On 31 May 2022, the Italian Parliament approved Law 62/2022, also known as the Sunshine Act, which entered into force on 26 June 2022. The new rules will become fully operational once the Ministry of Health sets up the public database where companies will have to disclose their data. In practice, this means the new
Working on life sciences and data protection issues, Giulia Romana Mele supports pharmaceutical, food, and biotech companies in EU and Italian regulatory compliance, and assists clients in negotiating a rapidly-changing regulatory landscape affecting the use of existing and new technologies.
Giulia helps emerging and leading companies in the life sciences industry achieving their regulatory and commercial goals, identifying potential issues and developing risk-minimization solutions.
She further provides strategic advice to global companies on complying with EU, UK, and Italian data protection laws, with a focus on emerging issues in the AdTech environment.
On January 20, 2022, the European Parliament agreed amendments to the draft version of the Digital Services Act (“DSA”) that the Council agreed on November 25, 2021(see the European Parliament’s announcement here and agreed text here; see our blog post about the Council’s draft here). As a next step, the Parliament will discuss these…
On January 9, 2022, the cookie guidelines (“guidelines”) published by the Italian Supervisory Authority (“Garante”) on July 9, 2021 entered into force. This means that all those companies that have not yet conformed to the guidelines’ provisions should do so promptly, to avoid incurring in future sanctions. The guidelines include precise indications on, e.g., the categorization of cookies and other tracking technologies (“cookies”), the recommended design of the cookie banners, the collection, review and renewal of consent, and on the information notices.
On July 5, 2021, the Italian Supervisory Authority (“Garante”) announced that it has fined Foodinho S.r.l. (“Foodinho”) 2.6 million EUR for its use of performance algorithms in connection with its employees. The authority held Foodinho in breach of the principles of transparency, security, privacy by default and by design, and held it responsible for not implementing suitable measures to safeguard its employees’ (i.e., riders’) rights and freedoms against discriminatory automated decision making. The Garante’s decision is the first of its kind in the realm of the algorithmic management of gig workers. According to the Garante, Foodinho’s management violated Article 22(3) of the GDPR.
Continue Reading Italian Supervisory Authority Fines Foodinho Over Its Use of Performance Management Algorithms
On May 19, 2021, the Italian Supervisory Authority (“Garante”) fined a physician €5,000 for publishing a patient’s medical records without obtaining that patient’s specific consent to do so. As background, the physician downloaded medical records about a patient she treated at a local hospital from the hospital’s online archive system, including images taken during surgery. The physician used these records for a presentation at a medical conference, and also included them as documentation supporting a scientific research paper she submitted for a competition hosted by a surgeons’ association. The physician’s paper was ultimately selected as the winner of that competition, resulting in the publication of her work on the association’s website.
Continue Reading Italian Supervisory Authority Fines Physician for Secondary Use of Patient Data Without Specific Consent