Innovation Law Insights

Podcast

Former Italian Innovation Minister Paola Pisano on the future of AI

In this episode of the podcast Diritto al Digitale, host Giulio Coraggio, location head of DLA Piper’s Italian Intellectual Property and Technology practice, sits down with Paola Pisano, Former Italian Minister of Technological Innovation and Digitalization. You can listen HERE.

What if I told you that when you use AI you have to be careful about privacy?

In coffee time, we explain the critical privacy issues around using AI systems. Generative AI systems use large amounts of data, including personal data. How should AI systems be used to comply with privacy regulations? You can listen HERE.

Data Protection and Cybersecurity

Electronic health record: Italian data protection authority initiates proceedings against regions and provinces

The Italian Data Protection Authority has notified 18 regions and the autonomous provinces of Bolzano and Trento of the initiation of corrective and sanctioning proceedings. The proceedings relate to numerous violations in the managing the Electronic Health Record 2.0 (FSE 2.0). This initiative follows the situation being reported to the Prime Minister and the Minister of Health.

The urgent need to protect the rights of Italian patients involved in processing health data through FSE 2.0 has driven the Italian Data Protection Authority to initiate corrective and sanctioning proceedings. The investigations, which began at the end of January, revealed that 18 regions and the autonomous provinces of Trentino-Alto Adige hadn't complied with the Ministry of Health's Decree of 7 September 2023.

The case

The Electronic Health Record 2.0 is a fundamental tool for managing the health data of Italian citizens. But the Authority's investigation highlighted that many regions have made significant changes to the information model prepared by the Ministry of Health, with prior consultation from the Authority. These changes have led to a lack of uniformity in ensuring patients' rights and the security measures adopted.

The Authority's complaints

The main violations identified concern:

• Data obscuring, delegation and specific consent: Some fundamental rights of patients, such as the right to data obscuring, delegation and specific consent, are not guaranteed uniformly across the national territory. This creates a potential discrimination situation among patients in different regions.
• Security measures and data quality: The security measures and differentiated access levels, which are crucial for data protection, are not uniformly applied. This compromises the functionality, interoperability, and efficiency of the FSE 2.0 system.
• Uniform responsibilities and guarantees: The observed non-uniformity contradicts the spirit of the FSE 2.0 reform, which aims to introduce uniform measures, guarantees, and responsibilities across the national territory.

Considerations

The current situation calls for urgent corrective actions to avoid further sanctions and ensure patients' rights are protected. The regions and autonomous provinces involved could face significant sanctions as provided by the European Regulation for the violations.

With this action, the Privacy Authority is highlighting the importance of adequate compliance with data protection regulations and the necessity to guarantee uniform rights to all Italian citizens, regardless of their region of residence. Healthcare institutions must take immediate measures to comply with the provisions of the decree of 7 September 2023, ensuring a secure and uniform management of FSE 2.0.

Author: Matteo Antonelli

Intellectual Property

UPC: Inauguration ceremony of the Milan Central Division

On 1 July 2024 the official inauguration ceremony of the third Central Division of the Unified Patent Court was held in the Aula Magna of the Court of Milan. It was organised by the Milan technical panel for the Unitary Patent, coordinated by Marina Tavassi. It was followed by the ribbon-cutting ceremony that took place in the modern premises where the Milan Central Division is now located, in Via San Barnaba 50.

The event was attended by the Vice-President of the Council and Minister of Foreign Affairs and International Cooperation, Antonio Tajani; the Minister of Justice, Carlo Nordio; the Vice-Minister for Enterprise and Made in Italy, Valentino Valentini; the President of Lombardy, Attilio Fontana; the Presidents of the Court of First Instance and Court of Appeal of Milan, Fabio Roia and Giuseppe Ondei respectively; the President of the Milan Bar Association, Antonino La Lumia; and the President of the Court of Appeal of the Unified Patent Court, Klaus Grabinski.

The strong institutional participation at the inauguration ceremony and the tangible enthusiasm among the experts, confirmed the strategic importance of the new Division.

The Milan Central Division will work alongside the Paris and Munich Central Divisions, already operational since June 2023. It will also work with the already established Milan Local Division. The Milan Central Division is competent for disputes relating to patents that fall within category A of the International Patent Classification (IPC), concerning "human necessities"; the sectors concerned are pharmaceuticals (excluding supplementary protection certificates), agriculture, food, tobacco, sanitary and medical-veterinary articles, household articles, fashion, sports and toys.

The establishment of the Milan Central Division represents a historic milestone for the entire European patent landscape and an extraordinary opportunity for Italy.

Author: Camila Francesca Crisci

Technology Media and Telecommunication

Meta: The 'pay or consent' model and the European Commission's preliminary findings

The European Commission recently informed Meta of its preliminary findings regarding the "pay or consent" advertising model adopted by the social networking giant, describing it as non-compliant with the Digital Markets Act (DMA). The model, introduced by Meta in November 2023 for Facebook and Instagram in the EU, obliges users to choose between two options: subscribe monthly to use an ad-free version or accept free access to a version with customised ads.

According to the Commission, this binary choice forces users to allow the combination of their personal data, without offering a less personalised but equivalent alternative to Meta's social networks. This practice, according to Article 5(2) of the DMA, violates users' right to freely choose the level of personalisation of the online services they wish to use.

Regulatory framework and gatekeeper obligations

The DMA states that gatekeepers in digital marketplaces must get the explicit consent of users to combine their personal data between different platform services. In the event that a user refuses such consent, the gatekeeper has to provide an alternative that, although less personalised, is equivalent in other respects. This provision aims to ensure the protection of users' personal data and to promote fair competition in digital markets.

Criticism of Meta's 'pay or consent' model

The Commission highlighted two main criticisms in the model proposed by Meta:

• The lack of an equivalent alternative in the sense that users don't have the option to choose a version of the social network that uses less of their personal data but is otherwise comparable in functionality.
• Consent coercion, as the model forces users to choose between accepting the combination of personal data or giving up key features, such as access without paid advertising.

Next steps and potential consequences

Meta now has the opportunity to defend itself against the Commission's preliminary findings by responding in writing by the investigation deadline of 25 March 2025. If the preliminary findings are confirmed, the Commission could adopt an official non-compliance decision.

In case of non-compliance, Meta could be subject to significant fines, up to 10% of its total worldwide turnover, or even up to 20% for repeated violations. In addition to fines, the Commission would have the power to impose further corrective measures, such as divesting business divisions or prohibiting the acquisition of new services that could aggravate the non-compliance situation.

Conclusions and comparison with Meta

The Commission underlined its willingness to continue a constructive dialogue with Meta to achieve effective compliance with the DMA. This commitment reflects the importance of regulating digital markets in the EU, not only to protect users' rights but also to promote an environment of fair competition between online platforms.

The outcome of this debate will not only influence the future of Meta's operations in the EU, but could also set a significant precedent for personal data protection and competition in the global digital landscape. It remains to be seen how Meta will adapt to European regulations and how the Commission will pursue its goal of ensuring an effective competitive system.

Author: Alessandra Faranda

European Commission publishes second report on the State of the Digital Decade

On 2 July 2024, the European Commission published the second report on the State of the Digital Decade, following the first report released in September 2023.

With this second report, the Commission analyses the developments in digital policies that have occurred since the first report and the progress made by EU Member States in pursuing the digital transformation objectives set out in the strategic program for the Digital Decade – the “Digital Decade Policy Programme” – established by Decision (EU) 2022/2481. The Programme sets four main targets:

• digital infrastructure
• digital transformation of businesses
• digital skills
• digitalization of public services

The second report has three annexes containing:

• an extensive analysis of the progress made towards achieving the objectives identified in the context of the “Digital Decade” and the “horizontal recommendations” addressed to Member States;
• an update of the strategies to achieve each of the objectives and KPIs set out in the “Digital Decade”; and
• a summary of the analyses made for each Member State, with specific recommendations for each.

The recommendations – both the horizontal ones and those specifically addressed to Member States – aim to readjust the national action plans (the roadmaps).

Firstly, the 2024 report highlights a series of significant achievements made by the EU this year, including the improvement of digital infrastructure, with widespread deployment of ultra-fast broadband connectivity across Europe. Additionally, the report emphasizes the importance of the digital transformation of businesses, with a particular focus on SMEs, which have benefited from numerous support programs for adopting advanced technologies. The report also highlights progress in the digitalization of public services, emphasizing the implementation of online platforms that facilitate citizens' access to government services.

The report also points out how the EU has established itself as a global policy innovator in digital policies. This is evidenced by the adoption of regulations such as the AI Act, which sets a regulatory framework for the safe and ethical use of AI, the Digital Services Act, the Digital Markets Act, and the Data Act.

But the report also notes that the collective efforts of Member States are still insufficient to achieve the objectives set for 2030. The Commission highlights the need for further investments, both at the European and national levels, in particular in the areas of digital skills, high-quality connectivity, uptake of AI and data analytics by enterprises, semiconductor production and startup ecosystems.

Other aspects that the Commission believes require further improvement include fibre networks, which currently reach only 64% of households, and high-quality 5G networks, which today cover only 50% of the EU’s territory. One of the main issues highlighted by the Commission is the limited spread of digital technologies beyond large cities, as some rural and remote areas of the EU continue to suffer from limited connectivity.

Authors: Flaminia Perna, Matilde Losa

Innovation Law Insights is compiled by DLA Piper lawyers coordinated by Arianna Angilletta, Matteo Antonelli, Edoardo Bardelli, Carolina Battistella, Carlotta Busani, Giorgia Carneri, Maria Rita Cormaci, Camila Crisci, Cristina Criscuoli, Tamara D’Angeli, Chiara D’Onofrio, Federico Maria Di Vizio, Enila Elezi, Alessandra Faranda, Nadia Feola, Laura Gastaldi, Vincenzo Giuffré, Nicola Landolfi, Giacomo Lusardi, Valentina Mazza, Lara Mastrangelo, Maria Chiara Meneghetti, Deborah Paracchini, Maria Vittoria Pessina, Tommaso Ricci, Rebecca Rossi, Roxana Smeria, Massimiliano Tiberio, Giulia Zappaterra.

Articles concerning Telecommunications are curated by Massimo D’Andrea, Flaminia Perna and Matilde Losa.

For further information on the topics covered, please contact the partners Giulio Coraggio, Marco de Morpurgo, Gualtiero Dragotti, Alessandro Ferrari, Roberto Valenti, Elena Varese, Alessandro Boso Caretta, Ginevra Righini.

Learn about Prisca AI Compliance, the legal tech tool developed by DLA Piper to assess the maturity of AI systems against key regulations and technical standards here.

You can learn more about “Transfer,” the legal tech tool developed by DLA Piper to support companies in evaluating data transfers out of the EEA (TIA) here. And check out a DLA Piper publication outlining Gambling regulation here, a report analyzing key legal issues arising from the metaverse qui, and a comparative guide to regulations on lootboxes here.

If you no longer wish to receive Innovation Law Insights or would like to subscribe, please email Silvia Molignani.