Digital Accessibility and Data Protection: Insights from the Italian Data Protection Authority

Digital accessibility is becoming a central compliance topic across Europe. With the entry into application of the European Accessibility Act (Directive (EU) 2019/882, EAA), EU Member States must ensure that a wide range of digital products and services meet accessibility requirements so that people with disabilities can access them without barriers. These requirements apply to relevant products and services placed on the market from 28 June 2025.

While accessibility is often discussed primarily in terms of usability and inclusion, it also raises important data protection considerations. This connection is highlighted in a recent opinion issued by the Italian Data Protection Authority on draft guidelines concerning the accessibility of digital services.

Accessibility and Privacy: An Increasingly Connected Framework

In Italy, the implementation of the European Accessibility Act is governed by Legislative Decree No. 82/2022. Under this framework, the Agency for Digital Italy (AgID) is responsible for developing technical guidelines that define how accessibility requirements should be implemented and monitored.

Before such guidelines can be adopted, Italian law requires consultation with the national data protection authority where the measures may involve the processing of personal data. For this reason, the draft guidelines on digital service accessibility were submitted to the Italian data protection authority (Garante per la protezione dei dati personali) for review.

In its opinion of 29 January 2026, the Garante issued a favourable assessment while highlighting several safeguards necessary to ensure compliance with data protection rules.

The opinion emphasises that accessibility measures must be implemented in a way that respects core GDPR principles, including privacy by design and data minimisation.

Avoiding the Tracking of Accessibility Tools

One of the key issues identified by the Garante concerns the risk that accessibility technologies may reveal sensitive information about users.

Assistive technologies, customised accessibility settings, or specialised navigation tools may indirectly indicate that a user has a disability. If these tools are tracked or profiled, they may result in the processing of information related to a person’s health or disability.

For this reason, the Garante stresses that systems designed to improve accessibility must ensure that digital services do not track or profile accessibility tools, settings, or assistive technologies used by individuals, particularly where such tracking could reveal information about a user’s disability. This principle also applies where accessibility functionalities rely on third-party services or technologies.

Service providers should therefore avoid technical solutions that infer or disclose disability-related information through tracking mechanisms.

The Garante also underlines the importance of transparency. Providers should clearly state, within the information provided to users, that accessibility features do not rely on web-tracking technologies capable of revealing information about a user’s disability.

Why This Matters for Organisations

The opinion highlights an important message for organisations developing or operating digital services: accessibility compliance and data protection compliance must be addressed together.

Accessibility solutions often involve interface adaptations, assistive features, or personalised settings. If these technologies incorporate tracking mechanisms or are not carefully designed, they may unintentionally introduce new forms of data processing or profiling.

For organisations operating in the European digital market, accessibility initiatives should therefore be approached through an integrated compliance strategy, addressing both the European Accessibility Act and GDPR requirements, and including appropriate risk assessments where technologies could reveal sensitive user information.

As accessibility regulation continues to expand across Europe, organisations will increasingly need to ensure that digital inclusion is achieved without creating new privacy risks for users. In this context, organisations should involve their Data Protection Officer or privacy advisors when designing or implementing accessibility solutions in order to properly assess risks and adopt appropriate safeguards.