Artificial Intelligence (AI) is reshaping HR and recruitment practices worldwide, promising enhanced efficiency and precision. While the adoption of AI in HR is not groundbreaking news, as many large companies have relied on similar solutions for years, its undeniable benefits continue to drive organizations of all sizes towards embracing AI-powered tools. Technologies like resume screening […]
Dott. Mag. Giulia Provini
Posts by Dott. Mag. Giulia Provini:
Retention of Metadata – legal and business impacts of the Italian DPA guideline – UPDATED
A few months ago, we delved into a new decision of the Italian data protection authority (Garante) on this blog, which recommended that employers set retention periods for their employees‘ email metadata not exceeding 7 days. This guideline created some confusion, leading the Garante to suspend its applicability and open it up for public consultation […]
Privacy and AI: Schufa algorithm condemned by the CJEU
In December 2023, the Court of Justice of the European Union (CJEU) issued Judgement C-634/21 on the Schufa case. This landmark ruling is set to shape the GDPR-friendly approach to future AI-based businesses. At a pivotal moment where AI takes center stage in the European Institutions’ agenda, with efforts towards the adoption of the renowned […]
Seven days to retain metadata – legal and business impacts of the Italian DPA decision
Indiscriminate and unrestricted retention of employee data (especially their emails) is a common yet dangerous violation of the GDPR that undermines workers‘ rights from multiple perspectives. But how far can GDPR compliance go without excessively hindering business needs and interests? This is the question behind one of the most recent (and discussed) decisions of the […]
AI Act – What’s next?
After a record-long negotiation (36 hours), the EU Parliament declared on Friday, December 8, 2023, that they have successfully reached an agreement on the upcoming AI Act. As of now, there is no official text available. The only official sources of information that we have are press releases from the EU institutions involved in the […]
CJEU rules on Right of Access and first copy of personal data: what companies should know
The Court of Justice of the European Union (CJEU) issued a recent ruling in case C-307/22, highlighting important considerations regarding the extent of the right of access under Article 15 of the GDPR. This ruling carries significant implications for companies that process personal data under the GDPR. It asserts that the GDPR right of access […]
“Decreto Trasparenza”: Italian businesses to comply with new obligations for automated processing of employee data
In August 2022, Italy implemented the EU Directive No. 2019/1152 of the European Parliament and of the Council of 20 June 2019 on transparent and predictable working conditions in the European Union by adopting the new Legislative Decree 2022/104 (so called “Decreto Trasparenza”, meaning the “Transparency Decree”). What areas does the Decree cover? The new […]
EU – most relevant GDPR fines of the last years
More than four years after the General Data Protection Regulation 2016/679 (GDPR) came into force, companies and organizations that process personal data inside and outside the EU have come to realize the benefits that a privacy-friendly business management can entail. Moreover, in the last years it became evident that processing personal data in violation of […]
Italian Sunshine Act: a GDPR oriented analysis
In June 2022, Law 62/2022 known as the Sunshine Act entered into force in Italy, introducing new transparency regulations on transfers of value established between companies operating in the pharmaceutical and health care sector and health care professionals (HCPs) as well as health care organizations (HCOs). The Italian Sunshine Act is one of the newest […]
Cybersecurity in the EU: the new NIS 2 Directive comes into force
Cybersecurity has become an increasingly discussed topic in Europe and is more and more valued and controlled on a business level by most companies operating in the EU market. The reason for this rising trend can certainly be traced back to the impressive rate of cyber attacks, which continues to increase each year, as shown […]
EU Commission published Draft Adequacy Decision for EU – US data transfer
On 13 December 2022, approximately only 1 month after the signing of President Biden’s Executive Order, the European Commission announced the Draft Adequacy Decision for EU – US Data Transfers. This time-record achievement officially launches the process towards the adoption of the Adequacy Decision for the proposed EU-US Data Privacy Framework, and may put a […]