Tag: Garante

Italian DPA launches investigation on cookie- and paywalls

27. October 2022

On October 21st, 2022 the Italian Data Protection Authority launched an investigation on the use of cookie walls by several online newspapers. Although the GDPR allows the implementation of cookiewalls and paywalls (not revealing the content of a website unless the cookies have been accepted or a certain amount of money has been paid), the Italian watchdogs will take a closer look if these have been correctly implemented correctly and do not violated the European regulation.

Further information is yet to be released by the authorities.

Garante statement: use of Google Analytics violates GDPR

29. June 2022

On June, 23, 2022, the Italian Data Protection Authority (Garante) released a statement on the use of Google Analytics (GA) holding the view that the use of GA by Italian websites without otherwise applicable safeguards violates the GDPR.

Garante comes out as the third data protection authority within the EU that declares the transfer of personal data through GA illegal. Earlier this year, CNIL and the Austrian data protection authority delivered a decision each, both coming to the same conclusion, namely that the use of GA violates the GDPR.

What lead to this statement is that Garante had received a number of complaints. However, it is also the product of coordination with other European privacy authorities.

In its reasoning, Garante assigns a special role to cookies that help GA to collect personal data, such as the IP address, visited pages, type of browser, and the kind of operating system. Garante considers it as proven that personal data is being transferred to the US when using GA. Garante reiterates that IP addresses qualify as personal data and that the pseudoanonymisation undertaken by GA is not sufficient to protect personal data from being accessed from US governmental agencies.

Garante called on all controllers and processors involved in Italian website operations for compliance and ordered a period of 90 days to comply with their obligations under the GDPR. The statement further states: “The Italian SA calls upon all controllers to verify that the use of cookies and other tracking tools on their websites is compliant with data protection law; this applies in particular to Google Analytics and similar services.”

Italian DPA imposes a 20 Mio Euro Fine on Clearview AI

29. March 2022

The Italian data protection authority “Garante” has fined Clearview AI 20 million Euros for data protection violations regarding its facial recognition technology. Clearview AI’s facial recognition system uses over 10 billion images from the internet and prides themself to have the largest biometric image database in the world. The data protection authority has found Clearview AI to be in breach of numerous GDPR requirements. For example, fair and lawful processing was not carried out within the data protection framework, and there was no lawful basis for the collection of information and no appropriate transparency and data retention policies.

Last November, the UK ICO warned of a potential 17 million pound fine against Clearview, and in this context, and also ordered Clearview to stop processing data.

Then, in December, the French CNIL ordered Clearview to stop processing citizens’ data and gave it two months to delete all the data it had stored, but did not mention any explicit financial sanction.

In Italy, Clearview AI must now, in addition to the 20 million Euro fine, not only delete all images of Italian citizens from its database. It must also delete the biometric information needed to search for a specific face. Furthermore, the company must provide a EU representative as a point of contact for EU data subjects and the supervisory authority.

Italian DPA fines Facebook

2. July 2019

The Italian Data Protection Authority Garante (Garante per la protezione dei dati personali) fined Facebook due to the Cambridge Analytica Scandal of 2015, which was discovered in 2018. The Cambridge Analytica Scandal is connected to the presidential campaign of the current president of the USA Donald Trump.

The Garante has imposed a fine of EUR 1.000.000 for abusing the use of data of more than 200.000 Italian Facebook users and their Facebook friends. According to the Garante, the abused data has not been transferred to Cambridge Analytica, which was also confirmed by a Facebook spokesman.  Nevertheless, the high fine was imposed.

The fine is still based on the old Italian Data Protection law because at the time of the abusive use the GDPR, which now applies throughout Europe, was not yet in force.

Facebook has to answer to the scandal not only in Italy. Legal consequences are also looming in the USA.

 

Spains DPA: Investigations due to WhatsApp sharing data with Facebook

10. October 2016

After Hamburg’s Data Protection Commissioner strongly recommended that Facebook should stop processing German data gained from WhatsApp, after the U.K. Information Commissioner, the ICO, also started to investigate the agreement betweent WhatsApp and Facebook and after Italy’s data protection authority, the Garante, has started to look into this issue, now Spain’s data protection authority, the AEPD, raises concerns.

Therefore, Spain’s data protection authority advises users to read the terms and conditions especially before accepting them. Furthermore, it offers guidance on changing the respective settings.