IT Security & Privacy

In a notice circulated to trade associations, the Italian Data Protection Authority has said that hotels, bed and breakfasts, and guesthouses must not retain photocopies or digital images of guests’ identity documents beyond the time needed to transmit required information to public security authorities. The clarification comes as the regulator reports a rise in complaints and personal data breaches in recent months.

The European Commission and the European Data Protection Board (EDPB) recently confirmed that they will begin joint work to develop guidance on how competition laws and data protection interact. The effort is aimed at clarifying how each body of law applies in situations where their boundaries blur, an increasingly common reality in a data-driven economy.

Ten years after its adoption, the General Data Protection Regulation has become something far more consequential than a legal framework. It has quietly reshaped how power is exercised in the digital economy, defining not just how data is protected, but who is accountable for it.

ADT, one of the United States' most recognizable home security brands, has disclosed a cybersecurity incident in which an unauthorized party gained access to a limited set of customer and prospective customer data. The company's security systems detected the intrusion on April 20, triggering an immediate containment response that terminated the access, engaged third-party forensic investigators, and notified law enforcement.

The Italian Data Protection Authority is aiming at one of the more opaque tools in digital communications, issuing new guidelines that reshape how organizations can use tracking pixels in emails.

Italy’s data protection watchdog has handed down more than €12.5 million in fines to Poste Italiane and its digital payments arm Postepay, concluding that the companies unlawfully processed the personal data of millions of users through their mobile applications.

The European Data Protection Board is simplifying one of the more complex corners of the General Data Protection Regulation, adopting a new template designed to bring greater consistency and clarity to Data Protection Impact Assessments across Europe.