Author

Data portability in the new European Regulation 2016/679
A new civic duty for personal data controllers and a new right for data subjects: let’s see the content, the legal basis and the actual realization.

Why should one be interested in data portability and understand what it means?
The date of the 25 May 2018 comes closer. That day the GDPR will come into effect in all EU Countries. There are several news introduced by the new regulation that must be understood, regardless of being the physical person personal data refers to (as new rights are gained), or being the controller of data being received and processed (as new duties are gained). One of the main new features it the so-called “right to data portability” which is outlined by Article 20 and “Whereas” 68 and 73 of the GDPR, and illustrated by the Guidelines WP 242 adopted on 13 December 2016 (and last revised on 5 April 2017), the so-called document WP 242, written by the European Working Party “WP 29”.
The text of the GDPR can be accessed here, while the WP 242 document can be accessed here.

What are the most relevant juridical implications derive from the use of IoT devices, in particular in terms of personal data? What are the profiles that must be kept into account when developing IoT solutions?

This magazine has described the Internet of Things in the “Word of the Day” column and in last issues we had an article dedicated to the protection of IoT devices.
The interest on the topic is easily justified: a recent study by Aruba Networks, “The Internet of Things: Today and Tomorrow”, highlighted that the economics advantages of a business due to the adoption of IoT devices appear to exceed the expectations, so we can forecast a boom of the trend in the near future, in particular in sectors like industrial, health, retail, “wearable computing” (ie wearable devices like glasses, dresses, watches, etc.. connected to the Network), Public Administration, domotics and where companies create a “smart workplace”.
Therefore, as a consequence of the ample variety of sectors and the general interest on the topic, a lot of complications and implications might arise in terms from the use of IoT devices, in so as far legal aspects are concerned.

How a company should behave if suffering a Data Breach, according to the new General Data Protection Regulation (GDPR)? How should it do it and in which time? What are the liabilities and what sanction does it incur in if it does not behave accordingly?

We had a “Word of the Day” about Data Breaches recently, and our curiosity about the topic arose quickly on what a company should do, also from a juridical perspective, in case it is victim of an IT violation and what are its liabilities according to European Regulation 2016/679 which will become effective in a few months and it’s worth preparing for it. 

No doubts about the direct civil liability of a Provider of illegal acts performed by the provider itself. But can we talk about provider’s civil responsibility also with regards of the diffusion, by means of its infrastructure, of illegal contents by part of third-parties? Drawing inspiration from a recent sentence of the Corte d’Appello di Roma (appeal court of Rome), in this article we will try to clear things on the civil responsibility of Cloud ISP.

In the IT language, the term Provider refers to an intermediary entity in communication that offers different services: for instance, access to the network with Internet - Network Provider; or access to Internet services - Internet Provider; Website hosting - Host Provider; and so forth. So, what is the responsibility of a Provider for such “mediatoring” activity? A recent sentence of the aforementioned Corte d’Appello di Roma, sentence n.2833 of April 29, 2017, stated declared the civil liability of a provider for any illegal act committed by third parties using the provided digital platform.

In particular, such third party illegally used and diffused with the platform provided by the provider, some TV shows whose rights holders sued the Provider for compensation.