Login

u/consentmo

▲ 11 r/gdpr

Hi everyone - just came by these news and decided it is worth sharing as a government-related entity was fined:

The Italian Garante has issued a massive fine against the national postal and financial services provider, Poste Italiane.

Case: The BancoPosta and Postepay apps forced users to allow monitoring of their devices (including list of installed apps and usage patterns) under the guise of "fraud prevention" and PSD2 compliance.

Ruling: The DPA found that using the ThreatMetrix SDK to collect this level of detail was disproportionate. They also flagged a lack of DPIA and poor data retention policies.

Takeaway: This is a strong signal that DPAs are looking closely at "Security SDKs" that over-collect data and if the principle of data minimization is respected.

In Italy, Poste is everywhere and almost every citizen has a Postepay card or a BancoPosta account..

I am linking the press release for this (in Italian) here.

u/consentmo — 13 days ago
▲ 21 r/emailprivacy+2 crossposts

Hi everyone,

The Italian Data Protection Authority has just released official guidelines regarding the use of tracking pixels in emails.

Key takeaways from the press release:

  • Consent is mandatory: The Garante clarifies that email tracking pixels fall under Art. 122 of the Italian Privacy Code (implementing the ePrivacy Directive). Therefore, using them for marketing or behavioral tracking requires prior, free, specific, and informed consent.
  • Opt-in by default: Information must be transparent, and users must have an easy way to revoke consent or opt-out selectively.
  • Exceptions: Consent is not required for strictly necessary technical reasons, security, or "institutional/service communications".
  • Grace Period: Organizations and email service providers have 6 months to comply from the date of official publication (press release is from April 21).

This seems to be a significant move toward ending the tracking of open rates and IP addresses in marketing emails without user permission and you should be on the lookout as it may continue to other EU countries. I'll be monitoring this on our side as well.

Source (original in Italian): GPDP.it

u/consentmo — 8 days ago