Editorial Director: Giusella Finocchiaro
Web Content Manager: Giulia Giapponesi

posted by admin on giugno 15, 2017

Privacy

(No comments)

The Article 29 Working Party of the European Data Protection Authorities (DPAs) has published a report on the public consultations held inside the Working Group in particular regarding critical aspects of the Privacy Regulation such as the concept of “consent”, compliance with notification of data breach and the profiling process.

As we know, the European Regulation 2016/679 on the processing of personal data, which has been in force since 24th May 2016, will take full effect from 25th May 2018. So, with the aim of taking prompt action to put in place the implementation of the GDPR, the Article 29 Working Party has organized a number of Fablab workshops with the objective of opening up dialogue with  representatives of European industry, the civil society, relevant associations and the academic world. More than 90 participants took part in the last Fablab session, which took place on April 5th and 6th in Brussels, where they discussed the priority issues of the European Regulation with the European DPAs.

With regard to the subject of “consent”, which constitutes the main legal basis for the processing of personal data, it emerged from the workshop that in certain cases the definition of “consent” contained in the Regulation might not in fact be a reliable basis for the use of personal data. Specific concerns have been raised about the processing of the personal data of a minor, since there is currently no way to either verify the exact age of individuals who give their consent online, or to confirm the identity of persons who declare online that they have parental responsibility.

With regard to consent for the processing of personal data for scientific research purposes, uncertainty was expressed about the secondary use of these data.

Participants also expressed uncertainty about the possibility of the withdrawal of already given consent and the possible consequences faced by those who refuse to grant it. Specific concerns were expressed about the situations in which those individuals who do not give their consent are not able to avail themselves of a particular service.

Further issue concerns have been raised about deals with data breach notifications. Participants asked for greater flexibility on the contents of notifications given the damage to their reputations companies which are victims of such attacks might suffer. They also asked for greater clarity both about methods of notification and the recipients of the notification in cases concerning data of data subjects from different Member States. Is notification required to be given to the Authorities of each Member State involved?

In addition, the workshop participants discussed the question of profiling as a particular form of processing of personal data. There are numerous types of profiling which differ from sector to sector and which cannot be subject to the same provision. For this reason, specific guidelines for each type of profiling have been requested. In addition the guidelines will have to take into account the different objectives for which profiling is made. On this subject, doubts have been expressed about whether there should be limitations to the types of data that can be used. In particular  regarding the personal data of minors. Participants also raised objections about there being no clear distinction between profiling processes based on human intervention and those which are completely automated.

The complete meeting report is available on the European Commission webpage dedicated to WP29.

 

In a piece published on the 15th April 2017 in the Quotidiano Nazionale (a daily which features articles from three Italian newspapers, Il Resto del Carlino, Il Giorno and La Nazione), Giusella Finocchiaro offered her thoughts on data protection and minors.

“Can children and adolescents sign up to Facebook or other social network accounts?

If being of age is a legal requirement for concluding a contract, then, why should it not be the case for signing up to a social network account? What is the age required for giving valid consent to the processing of personal data? Under Facebook regulations it is 13 years of age and under Italian law it is 18.

Then, why are so many Italian children and adolescents signed up to social networks? The answer is simple: according to the majority of subscription contracts, it is not Italian law which is applicable but the law governing the social network, which means, in the case of Facebook, the law of the United States of America and of the State of California.

Which law takes precedence? This is the most classical legal problem on the Internet, namely, determining which law is applicable and the jurisdiction. The new European Regulation n. 2016/679 on the Protection of Personal Data, which represents the new European law on data protection and is directly applicable from 25th May 2018, solves the problem with a partial compromise. It provides that European law takes precedence and that 16 is the minimum age to sign up (with an option for each Member State to set a lower age, provided that it is not below 13 years). Where the child is below the age of 16, parental consent is given or authorised.

According to certain recent Italian decisions in similar cases (the posting of pictures of their own children on social networks), the consent of both parents is needed. It is clear that it will not be very difficult to get round this provision. However, as the European Regulation provides for, it is the social network itself which will need to keep a check on things, by using available technology”.

 

 

posted by Laura Greco on maggio 15, 2017

Privacy

(No comments)

The Italian Court of Cassation has recently been called on to deal with the issue of whether payment descriptions for bank transfers qualify as sensitive data, in cases in which they specify indemnity payments for illness or disability using the wording “allowance ex L. 210/1992”, (the law which grants allowances to parties who have suffered irreversible complications due to mandatory vaccination and blood transfusions, or in cases of decease, to their families).

The Supreme Court judges have expressed conflicting decisions in several such cases. In all the examined cases, the matter concerned the relations between the Region, which issues the allowance and authorizes the bank transfer, and the ill or disabled party’s bank, which is the recipient of the allowance on behalf of its current account holder.

In the case of the first decision dating from 2014 (judgement n. 10947 of 19th May 2014), the Court considered the payment description, which quoted the above-mentioned legislative references, as sensitive data and thus determined that both the Region and the bank had unlawfully processed personal data since they had not adopted security measures for the transmission and dissemination of said data, such as encryption techniques and non-identifiable codes, as provided for by Art. 22, 6° par. of the Personal Data Protection Code.

In the second decision (judgement n. 10280 of 20th May 2015), which is clearer and better developed than the previous one, the Supreme Court judges overturned their first approach and followed a quite different decision-making process. Firstly, they rejected the concept that payment descriptions for allowances filled out in such a way constituted sensitive data, as the law quoted provided that the recipients of these allowances could either be the parties directly affected or otherwise their families. Since the payment of the allowance did not depend on the illness of the party who actually received it, the judges concluded that the information was not sufficient to reveal the recipient’s state of health and, therefore, did not constitute sensitive data.

Secondly, according to the Supreme Court, it was not a question of the Region rendering the data transferred to the bank public, as this would have implied – in conformity with Art. 4, lett. m) of the Code – disclosure of the data to unspecified parties, whereas in this case the disclosure was only made to the bank of the current account holder who was the beneficiary of the allowance.

Furthermore, the judges considered that references to Art. 22, 6° par. of the Code were groundless, since, as correctly quoted, the adoption of encryption techniques is only required in specific cases where the data originate from directories or registries and the aim is to manage and consult them. Neither could the bank be considered to have the responsibility for adopting these measures for three different reasons: firstly, the provision is only applicable to public bodies; secondly, private entities are only obliged to adopt encryption measures in relation to sensitive data which would reveal a state of health and were processed with electronic systems, both of which conditions are missing in the present case; finally, communicating to a client of the bank’s his/her personal data does not constitute processing of personal data.

Finally, in the opinion of the Court, the role of the bank was that of the current account holder’s representative and it received the payment from the Region on his/her behalf: thus, the payment was to be considered as being directly effected by the debtor (the Region) to the creditor (the recipient of the allowance). Therefore, the Supreme Court considered both the Region’s and the bank’s conduct to be within the law and acknowledged there had been no illegal processing of personal data.

This question has recently once again been deliberated by the 1st Civil Division of the Court of Cassation, which has issued two interlocutory orders (no. 3455 and no. 3456 registered on 9th February 2017) delegating the “Sezioni Unite” (the Joint Divisions), the task of devising a solution to this conflict of case law. On this occasion the Supreme Court has abstained from expressing its own opinion one way or the other with regard to the different interpretations of case law regarding this issue, and has simply commented on the nature of payment descriptions as “sensitive data”. The Court has pointed out that, even if payment can be made both to the family and the ill or disabled party, only the latter would receive payment in instalments (whereas family would receive a lump sum). This particular method of payment would clearly identify the recipient of the payment as the victim of illness or disability and for this reason the indication of a payment in instalments would constitute sensitive data.

We will have to wait to see how the Joint Divisions will solve this conflict of case law we have just described and in particular whether they opt for a broad or restrictive interpretation of the concept of sensitive data.

 

 

posted by admin on marzo 1, 2017

Privacy

(No comments)

ratingBlackMirrorThe Italian Data Protection Authority has established that a “reputation rating” project violates the provisions of the Personal Data Protection Code and impacts negatively on human dignity.

The project, which was devised by an organisation structured as an association and a company appointed for its management, is based on a web platform and a database which gathers vast amounts of personal data either uploaded by users or obtained from the web, on various types of individual – from job candidates to business people, freelance professionals and private individuals. By means of a specific algorithm the system would then be able to objectively measure people’s reliability in the economic and professional fields, by assigning a score (“rating”) to their online reputation.

The DPA observed that the system would create significant problems in relation to privacy due to the confidential nature of the information, the pervasive impact on the interested parties and the method of processing. Essentially, the system implies the massive collection – also online – of information open to significantly impacting on the economic and social representation of thousands of people. Such processed reputation ratings might have serious repercussions on the lives of those who had been rated, since it might influence other people’s choices as well as jeopardising access for rated parties to services and benefits.

The DPA also expressed a number of doubts about the objectivity claimed for the ratings, stressing that the company could not prove the effectiveness of the algorithm used to regulate the settings of the “ratings”, which would be calculated without rated parties having any chance to freely give their consent. Given the complexity and sensitivity of measuring situations and variables which are not easy to classify, any rating might be based on incomplete or flawed documents and certificates with the consequent risk of creating inaccurate profiles which do not correspond to the real social identity of the rated parties.

Moreover, the DPA was concerned about the unreliability of allowing an automated system to decide upon such complex and sensitive issues relating to individuals’ reputations.

The system’s security measures which are principally based on “weak” authentication systems (user ids and passwords) and on encryption techniques only for judicial data, were found to be totally inadequate in the DPA’s opinion. Finally, further critical issues were detected in the time period for data storage and privacy policies for interested parties.

Therefore, in conclusion, the DPA has banned all present and future processing operations related to the reputation rating project.

 

 

posted by admin on dicembre 15, 2016

Privacy

(No comments)

The Privacy Shield agreement, which regulates cross border data transfer flows between the European Union and the United States and which recently replaced the previous Safe Harbor agreement, is once again under discussion.

Only a few months after the text came into force, the European Court of Justice has been called upon to decide on the adequacy of the level of protection guaranteed by the Privacy Shield agreement.

A number of companies working in the digital sector and performing the transfer of personal data abroad (among which the by now well known Digital Rights Ireland Ltd.) argue that the Privacy Shield agreement does not offer an adequate level of protection, contrary to what was deemed to be the case by the European Commission, which on the 12th July 2016 implemented the adequacy decision, making legitimate the transfer of data towards the United States and those American organizations endorsing the new agreement.

In particular, the claimants maintain that the EU-US Privacy Shield does not fully implement those principles and rights regarding personal data protection included in directive 96/46/EC (which will be repealed from 2018 by means of recent EU Regulation 679/2016) and consequently, does not adequately safeguard the rights of European citizens. In the appeals it is also brought into question that the agreement does not exclude indiscriminate access to electronic communications by foreign authorities, thus in violation of the right to privacy, to the protection of personal data and the freedom of expression as set out in the Charter of Fundamental Rights of the European Union.

For the abovementioned reasons the said companies appealed challenged the Commission’s adequacy decision in accordance with art. 263 TFUE, which grants interested parties the right to appeal against the Commission’s acts and obtain their annulment within two months from their entry into force or their publication.

It is worth recalling that the Article 29 Working Party had already expressed its fears regarding certain aspects of the agreement, which had not been modified, despite repeated requests for review. Immediately following the implementation of the Privacy Shield agreement, in a statement on the 26th July 2016, the Group of European DPAs underlined that no concrete security measures to prevent the general collection of data had been provided and that the independence of the role and powers of important redress bodies (such as the Ombudsperson) had not been guaranteed.

As a consequence, the new system does not seem to have helped to establish a climate of certainty regarding the legal framework regulating cross border data transfer flows to the United States, a country, which has clearly not yet gained the trust of European operators. The decision by the Court of Justice is now awaited since it might either consider the appeals inadmissible due to a lack of legitimization or groundless motivations or decide to uphold them.

 

 

posted by Giulia Giapponesi on ottobre 15, 2016

Privacy

(No comments)

The Italian Supreme Court has found the Zecca dello Stato (The State Institute of Printing and Minting) guilty of monitoring its employees’ web surfing data, emails and phone calls, in violation of a number of provisions of the Statuto dei Lavoratori (Workers’ Statute of Rights, L. 300 of 1970).

With its decision of the 19th September 2016, n. 18302, the Court of Cassation established the illegality of the storage activity on the company server of employees’ emails, phone calls and web surfing data without prior application of the authorization procedure provided for by the Workers’ Statute of Rights and the Code for the protection of personal data.

The facts of the case on which the decision is based are as follows: in 2011 the Italian Data Protection Supervisor had emphasized with a disciplinary provision, that the Internet service provided by the Istituto Poligrafico e Zecca dello Stato (The State Institute of Printing and Minting) for its own employees not only prevented access to websites not inherent to work activity, but also stored every access, or attempt to access, any website, thus allowing the reconstruction of every single worker’s web browsing activity. In addition, the employees’ web surfing data were stored on the system for a length of time varying anywhere from six months to a year.

The Supervisor had also noticed the illegality of the storage system of employees’ sent and received emails on the company’s server, which allowed full view of them to the system administrators without any specific information on privacy having been provided in regard to the matter.

It had also been pointed out that the State Institute of Printing and Minting implemented a method of telephone traffic monitoring through the VoIP system which also in this case allowed the recording and prolonged storage of traffic data without providing any adequate privacy information for its employees.

Therefore, the Supervisor had considered that the activity of the State Institute of Printing and Minting violated L. n. 300 of 1970, arts. 4 and 8 of the Workers’ Statute of Rights as it made possible the disclosure of employees’ sensitive data without having acquired their prior consent (and consequently also in violation of arts. 11, 113 and 114 of the Code for the Protection of Personal Data). Therefore the provision prohibited the State Institute of Printing and Minting from storing and categorizing employees web surfing data in addition to their emails and phone calls, obliging the Institute to inform those involved about the ways in which their personal data were processed. The Supervisor had also required that the identities of the system administrators with authorization to access the company’s databases should be made public (and therefore known to the company’s employees) and that there should be the guarantee of all accesses made by the administrators being revealed in full.

In 2011 the Court of Rome rejected the appeal by the State Institute of Printing and Minting against the Supervisor’s provision, clarifying that, as provided for by art. 4 of the Workers’ Statute of Rights, employers are only allowed to use monitoring systems for requirements of organisation and production in agreement with the trade unions or in compliance with legal obligations, whereas the use of such systems is prohibited if it is carried out for monitoring the activity of employees. With reference to other previous decisions, the Court pointed out that the necessity to protect the company (and its activity) cannot legitimise suppressing fundamental employee rights such as the right to privacy.

Consequently, the State Institute of Printing and Minting appealed against the decision to the Supreme Court, maintaining that those controls not directed at work activities but rather at other employee conduct in the workplace, which might expose the business assets of the company to serious danger and which might be potentially harmful for third parties, with consequent liability on the part of the employer, fall entirely outside the scope of application of the provisions of the Workers’ Statute of Rights. This risk is all the more significant in that the Institute carries out public interest activities such as the printing of the Gazzetta Ufficiale (Italian Official Journal) and of the Raccolta ufficiale degli atti normativi della Repubblica italiana (the Official Compendium of Legislative Acts of the Italian Republic), the production of personal identification documents, security and anti-counterfeiting systems, legal tender and so on.

However the Court of Cassation considered that the significance of the public role entrusted to the State Institute of Printing and Minting does not justify violation of the current legislation, which aims to protect guarantees for constitutionally recognised workers’ rights. To this effect, the Judge emphasised the second paragraph of art. 4, which provides that monitoring systems required for organizational reasons or for safety in the workplace, but which also allow the distance monitoring of employee activity, may only be installed with the prior agreement of company trade union representatives or, in their absence, of the shop stewards’ committee. In the absence of an agreement and at the request of the employer, the Ispettorato del lavoro (the Labour Inspectorate) mediates, setting out where necessary the procedure for the use of such systems.

Therefore, rejecting the appeal and confirming the observations of the Court of Rome’s decision, the Court of Cassation underlined the necessity to strike a balance between the employer’s rights, in particular the right to conduct business and to protect the company’s business assets, and the protection of worker rights, first and foremost the right to privacy.

 

 

 

posted by admin on aprile 22, 2016

Privacy

(No comments)

On the 14th of April 2016, more than four years after the European Commission proposal, the European Parliament approved at second reading the Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

The incessant technological progress of the last few years, the result product of an information society which has become increasingly more intrusive in people’s private lives, had on the one hand highlighted the inadequacy of European data protection legislation Directive 95/46/EC, formulated in the first stages of the digital revolution and on the other underlined the regulatory fragmentation that the implementation of the Directive had caused in the Member States. Thus, the Regulation meets the long awaited need to reform the legislation on personal data protection extending the number of rights for data subjects compared to those provided by the Directive and to bring into line the different legislations of the Member States, as a means to also strengthening the internal European market. In that sense the choice of the European legislator to adopt the instrument of the Regulation is a significant one in that, in contrast with the Directive it does not require acts of transposition, as it can be directly and identically applied in each Member State.

Among the most significant recommendations introduced by the Regulation, of particular relevance seems to be the new local scope of application in accordance with art. 3. Directive 95/46/EC previously provided for the regulation to be applicable by means of the national legislations when personal data were processed in the framework of the activities of a data controller’s establishment physically present in the European Union. Therefore, the fundamental criterion for defining the scope of applicability of the Directive was the physical location in which the data were processed. Today, this criterion seems to have been overturned by art. 3, paragraph 1 of the Regulation, which defines the applicability of the act “regardless of whether or not the processing takes place in the Union”. Already over the last two years, from the Google Spain ruling to the recent Schrems decision, the orientation, which has become definite in the European Court of Justice’s case-law, has highlighted a trend towards a less restrictive interpretation of this criterion.

In fact, it seems that the will has also arisen to extend European legislation to cases in which data controllers are non-European subjects and data are mainly processed outside Europe. Now, art. 3 of the Regulation seems in a certain sense to have codified the Court’s broadened interpretation by providing multiple connecting criteria that also allow those cases of data processing which previously had been difficult to include, to be drawn into the sphere of application of the regulatory provision. The Regulation is now applicable not only to data processing performed in the context of the activities of a data controller’s establishment within the Union, but also in the case of a data processor’s establishment. Moreover, it is applicable when the data processing activities are related to an offer of goods or services, even if free of charge, to interested data subjects within the European Union, or when they are related to the monitoring of the such data subjects’ behaviour, even if the data controllers or processors are not settled in the European Union.

The reform introduces various innovations, among which the provision of a new range of rights for data subjects (for example the right to be forgotten and the right to data portability), the placing of more responsibilities on subjects involved in the processing of personal data (in particular the obligation for data controllers to carry out privacy impact assessments and to notify of data breaches), new safeguards for the transfer of data abroad in addition to the confirmation of the two regulatory authorities represented by the Data Protection Officer and the Supervisory Authority.

With regard to coordination with the European legislation (the Regulation will be applicable after a two year period from the date of entry into force), the Italian legislator will have to choose which of the two alternative routes to follow: either the direct application of the Regulation, which would imply the abrogation of all national provisions incompatible with the European legislation, or the integration of the current Italian Personal Data Code, despite the inevitable risks of erroneous transpositions or misinterpretations of the European provisions.

 

 

It is unnecessary to resort to international rogatory in order to tap BlackBerry mobile system chats nor is it necessary to use requisition measures.

This is what the Third Criminal Division of the Italian Supreme Court (ruling no. 50452/15) established with its appeal judgment issued in relation to the appeal on the part of certain defendants who had been placed under preventive detention by the Court of Rome due to their being implicated in drug trafficking.

The detention order was founded on various evidence, including chats on BlackBerry mobile systems, which related to importing a 10 kilo consignment of cocaine to Italy.

The defendants involved in this phone tapping brought the question before the Italian Supreme Court, claiming that the chats which had been tapped could not be considered as evidence, since they had taken place on BlackBerry’s mobile systems, which have their head office in Canada. Therefore, in their opinion, an international rogatory would have been required in order to legally acquire the content of the chats. Moreover, according to the defence, conversations in a chat context could not be considered as “phone conversations” as they are in fact a stream of computer data. On these grounds requisition measures regarding computer data (according to art. 254bis of the Italian Criminal Procedure Code) should have been carried out rather than a procedure of phone tapping.

In response to the first point, the Supreme Court asserted that it is a well-established principle that international phone calls routed to a specific Italian telephone “junction” should not be subject to international rogatory as all activity involving reception and recording takes place on Italian territory. This principle was also correctly applied by the Collegio di Cautela* in relation to the use of Blackberry chats. In this regard, the Supreme Court emphasized that computer interceptions had been correctly carried out on PIN codes, while the subsequent request to the Canadian company regarding ID data associated with the intercepted PIN codes had related to data that do not enjoy special protection.

Consequently, the Supreme Court considered it irrelevant that BlackBerry was Canadian, as the communications in question took place in Italy as a result of them transferred over an ICT platform located in Italy.

Conversely, the Court considered as unfounded the objection regarding the failure to implement requisition measures for the computer data. The judgment clarifies that, even if held by Internet service providers, requisitioning IT documents or IT devices excludes per se the concept of “communication”. Requisitioning will be specifically required when it is necessary to acquire documents for purposes of evidence, by means of inspections to be carried out on data contained in those documents. The Supreme Court asserted that “with regard to the use of chats on the BlackBerry system, it is correct to acquire contents by means of tapping according to art. 266bis c.p.p. and subsequent, as even if they are not simultaneous, online conversations constitute a flow of communication”.

Although the Court upheld the defendants’ appeal on the basis of considerations that go beyond the analysis of this post, the Court rejected the abovementioned specific technical objections, pointing out that: “even the most careful interpretation of the delicate relationship between the computer interception system and new technologies has observed that tapping BlackBerry chats takes place by using traditional systems, i.e. monitoring a phone’s PIN (or IMEI), which is uniquely associated with a nickname, underlining how tapping is managed at a technical level at the company’s Italian head office”.

The text of the Supreme Court judgment is available HERE.

 

*Second-instance Court empowered to hear appeals of decisions on preventive measures

posted by admin on marzo 1, 2016

Privacy

(No comments)

The Supreme Court has spoken out its opinion in on the issue of automated phone calls generated by computerized telemarketing systems stating that it is forbidden to bother users with silent calls.

The Italian Supreme Court (ruling no. 2196/2016) dismissed an appeal by the ICT company Reitek Spa and Enel Energia against a decision expressed by the Italian Data Protection Authority. In 2013 the Authority required Enel Energia, in accordance with art. 143, par. 1, let. b) and art. 154, par. 1, let. c) of the Italian Personal Data Protection Code, to take all necessary measures including those of a technical nature to prevent the system from making recurrent “silent calls” by prohibiting repeat calls to the same number within at least a 30 day period.

The judgment had been given following protests from a number of users, who complained about receiving phone calls in which, once they answered the phone, there was no operator on the other end to reply. This phenomenon is the result of an organizational problem for companies which make commercial calls. In order to connect users to telemarketing operators, the majority of these companies employ automated call forwarding systems. However, automated systems sometimes direct a number of calls to call centers which exceed the actual availability of operators. As a consequence the user’s phone rings, but no one on the other end replies.

The Supreme Court upheld the Court of Rome’s decision which had dismissed the first appeal by the two companies on the grounds that the way in which personal data were processed through telemarketing systems was unlawful. As it aimed at optimizing the rate of successful calls, the method behind these systems placed the risk and discomfort caused by receiving “silent” calls squarely on the user alone.

The Supreme Court specified that it had been expressed on more than one occasion that, according to art. 4 and art. 11 of the Italian Data Protection Code, personal data are to be processed in a fair and relevant fashion and their use must not exceed that for which they have been collected.

The plaintiffs had complained that only very few users had been affected by the problem, however, their motivations were found to be irrelevant. In fact, in the Court’s opinion, stating – as Enel Energia had done – that the phenomenon of silent calls had been limited by the basis of system algorithms to a 3% threshold, was extraneous. “The objection does not change the terms of the issue, nor are they altered by Reitek’s remark regarding the minimal number of user complaints about “silent” calls received by the Authority as the infringement was connected to the chosen method of multiple calls, which makes it clear that the risk of discomfort was borne exclusively by the recipients of such calls”.

Ultimately, in the Supreme Court’s opinion, this is the only relevant point in considering the method used for processing personal data to be excessive in relation to the interests or rights and fundamental liberties of the persons involved.

The Court also dismissed the plaintiffs’ motivation, according to which, on the basis of art. 130, par. 3-bis, consent for the processing of personal data is not required if users are registered on lists of telephone subscribers and have not exercised their right to object by registering on the Public Objection Register (the so-called opt-out system). In regards to this, the Court highlighted that art. 130, par. 3-bis, must be interpreted in accordance with e-privacy directive 2002/58/CE which allows the use of the opt-out system for calls with an active operator, but never for automated calls. In practice, the European directive is addressed to direct marketing, conducted through the use of a telephone with an operator, whereas automated call systems that generate “silent calls”, are excluded precisely because they lack an operator.

_______

Read the Nymity interview with Giusella Finocchiaro examining the recent Italian Supreme Court decision on silent telemarketing calls.

The related article of Nymity magazine is HERE. By clicking HERE you can download the pdf document.

 

  • Recent comments

  • Popular posts

    • None found