Newsletter Archive

NicFab Newsletter Issue 15 | 7 April 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 15 of our weekly newsletter covering privacy, data protection, artificial intelligence, cybersecurity, and ethics. Every Tuesday, this newsletter brings you a curated selection of the most relevant developments from the previous week, with a focus on European regulatory trends, case law, enforcement, and technological innovation. In this issue ITALIAN SUPERVISORY AUTHORITY EDPS - EUROPEAN DATA PROTECTION SUPERVISOR EUROPEAN COMMISSION CNIL - FRENCH SUPERVISORY AUTHORITY DIGITAL MARKETS & PLATFORM REGULATION ARTIFICIAL INTELLIGENCE CYBERSECURITY SCIENTIFIC RESEARCH AI Act in a Nutshell Legal Prompting Podcast From the NicFab Blog Events Conclusion ITALIAN SUPERVISORY AUTHORITY Record fine for Intesa Sanpaolo: €31.8 million for data breach The Italian Supervisory Authority (Garante Privacy) has imposed one of the largest fines in its history on Intesa Sanpaolo — €31.8 million — for serious data security failings. An employee gained unauthorized access to the banking records of 3,573 customers on more than 6,600 occasions over a period of two years, without being detected by internal controls. ...

NicFab Newsletter Issue 14 | 31 March 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 14 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity, and ethics. Every Tuesday, you will find a curated selection of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement, and technological innovation. In this issue ITALIAN DATA PROTECTION AUTHORITY EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR CNIL - FRENCH AUTHORITY EUROPEAN PARLIAMENT COUNCIL OF THE EUROPEAN UNION DIGITAL MARKETS & PLATFORM REGULATION ARTIFICIAL INTELLIGENCE CYBERSECURITY SCIENTIFIC RESEARCH AI Act in Pills Legal Prompting Podcast From the NicFab Blog Events and Meetings Conclusion ITALIAN DATA PROTECTION AUTHORITY Significant fines and new recommendations from the Italian DPA The Garante Privacy’s newsletter of March 26 presents four interventions of particular relevance. The most notable is a fine of over €500,000 imposed on Enel Energia for unlawful telemarketing: the company used customer data for promotional purposes without adequate consent, including through third-party companies during service-related contacts. The Authority highlighted the inadequacy of the technical and organisational measures adopted to prevent unlawful processing in re-contact procedures. ...

NicFab Newsletter Issue 13 | March 24, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to Issue 13 of our weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity, and ethics. Every Tuesday, you’ll find a curated selection of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement, and technological innovation. In this issue ITALIAN DATA PROTECTION AUTHORITY EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR CNIL - FRENCH AUTHORITY EUROPEAN PARLIAMENT COUNCIL OF THE EUROPEAN UNION COURT OF JUSTICE OF THE EUROPEAN UNION DIGITAL MARKETS & PLATFORM REGULATION INTERNATIONAL DEVELOPMENTS ARTIFICIAL INTELLIGENCE CYBERSECURITY TECH & INNOVATION SCIENTIFIC RESEARCH AI Act in a Nutshell Legal Prompting Podcast From the NicFab Blog Featured Events and Meetings Conclusion ITALIAN DATA PROTECTION AUTHORITY Court of Rome: OpenAI Fine Overturned On December 20, 2024, the Italian Data Protection Authority announced Decision No. 755 of November 2, 2024, against OpenAI, imposing a fine of 15 million euros for alleged GDPR violations related to ChatGPT. OpenAI had challenged the decision and obtained a preliminary injunction in March 2025. ...

NicFab Newsletter Issue 12 | March 17, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to Issue 12 of our weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity, and ethics. Every Tuesday, you’ll find a curated selection of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement, and technological innovation. In this issue ITALIAN DATA PROTECTION AUTHORITY EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR EUROPEAN COMMISSION CNIL - FRENCH DATA PROTECTION AUTHORITY EUROPEAN PARLIAMENT DIGITAL MARKETS & PLATFORM REGULATION INTERNATIONAL DEVELOPMENTS ARTIFICIAL INTELLIGENCE CYBERSECURITY TECH & INNOVATION SCIENTIFIC RESEARCH Column – AI Act in a Nutshell | Part 12 – Article 16 From the NicFab Blog Featured Events and Meetings Conclusion ITALIAN DATA PROTECTION AUTHORITY # Data Protection Authority fines Intesa Sanpaolo €17.6 million The Data Protection Authority imposed a record fine of €17.6 million on Intesa Sanpaolo for unilaterally transferring 2.4 million customers to its subsidiary Isybank through unlawful profiling. The bank selected customers under 65 who used digital channels and had, without an adequate legal basis. ...

NicFab Newsletter Issue 11 | March 10, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 11 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity and ethics. Every Tuesday you will find a curated selection of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement and technological innovation. In this issue ITALIAN DATA PROTECTION AUTHORITY EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR CNIL - FRENCH AUTHORITY EUROPEAN PARLIAMENT COUNCIL OF THE EUROPEAN UNION INTERNATIONAL DEVELOPMENTS ARTIFICIAL INTELLIGENCE CYBERSECURITY TECH & INNOVATION SCIENTIFIC RESEARCH AI Act in Pills Events and Meetings Conclusion ITALIAN DATA PROTECTION AUTHORITY Italian DPA Monitors “Forest Family” Case, Emphasizes Minor Protection The Italian Data Protection Authority has issued a statement regarding the widely reported “forest family” case, emphasizing its commitment to monitoring situations involving minors’ data protection. The Authority expressed particular concern about cases that may expose children to significant media attention, highlighting the heightened vulnerability of minors in such circumstances. ...

NicFab Newsletter Issue 10 | March 3, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 10 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity, and ethics. Every Tuesday, you will find a carefully selected list of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement, and technological innovation. In this issue ITALIAN DATA PROTECTION AUTHORITY EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR EUROPEAN COMMISSION CNIL - FRENCH AUTHORITY EUROPEAN PARLIAMENT INTERNATIONAL DEVELOPMENTS ARTIFICIAL INTELLIGENCE CYBERSECURITY TECH & INNOVATION SCIENTIFIC RESEARCH AI Act in a Nutshell Events and meetings Conclusion ITALIAN DATA PROTECTION AUTHORITY Stop the filing of Amazon workers: the Authority prohibits unlawful processing The Privacy Authority has ordered Amazon Italia Logistica to immediately cease processing the personal data of over 1,800 workers at the Passo Corese center. The investigation revealed the systematic collection of sensitive information via a platform linked to the attendance system, accessible to numerous managers and stored for up to 10 years after the termination of employment. ...

NicFab Newsletter Issue 9 | February 24, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 9 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity, and ethics. Every Tuesday, you will find a carefully selected list of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement, and technological innovation. In this issue ITALIAN DATA PROTECTION AUTHORITY EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR EUROPEAN COMMISSION CNIL - FRENCH AUTHORITY EUROPEAN PARLIAMENT COUNCIL OF THE EUROPEAN UNION DIGITAL MARKETS & PLATFORM REGULATION INTERNATIONAL DEVELOPMENTS ARTIFICIAL INTELLIGENCE CYBERSECURITY TECH & INNOVATION SCIENTIFIC RESEARCH AI Act in a Nutshell - Part 9 Events and meetings reported Conclusion ITALIAN DATA PROTECTION AUTHORITY Sanction against eCampus for facial recognition: a warning for the education sector The Data Protection Authority imposed a €50,000 fine on eCampus University for the unlawful use of facial recognition systems during online teaching qualification courses. The violation affected more than 450 students per lesson, highlighting the extent of the impact on the rights of those concerned. ...

NicFab Newsletter Issue 8 | February 17, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 8 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity, and ethics. Every Tuesday, you will find a curated selection of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement, and technological innovation. In this issue ITALIAN DATA PROTECTION AUTHORITY EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR EUROPEAN COMMISSION CNIL - FRENCH AUTHORITY COUNCIL OF THE EUROPEAN UNION COURT OF JUSTICE EU DIGITAL MARKETS & PLATFORM REGULATION AI STANDARDS AND CERTIFICATIONS INTERNATIONAL DEVELOPMENTS ARTIFICIAL INTELLIGENCE CYBERSECURITY TECH & INNOVATION SCIENTIFIC RESEARCH AI Act in Pills From the NicFab Blog Events and Meetings Conclusion ITALIAN DATA PROTECTION AUTHORITY PODCAST “A proposito di privacy” - Workers’ Rights Featured in New Episode The Italian DPA’s latest podcast episode explores workplace privacy rights, drawing from their significant €5 million fine against a food delivery company in November 2024. The case highlighted algorithmic management systems that controlled rider schedules and order assignments while tracking location data beyond working hours without proper consent. ...

NicFab Newsletter Issue 7 | February 10, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 7 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity and ethics. Every Tuesday you will find a curated selection of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement and technological innovation. In this issue EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR EUROPEAN COMMISSION DIGITAL MARKETS & PLATFORM REGULATION INTERNATIONAL DEVELOPMENTS ARTIFICIAL INTELLIGENCE CYBERSECURITY TECH & INNOVATION SCIENTIFIC RESEARCH AI Act in Pills Events and Meetings Conclusion EDPB - EUROPEAN DATA PROTECTION BOARD Opinion 1/2026 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Heineken Group The EDPB has issued its opinion on Heineken Group’s Controller Binding Corporate Rules (BCRs), marking another step in the approval process for these critical data transfer mechanisms. BCRs remain one of the most robust legal bases for international data transfers within corporate groups, particularly following the uncertainty created by the Schrems II decision. ...

NicFab Newsletter Issue 6 | February 3, 2026 Privacy, Data Protection, AI, and Cybersecurity Welcome to issue 6 of the weekly newsletter dedicated to privacy, data protection, artificial intelligence, cybersecurity, and ethics. Every Tuesday, you will find a curated selection of the most relevant news from the previous week, with a focus on European regulatory developments, case law, enforcement, and technological innovation. In this issue ITALIAN DATA PROTECTION AUTHORITY EDPB - EUROPEAN DATA PROTECTION BOARD EDPS - EUROPEAN DATA PROTECTION SUPERVISOR EUROPEAN COMMISSION EUROPEAN PARLIAMENT COUNCIL OF THE EUROPEAN UNION DIGITAL MARKETS & PLATFORM REGULATION AI STANDARDS AND CERTIFICATIONS INTERNATIONAL DEVELOPMENTS CYBERSECURITY TECH & INNOVATION SCIENTIFIC RESEARCH AI Act in a Nutshell From the NicFab Blog Events and meetings Conclusion ITALIAN DATA PROTECTION AUTHORITY Garlasco case: Data Protection Authority warning on information limits The Data Protection Authority has condemned the behavior of the media and websites in their coverage of the Chiara Poggi case, denouncing a progressive increase in the level of detail in the reconstruction of facts, personal contexts, and individual profiles that exceeds legitimate informational purposes. ...