After four long years, European policy makers reached an agreement on the European data protection reform and the terms of the upcoming General Data Protection regulation (GDPR) – formally known as the “Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data”.
The GDPR will finally be adopted in the next few days and will take effect early 2018. As such, the GDPR will be replacing the European Data Protection Directive of 1995.
The Global Privacy Enforcement Network (GPEN), a body which initiates and coordinates data protection authorities actions, has promoted the "Privacy Sweep 2014" initiative. On a date between May 12 and May 18, 2014, 28 data protection authorities are going to check smartphone and tablet apps, also with the aim of raising awareness among users on the need to protect privacy. It will be interesting to see what will arise out of “sweep day”.
Under Italian law, processing of personal sensitive data is subject to:
1. Prior information to, and express consent of, the interested subject; and
2. Prior authorization by the Data Protection Authority (Section 26 of Legislative Decree no. 196/2003).
The Italian Data Protection Authority is entitled to issue general authorizations (as per Section 40) that set forth which processing by whom and at which conditions can be deemed to be authorized.