Signed the ‘Manifesto di Pietrarsa”: educating children about the value of personal data to make them aware individuals, citizens and consumers.
On the occasion of its 25th anniversary, the Garante per la protezione dei dati personali organised the event ‘State of Privacy ’22’ at the National Railway Museum of Pietrarsa.
The event concluded with the signing of the ‘Manifesto di Pietrarsa’, which aims to promote actions and results in the field of awareness raising and education of the children.
One of the initiatives promoted by the Authority is to raise citizens’ level of awareness of the value of their data through promotional activities, information campaigns and prize games. Another aims to design training courses aimed at children and the elderly, on the value of personal data, to make them aware of the use of digital devices and services.
After the signature of the President of the Authority, representatives of universities, public bodies and important multinational companies joined.
DPA to Facebook: clarification needed on activities during the elections.
The Garante per la protezione dei dati personali has sent Facebook Italia (Meta) an urgent request for information on the social network’s activities related to the political elections. In fact, Meta announced that it had launched an information campaign through the publication of election memos.
In particular, the campaign was aimed at Italian users over 18 years of age and, according to Facebook, was intended to counter interference and abstentionism. Meta’s initiatives included collaborating with independent fact-checking organisations and using a Virtual Operations Centre to identify potential threats in real time.
The Garante recalled that particular attention must be paid to the data processing revealing the political opinions of data subjects and to the respect for the free speech, as already remarked in past election-related cases such as ‘Cambridge Analytica’ and ‘Candidati’. Therefore, Facebook will have to provide detailed information on the initiative taken, the data processing carried out, and the measures taken to ensure that the initiative was only brought to the attention of adults.
Is the right of defense stronger than privacy? The Court of Cassation says “yes, but”
The Court of Cassation (judgment no. 28398/22, published on 29 September) held that the behaviour of an employee, who secretly records conversations with colleagues to protect his position within the company, can be considered constitutionally legitimate.
In particular, the Court recommends a balance between ensuring the confidentiality of communications and the right of defense. Therefore, the data subject’s consent is not necessary when the processing is used to pre-prepare evidence to be enforced in court, as long as the use of the file does not go beyond the scope of the defense argument.
DPA fined the developer of a diabetes app
The Garante per la protezione dei dati personali fined a US company developer of an app for diabetics for unlawful processing of personal data in the use of its glucose monitoring system. In fact, the users of this app were required to accept both the contractual terms of service and the content of the privacy policy with a single ‘click’. In this way, data subjects could not express specific consents for different processing.
Furthermore, the US company illegally disclosed the e-mail addresses and health data of approximately 2000 Italian diabetes patients by entering the recipients’ addresses in the ‘Cc’ field rather than in the ‘Bcc’ one. Each recipient was thus able to view the email addresses of others.
On this point, the Authority highlighted that an e-mail address is personal data, because it concerns an identified or identifiable person; for this reason, it must be processed in a lawful, correct and transparent manner, implementing appropriate security measures.
