With communication dated 31.01.2022 the plan of the initiative inspection activity by the Italian Data Protection Authority has been published, limited to the period January-June 2022 (web doc no. 9737049).
During the first half of this year, the Authority’s spotlight will be on several issues that affect many companies, such as cookie management through corporate websites, video surveillance, data monetization, use of database and much more.
The inspection plans are adopted by the Data Protection Authority also in order to establish priorities in relation to available resources and to identify principles and criteria that inform, periodically, the inspection activity. The verifications are executed by the personnel of the Authority, otherwise they can be delegated to the Special Nucleus for privacy protection and technological frauds of the Financial Police (i.e. Guardia di Finanza). These verifications are carried out in the places where the data treatments are achieved or in which it is necessary to carry out surveys however useful to the same control.
Checks can be carried out on all those subjects who are processing activities covered by the measure, which are not necessarily identified on the basis of complaints or reports.
Specifically, over the course of this six-month period, the processing activities on which the inspections will focus will be:
the processing of personal data by database providers;
the processing of personal data by platforms and websites regarding the correct management of cookies;
the processing of personal data in the “video-surveillance” sector;
the processing of data by dating sites, by operators in the field of data monetization and by manufacturers and distributors of smart toys;
in addition, great attention will be devoted to the use of algorithms and artificial intelligence in the public and private sectors.
Finally, inspections will be carried out on public and private entities in order to verify compliance with personal data protection provisions, with particular reference to the correct identification of Data Controllers and Data Processors, also in relation to the use of apps and other IT applications.
Particularly in this area, special attention will be paid to the acquisition of information and personal data by apps installed on smartphones and to the verification of the correct treatment of data by apps other than “Verifica C19”.
Therefore, there are many areas touched by the measure and they concern processing activities that are carried out by a very large number of companies. For example, the proper management of cookies on corporate websites, a topic of great importance especially after the recent Guidelines on the use of cookies and other tracking tools issued by the Italian Authority with the provision dated 10.06.2021 and directly operational from 09.01.2022.
Data monetization is also a hot topic today, especially after the approval of Legislative Decree 173/2021 implementing EU Directive 2019/770 on certain aspects of contracts for the supply of digital content and digital services, which amended the Consumer Code.
Obviously, the Authority may carry out further investigative activities of an inspective nature on its own initiative or in relation to reports or complaints received by it.