Garante privacy

Italian Garante Launches Public Consultation on the Implementation of “Pay or Ok” Models

By Kristof Van Quathem & Laura Somaini on May 12, 2025

Posted in Data Privacy, EU Data Protection, GDPR

On April 29, 2025, the Italian data protection authority (“Garante”) launched a public consultation to collect feedback from stakeholders about the so-called “Pay or Ok” model.

“Pay or Ok” refers to the concept of making access to a website’s content or service conditional on the website visitor performing one of…

Italian Legislator and Regulator Update Rules on Processing of Health Data for Medical Research

By Kristof Van Quathem & Laura Somaini on May 24, 2024

Posted in Data Privacy, European Union, Health Privacy

On May 9, 2024, the Italian data protection authority (“Garante”) published a decision identifying the safeguards that controllers must put in place when processing health data for medical research purposes, in cases where data subjects’ consent cannot be obtained for ethical or organizational reasons.

The Garante’s decision follows a recent legislative development, enacted by Law n. 56 of April 29, 2024, and effective as of May 1, 2024, which amended, among other things, Article 110 of the Italian Privacy Code. The amendment removes the obligation to submit a research program and related data protection impact assessment (“DPIA”) for prior consultation to the Garante, in cases where it is impossible or disproportionately burdensome to contact the concerned individuals.

We provide below an overview of the legal framework and the safeguards identified by the Garante.Continue Reading Italian Legislator and Regulator Update Rules on Processing of Health Data for Medical Research

Italian Garante Issues Guidance on the Use of AI in the Context of National Healthcare Services

By Kristof Van Quathem, Laura Somaini & Max Jerman on November 8, 2023

Posted in Artificial Intelligence (AI), Digital Health, Health Privacy

On October 12, 2023 the Italian Data Protection Authority (“Garante”) published guidance on the use of AI in healthcare services (“Guidance”). The document builds on principles enshrined in the GPDR, national and EU case-law. Although the Guidance focuses on Italian national healthcare services, it offers considerations relevant to the use of AI in the healthcare space more broadly.

We provide below an overview of key takeaways.Continue Reading Italian Garante Issues Guidance on the Use of AI in the Context of National Healthcare Services

Italian Garante Fines Digital Marketing Company Over Use of Dark Patterns

By Kristof Van Quathem & Laura Somaini on May 12, 2023

Posted in Dark Patterns, EU Data Protection, GDPR

On April 17, 2023, the Italian Supervisory Authority (“Garante”) published its decision against a company operating digital marketing services finding several GDPR violations, including the use of so-called “dark-patterns” to obtain users’ consent. The Garante imposed a fine of 300.000 EUR.

We provide below a brief overview of the Garante’s key findings.Continue Reading Italian Garante Fines Digital Marketing Company Over Use of Dark Patterns

Italian Garante Approves Code of Conduct on Telemarketing and Telesales

By Dan Cooper & Laura Somaini on April 7, 2023

Posted in Data Privacy, European Union

On March 24, 2023, the Italian data protection authority (“Garante”) approved a Code of conduct (“Code”) on telemarketing and telesales activities. The Code was promoted by various Italian industry and consumer associations, pursuant to Article 40 of GDPR.

The Garante notes that the Code reflects broad industry consensus, and welcomes it as an important step to ensuring the lawful performance of the covered activities. The Garante have been historically active in regulating telemarketing and telesales companies, and has applied some of its largest fines to this sector. We provide below an overview of the Code’s key provisions and obligations.Continue Reading Italian Garante Approves Code of Conduct on Telemarketing and Telesales

Italian Supervisory Authority Publishes FAQs on Data Protection and COVID-19

By Dan Cooper on May 17, 2020

Posted in COVID-19

On May 6, 2020, the Italian Supervisory Authority (“Garante”) published a list of frequently asked questions (“FAQs”) and answers on data protection and COVID-19 (see here, in English).

The FAQs build on and expand guidance previously issued by the Garante (see our blog post here), and take into account recent measures adopted by Italian authorities, such as the Protocol on Fighting COVID-19 in the Workplace that the Italian government signed with several trade unions on March 14, 2020 (see our blog post here), which was slightly amended on April 24, 2020 (see here).

Among other topics, the FAQs cover: (1) data processing by private employers in the context of the COVID-19 health emergency; and (2) data processing in clinical trials and medical research in the context of the COVID-19 health emergency.
Continue Reading Italian Supervisory Authority Publishes FAQs on Data Protection and COVID-19

Italian Supervisory Authority Publishes COVID-19 Guidance

By Dan Cooper on March 4, 2020

Posted in COVID-19

On March 2, 2020, the Italian Supervisory Authority (“Garante”) published a “statement” in which it clarifies how companies should process personal data in the context of their efforts for preventing a spread of the coronavirus disease (“COVID-19”) among their employees and others in Italy (see here, in Italian).

The…
Continue Reading Italian Supervisory Authority Publishes COVID-19 Guidance

Inside Privacy