This website use only session cookies and particularly Matomo cookie for Web Analytics to acquire statistics in an anonymous and aggregate form relating to your navigation on the pages of this site. We enabled by default -do not track support- and opt-out, but you can choose to activate opt-in. Anyway, we invite you to read the Privacy Policy, where you can also choose opt-in or opt-out at the top of the webpage.
Announcement
We moved all posts previously published on our Digital Notepad to this blog, and they are listed under the Notes page, which you can find in the menu.
We will publish all new technical posts here and no more on our Digital Notepad, which will remain online anyway.
📬 Stay Updated on Data Protection, Privacy, AI & Tech Law
Expert legal analysis on GDPR, AI regulation, cybersecurity, and emerging technologies delivered to your inbox every Monday.
AI Act: i regulatory sandbox tra obbligo normativo e vuoto attuativo
Ad agosto 2025, solo uno Stato membro su ventisette disponeva di un AI regulatory sandbox operativo. Analisi critica delle sfide strutturali — design, frammentazione, timing — e del rischio di sandbox shopping, con le fonti del documento EPRS PE 785.673 e il collegamento al modello ibrido di enforcement dell’AI Act.
AI Act: il modello di enforcement ibrido tra norme e realtĂ
A marzo 2026, solo 8 Stati membri su 27 hanno designato i propri punti di contatto unici ai sensi dell’art. 70 dell’AI Act. Un’analisi critica del modello ibrido di enforcement, del confronto strutturale con il GDPR e delle implicazioni del Digital Omnibus su AI.
EU Council sanctions three entities and two individuals for cyber-attacks against Member States
On 16 March 2026 the EU Council adopted restrictive measures against Integrity Technology Group, Anxun Information Technology and Emennet Pasargad. A legal and systemic analysis of the EU cyber sanctions regime.
Copyright and Generative AI: The European Parliament's Resolution Between Principles and Operational Gaps
The European Parliament adopted Resolution P10_TA(2026)0066 on copyright and generative AI on 10 March 2026. A critical analysis of its commendable principles and the operational gaps the Commission is now called upon to fill.
ePrivacy 2022–2026: From the Withdrawal of the Proposal to the CSAM Derogation Extension and the CSAR Trilogues
From the withdrawal of the ePrivacy Regulation proposal to the second extension of the CSAM derogation approved by the European Parliament on 11 March 2026, through to the ongoing CSAR trilogues: a systematic update four years after the 2022 article.
Digital Omnibus on AI: the European Parliament Rewrites the Commission's Rules
Comparative analysis of the IMCO-LIBE Draft Report PE782.530 (rapporteurs Kokalari and McNamara) against the Commission’s proposal COM(2025) 836: fixed deadlines replacing discretionary mechanisms, AI literacy obligation maintained on providers and deployers, strict necessity standard for sensitive data processing, presumption of conformity with the Cyber Resilience Act, and data protection authorities’ involvement in regulatory sandboxes.
The hidden cost of digital
While shredding old paper documents, I began reflecting on the real impact of our technological choices. From paper to digital, from data centers to artificial intelligence: we have replaced a visible impact with an invisible one. This is not an alarmist article, but an honest reflection on awareness, responsibility, and illusions.
Data Protection Day 2026: 45 Years of Convention 108 and the Challenge of Staying Vigilant
On 28 January 2026, we celebrate Data Protection Day, the anniversary of Convention 108. Between GDPR revision proposals, simplification measures, and new technologies, personal data protection requires constant vigilance. An analysis of current challenges supported by empirical data and institutional sources.
Gemini Protocol: A Human-Centric Alternative to the AI-Driven Web
An in-depth analysis of the Gemini protocol: its origins in 2019, the reasons behind its creation, technical overview, advantages and disadvantages, and why having a Gemini capsule might be worthwhile for privacy advocates.
The Danish Approach to Deepfakes: Can Copyright Protect Digital Identity?
Denmark has proposed amending its copyright law to introduce new personality rights against AI-generated deepfakes. An analysis of the opportunities and risks of this innovative regulatory approach, with a look at the implications for the European debate.
