Gdpr & Privacy

How much is privacy worth? Is it right paying for privacy? Following last Meta’s initiative to introduce paid privacy protection to deny advertising on its social media platforms, the digital profiling field deals with the need to comply with current privacy legal frameworks, like EU GDPR, to provide services under legit and clear users consent. Discover what’s new with the use of Meta’s Facebook and Instagram, the difference between free and paid accounts and how this decision impacts from a legal point of view.

Why should you protect your online identity? Protecting personal information is key to preserve individuals identity as secure access credentials online. The biggest risk to tackle regards identity theft, a severe cyber crime affecting personal sphere. Check out the best practices to reduce to lowest the odds of being targeted by identity theft on Internet and find out facts and stats about the risks for the safety of your personal identity when exploring the Web.

European Data Protection Board (EDPB), the independent body responsible for the consistent application of GDPR and the cooperation between EU data protection authorities, regulated in detail management and notification of personal data breaches via Guidelines 9/2022 Version 2.0. The data controller must act on any initial report to establish whether a personal data breach has actually occurred or not, assess the risk level, take all necessary measures to tackle the attack and notify the event to the supervisory authority. If a controller doesn’t act or notify the breach timely, there could be severe consequences according to GDPR’s Article 33.

Dark patterns are interfaces designed to push users taking unaware or unwanted actions, potentially dangerous for individual privacy. The European Commission works on tackling and regulating these “deceptive design patters”; in fact, European Data Protection Board published guidelines to recognize and deal with dark patterns, especially highlighting the relevance of GDPR’s Articles 5 and 25, where the first regards the principles of fair treatment, transparency, purpose limitation and data minimization, and the second establishes essential data protection design requirements to build an interface and avoid deceptive patterns.

GDPR’s Art. 39 designates the Data Protection Officer as the person in charge to manage, process and safeguard third parties’ private data, in compliance with data protection laws. Organisations dealing with large scale personal data processing must hire a Data Protection Officer considering the skills required to best fulfill the main responsibilities of this professional. Some example of large scale data processing concern hospitals patients data or banks customer data. The main Data Protection Officer’s tasks are the training of the personnel on data processing, the conduction of compliance audits and the interaction with data subjects and GDPR supervisory authorities for informational and organisational reasons.

A data breach occurs when a company is responsible for people’s personal data and suffers a security problem resulting in a violation in terms of confidentiality, availability or integrity.

Whistleblowing refers to the spontaneous disclosure by an individual, who witnesses an offense or irregularity, potentially harmful to the community, committed within the organization for which it works. How does GDPR protect the whistleblower?

The Trans-Atlantic Data Privacy Framework is the result of more than a year of negotiations between the European Union and the United States and intends to provide a solid and lasting way for transatlantic data transfer

Organizations collect information from consumers every day, much of which falls into the category of sensitive data that must be protected.

Cookie walls are a form of access mechanism that requires users to agree to the site owner's collection and use of their data. One of the goals is the monetization of that personal data.