European data protection authorities are lately proving that the GDPR is in good shape to be applied whenever it is needed, also with regard to social networks. Paul Jordan, the IAPP Europe Managing Director, has talked through what is happening in Italy on this front with Rocco Panetta, Strand co-founder and COO, Italy’s Country Leader for the IAPP and member of its International Board of Directors.
While below is an excerpt, you can read the full article on the IAPP blog here.
A more recent inquiry by the Italian Garante dating from December 2020 led to a “limitation of processing” order applicable as of February 2021. Tiktok committed to implementing measures to ban access to users under the age of 13. The company committed to evaluating the deployment of AI-based systems for age verification purposes. An information campaign will also be launched by the platform to raise awareness to both parents and children regarding the age requirements and registration process with the service. The company, whose main EU legal establishment is in Ireland, has also agreed to enter a dialogue with the Irish DPA on AI age verification tools.
I spoke with Rocco Panetta, Italy’s country leader for the IAPP, to get an Italian viewpoint. This is not an isolated action by the Garante. Other social networks subject to requests for information — including Clubhouse, WhatsApp and Instagram — are currently engaged with the Italian DPA. Panetta said this demonstrates the growing body of evidence that there is a change in posture and strategy from the EU DPAs toward social networks. Proof of accountability and compliance is an increasing demand placed on digital companies. Italian competition authorities also levied a fine this week of 7 million euros on Facebook Ireland for failure to implement more clear and transparent notices on the collection and use of personal data, as well as the company’s commercial intentions — corrective provisions that were issued against Facebook back in November 2018.