IP, ICT and Data Insights – October 2024

| Insights

The main European news

With the “IP, ICT and Data Insights” newsletter, the professionals of the Andersen service line provide a detailed overview of the latest developments at European level in the field of personal data protection, cybersecurity and intellectual property, analysing the most relevant case studies and case law updates.

An important privacy case study for Italy

Paola Finetto and Luca Rigotti, our professional experts for Italy, analysed a relevant case study that the Italian Supreme Court has dealt with in its ruling No. 28385/2023.

More specifically, with this ruling, the Supreme Court specified the importance of respecting the principle of privacy by design pursuant to Article 25 GDPR and reiterated a number of principles and measures of conduct that the Data controller must observe.

More specifically, the Supreme Court pointed out that, in order to ensure proper management of the processing of personal data, both data controllers and data processors must adopt appropriate technical and organisational measures and carry out a risk assessment already at the planning stage of personal data processing.

This is because the Supreme Court has reiterated that the right to the protection of personal data is one of those that are considered fundamental rights of the individual.

Risk management and Legislative Decree No. 231/2001

Our professionals also highlighted the connection between the issues addressed in the Newsletter and the broader area of risk management which is also relevant according to Legislative Decree No. 231/2001.

Specifically, this concerns the entity’s administrative liability for criminal offences, which arises where one of the predicate offences identified by the regulation is committed by a manager or subordinate in the interest or to the advantage of the entity itself.

In this regard, it is important to recall that among the predicate offences that may give rise to liability under Legislative Decree No. 231/2001 are also copyright infringement, cybercrimes and unlawful processing of personal data.

Therefore, the risk of incurring sanctions can be mitigated by proper organisational management and risk management of the entity.