A general resolution on profiling activities online, issued in March by the Italian Data Protection Authority (the Garante), has been published in the Italian Official Gazette and comes into force now.
The rules are part of a guidance dealing with profiling activities via web and are addressed to both operators and users. Informed consent is clearly mandatorily requested.
The most important thing to bear in mind is that the guidance covers rights of both users and clients. Usually, notice and legal terms on web profiling refer to clients only. In this case, rights and duties provided for by the regulations are extended to people that occasionally surf a website as well and so may be profiled. The right of access to information and to deny consent for profiling activities has to be granted at any time to everybody.
The Garante is an authority that is keeping high the level of debate on data processing issues, without indulging in the temptation of debating to0 much the future scenario after the approval of the GDPR.
At the same time, Italy still has legislation that, for example, imposes a separate request of consent for each single purpose; That is, a company processing data for marketing and for profiling activities is obliged to request two different consents. This is still a crucial pending point that needs, in my opinion, an urgent action from the legislature and/or Garante in order to simplify and minimize the impact of request of consents on the business.
If you want to comment on this post, you need to login.