The Federal Commissioner for Data Protection and Freedom of Information of Germany, also known as BfDI (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit), recently published an opinion on the topic of Generative Artificial Intelligence (AI). In a previous article, we discussed Generative AI, which refers to artificial intelligence applications capable of generating new content, rather […]
English Posts

Meta Platforms Faced with Largest Fine in GDPR History for Unlawful Personal Data Transfer to the United States
In a remarkable development that has sent shockwaves across the digital domain, Ireland’s Data Protection Commission (DPC) has imposed a €1.2 billion fine to conclude its long-term investigation into Meta Platforms Ireland Limited – formerly Facebook Ireland – over its data transfers from the EU/EEA to the United States. Let us take a look at […]

“Decreto Trasparenza”: Italian businesses to comply with new obligations for automated processing of employee data
In August 2022, Italy implemented the EU Directive No. 2019/1152 of the European Parliament and of the Council of 20 June 2019 on transparent and predictable working conditions in the European Union by adopting the new Legislative Decree 2022/104 (so called “Decreto Trasparenza”, meaning the “Transparency Decree”). What areas does the Decree cover? The new […]

ChatGPT is back in Italy – What changes have been made and what do users need to know?
OpenAI, the company behind the successful ChatGPT, has been in the spotlight recently due to privacy concerns, particularly in the European Union. Italy’s data protection authority, known as the Garante, imposed a temporary ban on the platform on 31 March, following reports of a data breach that affected ChatGPT users‘ conversations and payment information. As […]

New regime for data transfers from China to third countries
February 2023 was a busy month for China’s data protection regulator and supervisory authority – the Cyberspace Administration of China (CAC). This month marks the end of the six-month grace period for the Regulation of Security Assessment for Outbound Data Transfer (hereinafter referred to as the “Regulation”). With the Regulation now fully in force, companies […]
The Artificial Intelligence Revolution Taking the World by Storm – Are You Ready?
The term “Artificial Intelligence” (AI) has many possible meanings, although a simple one defines it as the ability of a computer to perform tasks that have traditionally required human intelligence. AI has been a part of our lives for many years now as it is used in everyday consumer products such as spam filters for […]
ChatGPT temporarily banned by the Italian Garante
Following a data breach reported on March 20th by OpenAI, the US company that develops and manages the ChapGPT platform, the Italian Garante decided on Thursday March 31st to temporarily limit the processing of Italian users’ personal data by the platform. As a result of the Garante’s decision, the company has blocked ChatGPT in Italy […]
Synthetic data: Anonymized data or Pseudonymized data?
Synthetic data undoubtedly offer several benefits to the privacy and data protection of individuals, however, the debate regarding the extent of their use and the potential risk of re-identification renders its use controversial. Specifically, the question of whether synthetic data can be rendered pseudonymous or anonymous remains unresolved and both views have acquired supporters and […]
The EDPB releases report of the outcome of the cookie banner task force
Following the massive number of draft complaints (over 500) to companies implementing allegedly unlawful cookie banners issued in May 2021 by the non-profit organization NOYB, the EDPB decided to set up a task force composed of delegations of the EU Supervisory Authorities (SAs) to coordinate the response to complaints filed with several European SAs by […]
Privacy matters: the intrinsic value of data protection
Records of processing activities. Data processing agreements. Data processing impact assessments. Privacy notices. Cookie banners. Data subject requests. Data flow mapping…The world of data privacy can be overwhelming, even for those of us who work with it professionally. It is especially frustrating when companies feel that they are losing their competitive edge due to limiting […]
Synthetic data and data protection-related challenges
Synthetic data are information artificially generated by computer simulations or algorithms such as AI and ML tools, including ‚deep learning‘ methods. They are generated from real data with the goal to capture, represent and reproduce the characteristics, patterns, and structure observed in the authentic data. Although they are not real data, they allow the same […]
ChatGPT: Risks and challenges from a Data Privacy perspective
AI-powered chatbots are all the rage these days and ChatGPT is the biggest star. With more than 100 million monthly users just two months after its launch, it officially holds the record for the fastest-growing web platform in history, beating giants like Instagram and TikTok. The appeal of OpenAI’s ChatGPT is easy to understand. The […]
EU – most relevant GDPR fines of the last years
More than four years after the General Data Protection Regulation 2016/679 (GDPR) came into force, companies and organizations that process personal data inside and outside the EU have come to realize the benefits that a privacy-friendly business management can entail. Moreover, in the last years it became evident that processing personal data in violation of […]
The New Look of Cross-Border Transfers in Switzerland
The Swiss Parliament passed the revised Federal Act on Data Protection (nFADP) in the fall of 2020. The Swiss Federal Council announced that the law will enter into force on September 1, 2023. As there will be no transition period, the requirements must be met from the first day the law becomes effective. While we […]
Italian Sunshine Act: a GDPR oriented analysis
In June 2022, Law 62/2022 known as the Sunshine Act entered into force in Italy, introducing new transparency regulations on transfers of value established between companies operating in the pharmaceutical and health care sector and health care professionals (HCPs) as well as health care organizations (HCOs). The Italian Sunshine Act is one of the newest […]