Share This Article
Datonomy reports that tougher sanctions for data protection breaches are about to be introduced in the UK. This reminds me that similar measures have been implemented in Italy at the end of 2008. Indeed, Law No. 207/2008 prescribed, among others, sanctions:
-
up to โฌ 36,000 if a privacy policy compliant with the requirements prescribed by Italian data protection law is not provided to users; and
-
up to โฌ 120,000 for the unlawful processing of personal data (which includes any processing of personal data without the prior consent of the relative user) and for the lack of implementation of the security measures in the processing of personal data that are specifically decribed in the Italian Data Protection Code;
Moreover, Law No. 207/2008 states that if the same entity breaches several provisions of the Italian Data Protection Code in relation to particularly relevant or large databases, it can be santioned with fines up to โฌ 300,000 which can be doubled if the breach gives rise to considerable damages to users or is able to damage a number of users.
Finally, the abovementioned santions can be quadripled if they appear ineffective considering the financial conditions of the breaching party which – for instance – might occur in case of multinational companies.
Internet operators, including e-commerce and gaming operators, usually manage databases containing a substantial amount of personal data and sometimes underestimate privacy issues either adopting privacy policies that are very generic or are a mere translation of the policy adopted in the US or sending marketing emails without having requested the prior express consent from users.
These new sanctions will encourage operators to pay more attention to the processing of the personal data of their users which will entail a better protection of users’ privacy.
(Visited 1 times, 1 visits today)
