 

Recently, the Garante per la protezione dei dati personali and the Consorzio Interuniversitario Nazionale per l’Informatica (CINI) signed a Convention implementing the Memorandum of understandig signed at the headquarters of the Authority in Rome on 17 January 2022. 

Through the Convention, the two institutions intend to stimulate opportunities for discussion, development and research in the field of informatics and ICT. Furthermore, the Convention aims to protect fundamental rights – especially the right to personal data protection – in the application of informatics and ICT in every area of social life.  

Read the press release 


Consumer credit: Data Protection Authority’s green light for new Sic code of conduct 

The Garante per la protezione dei dati personali has accredited the new supervisory body for the protection of the consumers from problems with credit information systems (SIC) and gave final approval to the Code of Conduct for operators. 

It is the Code itself that clarifies the categories of data that can be processed, how the data can be collected and recorded, how the data subjects shall be informed, how long the data shall be stored, and how the report shall be communicated.  

Read the provision 


Data Protection Authority opens an inquiry on the so-called “paywall” 

According to the Data Protection Authority, it is not excluded that the owner of a site may make access to content by users conditional on consent for profiling purposes (through cookies or other tracking tools) or, alternatively, on the payment of a fee. However, following initiatives taken in recent days by some online media, the Authority has launched a series of inquiries to verify the legitimacy of such initiatives. 

Read the press release  


Deep fake: Data Protection Authority investigates app that fakes voices 

The Italian Data Protection Authority has opened an inquiry against the company that provides the “Fakeyou” application. The application allows text files to be played through fake but realistic voices of famous people, including Italian ones. 

Read the press release 

Author elex

More posts by elex