Innovation Law Insights

Podcast

Legal Leaders Insights | Marie Ingham, Head of Legal at DAZN, on the challenges of media digitalization

In this episode of Legal Leaders Insights, Join Giulio Coraggio interviews Marie Ingham, Head of Legal at DAZN, the innovative sports streaming platform.

They discuss her career journey, key legal challenges in digital sports broadcasting, and the impact of regulations on DAZN’s innovative strategy. Watch and listen to the latest episode of our podcast here.

AI War – Who sets the rules on AI Regulation?

Regulating AI is like driving a car: some prefer clear speed limits and guardrails, others want an open road with minimal signs. The EU and the US exemplify these two different philosophies in AI regulation. Listen to our podcast on the topic here.

 

Data Protection and Cybersecurity

Granularity of consent for communication of personal data to third parties according to the Garante

On February 27, 2025, the Italian Data Protection Authority (Garante) issued a significant resolution regarding consent for third-party marketing purposes. The resolution focuses on the need to ensure that user consent is free, specific, and granular, in line with the principles of the GDPR.

The case

The provision originates from 82 complaints concerning unwanted calls made without an adequate legal basis by a company that was subsequently sanctioned. This company had received personal data from other data controllers who, at the time of collection, had obtained a generic consent for communication to third parties for marketing purposes.

At the core of the decision is the issue of the validity of consent for transferring data to third parties. The Garante assessed whether the methods of obtaining consent complied with the principles of freedom, specificity, and granularity set out in the GDPR, highlighting critical issues in the adopted practice.

The Garante's observations on granular consent

The Garante clarified that overly generic consent for transferring personal data to third parties for marketing purposes cannot be considered valid. Specifically, it emphasized that the method used to obtain consent didn't allow individuals to choose which specific third-party entities could receive their data. The formula used referred to a broad and indistinct range of recipients in very different sectors, with more than 20 macro-categories listed.

Regarding the channels used to send promotional communications, the Garante also pointed out that individuals weren't given the opportunity to express a clear preference. Users were effectively forced to accept a single, indiscriminate consent without the ability to choose whether to receive offers related to specific product categories or to select preferred communication channels.

The Garante further reiterated that using generic formulas to get consent prevents individuals from expressing a conscious and unequivocal will. Consequently, the consent appeared to be coerced and didn't respect the principle of self-determination, as users faced a binary choice: either accept that their data will be sent to an indefinite number of recipients or refuse consent altogether.

According to the GDPR, users must be able to express free, granular, and specific consent. For the Garante, this means they should be able to select macro-categories of products or services for which they wish to receive promotional communications. And they should be able to easily express preferences with reference to the communication channels they prefer.

Regarding communication channels, the Garante has determined that individuals must be given the option to receive promotional communications only through specific means, such as traditional contact methods. This option must be explicitly stated in the privacy policy and made easily exercisable by users without additional costs or complex procedures.

Conclusions

In light of the Garante's provisions, it will be necessary to adapt by providing for separate consents for transferring data to third parties for marketing purposes. It will also be necessary to provide forms that allow users to select macro-categories of recipients and the communication channel through which to send them.

We believe this doesn't imply an obligation to get separate consent for each subject to whom the data controller intends to communicate the data. The number of consents necessary will have to be determined on a case-by-case basis, considering factors such as the number of recipients, the size and relevance of the product categories involved with respect to the data controller's business, and any other circumstance useful for guaranteeing that the interested party can freely express their will and maintain control over the relative data.

It will be necessary to evaluate the need to:

• modify your consent acquisition forms, adopting solutions that allow users to express more detailed and selective choices with reference to the macro-categories of subjects to whom the data is transferred for marketing purposes;
• modify the privacy policies to indicate the possibility for the interested party to request to receive marketing communications only through traditional methods of contact, and make the process easier to express a preference regarding the preferred communication channel for receiving commercial communications and modify their processes to effectively guarantee this possibility;
• verify whether these changes also exist with regard to data acquired from third parties.

Author: Roxana Smeria

 

Automated Decisions and trade secrets: EU Court of Justice issues judgment

On February 27, 2025, the Court of Justice of the European Union (CJEU) issued its judgment in Case C-203/22, addressing the sensitive issue of transparency in decisions made through automated systems under Article 15(1)(h) of the General Data Protection Regulation (GDPR).

Background of the case

The case originated from a mobile network operator's refusal to enter into or renew a contract with a user, based on an automated assessment of the user’s creditworthiness, which indicated insufficient solvency. Following this refusal, the data subject exercised the right of access under Article 15(1)(h) GDPR, requesting meaningful information about the logic applied in the automated decision-making process based on their personal data. This request was contested by the data controller, who argued that, due to the protection of a trade secret, it wasn't required to provide any further information beyond what had already been disclosed.

The matter was referred to the CJEU, which was asked to clarify the scope of the data subject’s right of access under Article 15(1)(h) GDPR in the context of automated decisions based on profiling. The court was asked whether this right implies an obligation to provide sufficiently detailed and intelligible information on the decision-making logic – including the data processed, parameters used, and scores assigned – and how any conflict with trade secrets or third-party data should be handled. The court was also asked to assess whether the GDPR is compatible with national rules that exclude access in such cases on a general basis.

The European Court of Justice's decision

The CJEU’s decision provides significant guidance on the interpretation and practical application of the right of access in the context of automated decision-making:

• Data controllers must provide clear and accessible explanations of the automated decision-making process, specifying which personal data was used and how it influenced the outcome. It's not sufficient to merely disclose an algorithmic formula or an overly technical description: the explanation must allow the data subject to understand the logic of the decision and assess how changes to their personal data could have led to a different result.
• While the GDPR guarantees the right of access, it may be subject to limitations where competing interests are at stake, such as protecting trade secrets or third-party personal data. But these limitations can't justify an automatic refusal: if the controller considers that disclosure may compromise such interests, it must refer the matter to the competent supervisory authority or court, which will assess the balance of rights and interests on a case-by-case basis.
• National laws that exclude the right of access in the presence of trade or business secrets on a general or automatic basis (as was the case with the Austrian law) are incompatible with the GDPR. The court confirmed that a member state can't predetermine the outcome of the balancing of rights and interests required under EU law, which must always be carried out on a case-by-case basis.

Practical implications of the judgment

Greater transparency obligations: Data controllers will have to provide clear and intelligible explanations of the logic underlying automated decision-making processes, without necessarily disclosing protected technical details. The ruling raises important questions regarding the use of complex and opaque systems (so-called black boxes), whose internal logic may be difficult to access – even for their own developers.

Role of national authorities and courts: Any limitation to the right of access must be assessed on a case-by-case basis by the competent supervisory authorities or courts, which are responsible for balancing the data subject’s rights against the protection of trade secrets or other legally protected interests.

Implications for the AI Act: The court's guidance extends beyond the GDPR and serves as a useful interpretative reference for applying Article 86 of the AI Act, which recognizes the right of data subjects to receive clear and meaningful explanations about the role of certain AI system in the decision and the main elements that determined it.

Conclusions

The judgment offers useful guidance on the scope of the right of access in the context of automated decision-making, clarifying the obligation to provide intelligible explanations, outlining the limits to its restriction in the presence of conflicting interests, and reaffirming the central role of the authorities in assessing the effective scope of this right on a case-by-case basis.

Author: Gabriele Cattaneo

 

Intellectual Property

WIPO announces growth in the use of global registers for patents, trademarks and designs in 2024

The World Intellectual Property Organization (WIPO) has announced a significant increase in the use of its global intellectual property (IP) registers for patents, trademarks and designs throughout 2024. This trend highlights how businesses aiming to expand into global markets are increasingly relying on international IP protection systems.

Patent Cooperation Treaty (PCT)

The use of the PCT system, a cornerstone of international patent protection, increased by 0.5%, reaching 273,900 applications in 2024. China maintained its leading position in terms of volume, with 70,160 applications, followed by the US (54,087), Japan (48,397), South Korea (23,851), and Germany (16,721). While China recorded modest growth of +0.9%, the US (-2.8%), Japan (-1.2%), and Germany (-1.3%) saw declines, potentially indicating a shift in global patenting strategies. For the US, this marks the third consecutive year of decline. Germany's and Japan's volume decreased for the second successive year. In contrast, South Korea experienced a 7.1% increase, marking its 27th consecutive year of growth.

In 2024, digital communication emerged as the leading technology sector among published PCT applications, accounting for 10.5% of the total and surpassing computer technology, which had held the top spot since 2019. Other key technology sectors included computer technology (9.7%), electrical machinery (8.6%), and medical technology (6.5%).

Madrid System

Following two consecutive years of decline, the Madrid System recorded a 1.2% growth, with 65,000 international trademark applications in 2024. The US filed the highest number of applications (11,270), followed by Germany, China, France, and the UK. Notably, South Korea saw a remarkable 12.1% increase, reflecting a growing focus by South Korean businesses on global trademark protection.

The most frequently designated class in international applications submitted to WIPO was computer hardware, software, and other electrical and electronic devices, accounting for 10.8% of total applications in 2024, followed by business services (8.4%) and scientific and technological services (7.8%).

Hague System

The Hague System recorded a 6.8% increase in applications, reaching an all-time high of 27,161 designs in 2024. China led the rankings with 4,870 designs, followed by Germany (4,218), the US (3,034), Italy (2,249), and Switzerland (2,109).

In 2024, the most relevant design categories were recording and communication equipment (12.3%), followed by means of transport (11.1%), packaging and containers (7.9%), furniture (7.6%), and household items (5%).

Conclusion

The growing use of WIPO’s global registration systems underscores the need for a strategic approach to intellectual property management to safeguard innovation, navigate the complexities of global enforcement, and ensure timely dispute resolution through effective mechanisms.

Author: Federico Maria Di Vizio

 

Italian Patent and Trademark Office publishes annual report on patent activities for 2024

The Italian Patent and Trademark Office (UIBM) has published its report on patent activities in 2024, which provides an overview of the trends in patent applications and titles granted over the past year. After a significant decline in 2022, patent applications for industrial inventions rebounded in 2023 and 2024, confirming a recovery in patent activity in Italy. There was a slight overall decline in the total number of filings and a continuous decrease in applications for utility models.

In 2024, there were 10,148 patent applications for industrial inventions, marking a 7.4% increase compared to 2023. This figure confirms a positive trend, reflecting growing innovative activity in the Italian industrial sector. Conversely, utility model patent applications recorded a slight decrease of 1.1%, totaling 1,830 filings.

An interesting aspect concerns requests to open the Italian national phase from international patent applications, which saw an overall increase of 14%, with 199 applications for industrial inventions (+10.6%) and 52 applications for utility models (+30%).

Despite the growth in applications for protection for inventions, the total number of filings decrease by 5.5% compared to 2023, dropping from 35,458 to 33,499. This decrease is attributed to the European patent entering into force with unitary effect. By introducing a single procedure, this has eliminated the need for individual national validations.

Regarding granted patents, there was a 7.7% decrease compared to the 9,781 recorded the previous year. But in contrast to this trend, there was a 21.2% increase in patents granted for industrial inventions resulting from international applications. And there was a remarkable 56.5% rise in supplementary protection certificates, which apply to pharmaceutical and phytosanitary products.

In the near future, it will be interesting to see how the Italian patent system adapts to the new dynamics introduced by the European patent with unitary effect and global technological advancements. The challenge for Italian companies will be to make the most of the opportunities offered by new intellectual property protection tools while ensuring an effective strategy for safeguarding and enhancing their innovations.

Author: Noemi Canova

 

---

Innovation Law Insights is compiled by DLA Piper lawyers, coordinated by Edoardo Bardelli, Carolina Battistella, Carlotta Busani, Giorgia Carneri, Noemi Canova, Gabriele Cattaneo, Maria Rita Cormaci, Camila Crisci, Cristina Criscuoli, Tamara D’Angeli, Chiara D’Onofrio, Federico Maria Di Vizio, Nadia Feola, Laura Gastaldi, Vincenzo Giuffré, Nicola Landolfi, Giacomo Lusardi, Valentina Mazza, Lara Mastrangelo, Maria Chiara Meneghetti, Deborah Paracchini, Maria Vittoria Pessina, Marianna Riedo, Tommaso Ricci, Rebecca Rossi, Roxana Smeria, Massimiliano Tiberio, Federico Toscani, Giulia Zappaterra.

Articles concerning Telecommunications are curated by Massimo D’Andrea, Flaminia Perna, Matilde Losa and Arianna Porretti.

For further information on the topics covered, please contact the partners Giulio Coraggio, Marco de Morpurgo, Gualtiero Dragotti, Alessandro Ferrari, Roberto Valenti, Elena Varese, Alessandro Boso Caretta, Ginevra Righini.

Learn about Prisca AI Compliance, the legal tech tool developed by DLA Piper to assess the maturity of AI systems against key regulations and technical standards here.

You can learn more about “Transfer”, the legal tech tool developed by DLA Piper to support companies in evaluating data transfers out of the EEA (TIA) here, and check out a DLA Piper publication outlining Gambling regulation here, as well as Diritto Intelligente, a monthly magazine dedicated to AI, here.

If you no longer wish to receive Innovation Law Insights or would like to subscribe, please email Silvia Molignani.