Making technology user (and data protection) friendly

04 ottobre 2019

New technologies are often a source of wonder, but they can also be a source of concern. There are many reasons for this, one being the lack of transparency in certain modern processing operations, which could provoke confusion, and even suspicion, among data protection and cybersecurity experts and non-experts alike.

It is for this reason that it is so important to clarify from the very start of a new technology’s lifecycle the terms and conditions of any data processing, especially those that involve innovative technologies that many people might not be familiar with or easily understand. It is up to the controller - those who are responsible for determining how the data is processed and for what purpose - to determine that the proposed data processing operations are fair and transparent and to clearly explain them to users.  

Not only do controllers have a legal obligation under both the General Data Protection Regulation (GDPR) and the equivalent rules for the EU institutions, to provide this information, but it is in their interest to do so, in order to maintain and build consumer trust. If controllers do not explain how technologies work, as well as their personal data processing operations, they may lose this trust. The information that controllers are legally obliged to provide includes the name of the controller in the data processing, for which purposes data is processed, to whom personal data may be transmitted and for how long data will be stored. Individuals must also be informed about their rights in relation to the data processed.

All of this information needs to be communicated in a concise, transparent, intelligible and easily accessible form, using clear and plain language. This becomes even more important when communicating with minors. The information should be provided in writing, usually in the form of a data protection notice, available either online or on paper. If requested by an individual, it can also be provided orally.


Retrieved from

Archivio news


News dello studio



Vehicle to grid

Vehicle to grid  Pubblicato in G.U.n.37 del 14 Febbraio 2020, il Decreto del Mise 30 gennaio 2020, recante “Criteri e modalita' per favorire la diffusione della tecnologia diintegrazione



Berec: Report on the impact of 5G on regulation and the role of regulation in enabling the 5G ecosystem

In compliance with the task to develop a report that aims to help NRAs for electronic communications anticipate where and how 5G deployment may have an impact on the regulatory environment, and where



Standardisation and the EU Cybersecurity Act

The EU Agency for Cybersecurity publishes two studies related to the domain of standards supporting the Cybersecurity Act and the new Cybersecurity Certification Framework. The EU Cybersecurity Certification