Add a bookmark to get started

Abstract_Lights_P_0152
19 December 202416 minute read

Innovation Law Insights

19 December 2024
Podcast

NIS2 deadline arriving – still behind on cybersecurity?

The NIS2 deadline to register with the cybersecurity portal is approaching. Soon, over 50,000 companies in each EU member state will have to comply with new cybersecurity technical and organizational compliance obligations.

In this episode of Diritto al Digitale, Giulio Coraggio covers the challenges the criticalities of this regulation and the impact on a broad range of companies. You can listen here.

Data Protection and Cybersecurity  

Italian Data Protection Authority fines company for breaches in telemarketing practices

On 12 September 2024, the Italian Data Protection Authority (Italian DPA) issued a fine against a company for violations in its telemarketing and promotional practices.

Background

The investigation stemmed from numerous complaints about unauthorized telemarketing calls and SMS messages. The Italian DPA's examination revealed that the company had contacted several users whose numbers were registered in the Registro Pubblico delle Opposizioni (RPO), a mechanism allowing users to opt out of unsolicited marketing communications. These actions violated key provisions of the GDPR and the Italian Privacy Code.

The preliminary review of complaints indicated a lack of adherence to the principles of consent and data minimization. The company argued that some users had given prior consent through interactions such as subscribing to their services or using features like "Call Me Now." However, the evidence presented was deemed insufficient to prove that a lawful consent has been provided.

Key findings

The Italian DPA identified several breaches in the practices carried out by the company:

  • Contacting users without valid consent:
    • Many of the consent records provided by the company weren't suitable to prove that a lawful consent has been collected, as they were provided in editable formats (like Excel).
    • In some cases, users weren't explicitly informed that their contact details would be used for telemarketing purposes when they subscribed to a service or used the "Call Me Now" feature. This made it impossible to categorize their consent as informed and specific.
    • In some instances, the company relied on consents that were obtained several years prior –sometimes as far back as a decade. Moreover, the company didn't perform regular reviews to ensure the continued validity of the consents provided by clients, nor did it account for changes in user preferences or regulatory standards.
  • Insufficient transparency in data collection: the company relied on third-party vendors to collect user data for marketing purposes but failed to ensure that these providers followed appropriate consent protocols, in order to collect a valid consent of the user. As a result, users often unknowingly granted consent through pre-checked boxes or vague privacy policies.
  • Misclassification of communications: the company sent an SMS to inform a user on the programming of its streaming service, labelling the communication as “service message.” However, according to the Italian DPA, the message had a promotional nature as it invited the user to subscribe again to company's streaming services.

In response to these findings, the Italian DPA imposed a fine of EUR842,062, representing 1% of the potential maximum penalty.

Conclusions

This case underscores the vigilant oversight exercised by the Italian DPA with reference to telemarketing practices implemented by companies across all sectors.

For businesses, this decision serves as a critical reminder to regularly audit marketing practices, monitoring the validity of the consent provided by the user, ensuring that third-party data providers are compliant when collecting consent, and respecting the opt-out preferences of users, by cross-checking contact lists against the RPO.

Author: Roxana Smeria

 

Intellectual Property

Gucci faces legal challenge over alleged deceptive practices and animal welfare violations in exotic skin lawsuit

Gucci is currently embroiled in a proposed class action lawsuit. The luxury brand is accused of engaging in deceptive business practices and unjustly profiting from false claims about the ethical sourcing of its exotic skin products. The lawsuit, which centres around allegations of animal cruelty and lack of transparency, has drawn significant attention to the practices of high-end fashion brands.

Background: Allegations against Gucci and its parent company Kering

The legal action was initiated in June 2024 by Tracy Cohen, a former sales associate at Gucci’s Chicago store. Cohen alleges that she was trained to market exotic skin products – made from snake and crocodile leather –as ethically and humanely sourced. She maintains that both she and Gucci’s customers were led to believe these representations were accurate, only to later discover reports implicating the brand's suppliers in unethical practices.

In particular, Cohen claims that in March 2024, she learned from news articles that Gucci’s suppliers in Thailand were involved in the abusive slaughter and skinning of pythons and crocodiles. She contends that Gucci and its parent company, Kering, misled her and other customers into purchasing these exotic skin items based on false assurances about their ethical origins. Cohen’s lawsuit was filed on behalf of herself and a proposed class of consumers who purchased exotic skin products from Gucci in Illinois between January 2009 and the present.

Court ruling: Mixed outcome for Gucci and Kering

Gucci and Kering responded to the lawsuit by filing motions to have it dismissed. Kering argued that the court lacked specific personal jurisdiction over it, given its lack of significant ties to Illinois. Judge Jeremy C. Daniel of the US District Court for the Northern District of Illinois agreed with Kering's claim, ruling that the company’s minimal involvement with Illinois did not justify the legal action. The court found that Kering’s provision of administrative services to Gucci, such as employee benefits and HR functions, was insufficient to establish jurisdiction. As a result, Kering was dismissed from the case.

But the claims against Gucci proceeded. Judge Daniel concluded that Cohen's allegations were sufficient to support claims under the Illinois Consumer Fraud and Deceptive Business Practices Act (ICFA).

The ICFA claim: Allegations of misleading representations

Cohen’s complaint under the ICFA alleges that, while employed at Gucci, she was trained to sell exotic skin products by stating that the materials were ethically sourced, and that the animals were not subjected to torture. Cohen asserts that these claims were deceptive, as she later discovered that the suppliers involved were implicated in practices that directly contradicted Gucci’s representations.

Judge Daniel found that Cohen’s complaint contained sufficiently detailed allegations to support a claim under the ICFA. The law requires the plaintiff to show that the defendant engaged in deceptive conduct, intended for others to rely on the deception, that the conduct was connected to trade or commerce, and that actual damages resulted. In this case, Cohen argued that the exotic skin products were defective, as they were made from leather sourced in an unethical manner, contrary to Gucci’s advertising claims.

The court rejected Gucci’s argument that Cohen’s allegations were based solely on third-party reports, ruling that fraud claims can be pleaded based on “information and belief” when the underlying facts are not readily accessible to the plaintiff. Cohen’s references to news reports and images detailing the abuse of animals were deemed sufficient to meet the required standard, with the court stating that the veracity and authenticity of these sources would be addressed during a trial or summary judgment phase.

Unjust enrichment: Claim survives alongside ICFA allegations

Gucci argued that Cohen's claim of unjust enrichment should be dismissed, asserting that it was tied directly to the success of her ICFA claim. Since the ICFA allegations were allowed to proceed, the unjust enrichment claim was also permitted to continue. This claim posits that Gucci unjustly benefited from selling products under false pretences, profiting from its deceptive practices while its customers were misled about the products’ ethical sourcing.

The larger context: Ethical sourcing and supply chain scrutiny in luxury goods

The lawsuit against Gucci is part of a broader trend of legal and regulatory scrutiny in the luxury goods industry, particularly concerning supply chain practices. Investigations into similar issues are underway in relation to other luxury brands, focusing on the ethical treatment of animals and labour practices in their supply chains.

In response to increasing consumer demand for transparency and ethical sourcing, many luxury companies have started acquiring key suppliers to exercise greater control over the sourcing and manufacturing processes. These acquisitions allow brands to ensure that materials like exotic skins are ethically sourced and that their products meet the growing consumer expectation for responsible production. Moreover, such acquisitions help luxury brands mitigate reputational risks associated with unethical practices, including animal cruelty and labour exploitation.

Conclusion: A wake-up call for luxury brands

The legal battle against Gucci signals an increased awareness among consumers about the ethical importance of respecting animal welfare and, more broadly, a growing sensitivity from institutions regarding the deceptiveness of commercial messages, particularly those related to green claims and animal welfare.

This context highlights the urgent need for the luxury sector to ensure greater ethical transparency. With rising consumer awareness of issues such as animal welfare, sustainability, and corporate responsibility, brands are under growing pressure to ensure their claims are not only truthful but also reflective of their actual practices. The outcome of this case could have significant implications, encouraging luxury brands to reassess their supply chains and communication strategies. To avoid legal and reputational risks, companies must proactively align their sourcing practices and marketing claims with ethical standards and consumer expectations.

Author: Maria Vittoria Pessina

 

The Christmas era of copyright: Protection, profit, and plagiarism of intellectual creations

Christmas has always been a significant source of inspiration for intellectual creations – whether literary, musical, or cinematic. And these works can be highly profitable for their creators. Examples include the iconic song "All I Want for Christmas Is You," currently the subject of a legal dispute nearing its conclusion, and fictional characters like the Grinch, whose image is meticulously protected by the company owning its rights.

The rights to 'All I Want for Christmas Is You'

News emerged just weeks ago that the lawsuit initiated two years ago in California over the alleged plagiarism of "All I Want for Christmas Is You" is approaching resolution. According to reports, it appears highly likely that Mariah Carey will prevail, allowing her to continue monetizing the widespread popularity of the song across television, films, and stores during the holiday season.

The dispute dates back to summer 2022, when Vince Vance filed a copyright infringement lawsuit against Carey, alleging that her song infringed on a similarly titled track he released in 1989. After various procedural developments, Carey’s legal team filed a motion to dismiss the case in August of this year, arguing that Vance's claims fail to meet the “extrinsic similarity test” established by the Ninth Circuit Court of Appeals (one of the regional circuits in the US judicial system). This test evaluates similarities between two works by focusing exclusively on protectable elements of the plaintiff's work and excluding unprotectable components (see Cavalier v Random House, Inc., 297 F.3d 815, 822 (9th Cir. 2002)). The protectable elements are then compared with corresponding elements in the defendant's work to assess their similarity.

According to reports, the judge recently indicated an intention to grant the motion to dismiss.

Although not all details of the case have been made public, it's noteworthy that a recent ruling by the Rome Tribunal on musical plagiarism employed reasoning similar to the extrinsic similarity test. The court held that in cases of partial musical plagiarism, it is necessary to verify:

  • the creativity, novelty, and completeness of the allegedly plagiarized musical fragments;
  • the substantial identity, or lack thereof, between the plagiarized and infringing fragments; and
  • whether, in cases of substantial identity, the fragment of the plagiarized work has acquired independent relevance and a distinct artistic value when incorporated into the infringing work (Rome Tribunal, March 10, 2022, No. 3794).

Works in the public domain

The profitability of Christmas songs – and holiday works in general – also underscores the importance for many media outlets of annually verifying which works enter the public domain. Entry into the public domain marks the transition of a work from the monopoly of its author or their heirs to free and unrestricted use by the public. In this regard, Italian law provides for a term of copyright protection lasting 70 years after the author's death (Art. 25 L.A.).

For example, many Christmas songs are now in the public domain (at least their compositions), including "Jingle Bells," "Deck the Halls," and "Silent Night." These works are frequently featured in Christmas movies.

When a song enters the public domain, it allows filmmakers to significantly reduce costs (eg, paying only the phonographic producer for a recent master or nothing at all) or avoid them entirely for synchronizing a song within a film. Such synchronization typically entails substantial fees, particularly for iconic songs. Similarly, these songs can be used in television programs or other media at minimal or no cost.

Rights to fictional characters

The Christmas season has also inspired the creation of numerous fictional characters, starting with Santa Claus. Among these, the Grinch – a key figure in pop culture, especially following the success of Ron Howard's 2000 film – is a notable example. The rights to the character are managed by a leading entertainment company specializing in children’s content.

This company is known for its proactive enforcement of all rights related to the character, having previously challenged both the use of trademarks similar to its registered ones and the unauthorized reproduction of the Grinch’s likeness and features, even in less prominent contexts. For instance, the company has issued cease-and-desist letters to photographers using the Grinch’s likeness for family photo sessions during the holiday season.

In Italy, copyright law also protects fictional characters as original intellectual creations distinct from the works in which they appear. As a result, even a single fictional character, if well-defined in its typical elements, is eligible for legal protection.

This protection can be further reinforced by registering the character’s name as a trademark, a strategy that plays a crucial role, particularly because trademarks can be renewed every ten years, extending protection even after the original work enters the public domain.

Christmas is a pivotal moment for the cultural industry, serving both as a source of inspiration for new artistic creations – often accompanied by significant intellectual property issues – and as a strategic period for the economic revenues of authors and artists.

Author: Lara Mastrangelo

 

Technology Media and Telecommunication

Since 4 December, citizens can use digital documents on IO apps: European digital identity of eIDAS 2.0

Following the testing phase of the past few months, as of 4 December 2024 all Italian citizens can use the "Documents on IO" functionality and add the digital version of three key documents to their IO app wallet:

  • Driving licence
  • Health Card – European Health Insurance Card
  • European Disability Charter

These digital documents can be used in place of the physical versions for live verifications. Specifically:

  • The driving licence can be used in Italy during police checks.
  • The Health Card allows access to services provided by the National Health Service.
  • The European Disability Card retains the same uses as the physical version.

The IT Wallet, waiting for EUDIW

"Documents on IO" anticipates only some of the functionalities of the future IT Wallet, part of the "IT-Wallet System" established by Decree-Law No. 19 of 2 March 2024 and consisting of the aforementioned national public wallet – accessible via the IO App – but also of further wallets that may be made available by accredited private providers. From this collaboration, we can expect by 2025 the addition of documents such as ID cards, birth certificates, educational qualifications, professional licences and even public transport and gym passes.

Italy is taking a significant step forward in the direction outlined by the new Regulation 2024/1183 (known as eIDAS 2.0) that came into force last May. It requires member states to offer at least one European digital identity wallet ("EUDI Wallet" or "EUDIW") to their citizens by 2026. So the IT Wallet will have to be integrated into EUDIW by that date.

The IT Wallet and EUDIW are two separate projects. The IT Wallet is an entirely Italian project that anticipates the more far-reaching – territorial and operational – project of the European digital wallet. With EUDIW it will be possible to digitise not only identity documents, but also other information relating to the person, such as a degree, professional certifications or signature certificates, together referred to (in the language of the Regulation) as "attributes."

Digital attributes

Attributes represent additional information related to a person's identity, such as:

  • Professional qualifications: degrees, certifications, professional memberships.
  • Official documents: driving licence, marriage certificates, disability certificates.
  • Updated personal information: residence, marital status, ISEE.

With the EUDIW, users will be able to securely store and share these attributes, simplifying processes such as accessing services and digital onboarding at companies and institutions, all while ensuring users have full control over their data.

Conclusions

The end of 2024 saw Italy take the lead in digital identity, with the roll-out of the first digital documents on the IO app. It is now expected that 2025 will be the true pilot year for digital identity. The significant increase in functionalities on the IO app will bring us not only identity documents but also much more, from digital signatures to subscriptions to the services we use every day, within reach of our smartphones.

The collaboration of the public administration with individual providers, who can integrate their platforms – once accredited – into the IT Wallet system, will be decisive.

Author: Gabriele Cattaneo


Innovation Law Insights is compiled by DLA Piper lawyers, coordinated by Edoardo BardelliCarolina BattistellaCarlotta BusaniGiorgia Carneri, Noemi Canova, Gabriele Cattaneo, Maria Rita CormaciCamila CrisciCristina CriscuoliTamara D’AngeliChiara D’OnofrioFederico Maria Di VizioNadia FeolaLaura GastaldiVincenzo GiuffréNicola LandolfiGiacomo LusardiValentina MazzaLara MastrangeloMaria Chiara MeneghettiDeborah ParacchiniMaria Vittoria Pessina, Marianna RiedoTommaso RicciRebecca RossiRoxana SmeriaMassimiliano Tiberio, Federico Toscani,  Federico Toscani, Giulia Zappaterra.

Articles concerning Telecommunications are curated by Massimo D’AndreaFlaminia Perna and Matilde Losa.

For further information on the topics covered, please contact the partners Giulio CoraggioMarco de MorpurgoGualtiero DragottiAlessandro FerrariRoberto ValentiElena VareseAlessandro Boso CarettaGinevra Righini.

Learn about Prisca AI Compliance, the legal tech tool developed by DLA Piper to assess the maturity of AI systems against key regulations and technical standards here.

You can learn more about “Transfer”, the legal tech tool developed by DLA Piper to support companies in evaluating data transfers out of the EEA (TIA) here, and check out a DLA Piper publication outlining Gambling regulation here, as well as a report analyzing key legal issues arising from the metaverse qui, and a comparative guide to regulations on lootboxes here.

If you no longer wish to receive Innovation Law Insights or would like to subscribe, please email Silvia Molignani.

Print