Innovation Law Insights

Legal Break

CJEU clarifies how to challenge EDPB decisions: What does it mean for businesses?

Can companies directly challenge decisions of the European Data Protection Board (EDPB)? This is a question often raised in the context of GDPR enforcement.

The Court of Justice of the European Union has now provided clarity on the issue, with concrete implications for litigation strategy and interactions with supervisory authorities.

In the latest episode of Legal Break, Giulio Coraggio of DLA Piper discusses the topic, offering insights into what the court has actually established, why the decision is practically relevant and what companies should be taking into account going forward.

You can watch the episode here.

 

Data protection and cybersecurity

Legitimate interest under GDPR: Why it still fails in practice (and what the Garante is telling us)

Legitimate interest under the GDPR is one of the most used, and most misunderstood, legal bases. But what are the most relevant issues to be addressed, and how can it be used properly?

The recent digest published by the European Data Protection Board offers a very clear message: the issue isn’t whether legitimate interest can be used, but how it’s applied in practice. And if you look at recent enforcement trends, including decisions of the Italian data protection authority, Garante per la protezione dei dati personali, the direction is consistent.

What Legitimate Interest under the GDPR really requires

Under Article 6(1)(f) GDPR, legitimate interest relies on a three-step test: a legitimate interest must exist, the processing must be necessary, and the interest must not be overridden by the rights of individuals.

This looks simple in theory. In practice, it’s one of the most complex legal bases to operationalise.

The EDPB digest, which analyses more than 60 One-Stop-Shop decisions, confirms that legitimate interest can cover a wide range of scenarios, from fraud prevention to marketing and even AI development. But that flexibility comes at a cost: a much higher burden of justification.

Why legitimate interest under the GDPR keeps failing

No real Legitimate Interest Assessment (LIA)

The first recurring issue is procedural. Many companies simply don’t carry out a proper LIA before starting the processing. And this is where things already break. Supervisory data protection authorities are very clear: the assessment must be done ex ante, not reconstructed after the fact.

Interests described in generic terms

Another pattern I see very often in practice, and that the digest confirms, is the use of vague purposes: “improving services,” “measuring performance” or “enhancing user experience.”

These formulations don’t work. Regulators expect the legitimate interest to be clearly and precisely articulated, otherwise the entire test collapses.

The necessity test is underestimated

Even when the interest is accepted, controllers often fail to show that the processing is necessary. Authorities are increasingly asking a very simple question: could you achieve the same result in a less intrusive way? In some cases, the answer is yes – and that’s enough to invalidate the legal basis.

The balancing test is where most cases are lost

This is the real battleground. The analysis isn’t theoretical. It’s based on how the processing is perceived by the individual.

Key factors include reasonable expectations, level of transparency and actual impact on the data subject. If the processing is unexpected, opaque or too intrusive, legitimate interest won’t hold.

The Garante’s position on legitimate interest

What’s particularly interesting is how closely recent decisions of the Garante per la protezione dei dati personali, the Italian data protection authority, align with this approach. In several cases, the Garante has challenged the insufficient level of detail of LIAs, the use of boilerplate or generic assessments and the lack of a real, documented balancing test.

The key message is quite pragmatic: a formal LIA isn’t enough. It must be specific, reasoned and evidence-based.

In other words, simply stating that a legitimate interest exists isn’t sufficient. You need to demonstrate what the interest actually is, why the processing is necessary, how the impact on individuals has been assessed and which safeguards have been implemented. This is where many organisations are still exposed.

Can you switch to legitimate interest later?

Another point clarified by the EDPB digest is particularly relevant in practice. Trying to rely on legitimate interest after another legal basis has failed is, in most cases, not acceptable. Why? Because it undermines transparency obligations and individuals’ right to object.

There are limited exceptions, but they remain just that, exceptions. Besides, the Garante’s position is that it’s not possible to list multiple legal bases for the same data processing without specifying in detail when each legal basis applies.

Legitimate interest and AI: A growing risk area

This topic becomes even more relevant when we look at AI systems. Legitimate interest is often used in AI-related processing because of its flexibility. But that flexibility can be misleading. AI projects typically involve evolving purposes, large-scale data reuse and difficulty in assessing impact upfront.

All elements that make the necessity and balancing tests more complex. From what I see, this is exactly where the gap between legal theory and operational reality is still too wide.

Legitimate interest is a governance issue

The takeaway is quite clear. Legitimate interest under the GDPR isn’t the “easy option.” It’s one of the most demanding legal bases from a governance perspective. The shift we’re seeing, both at EDPB level and in the Garante’s decisions, is towards a much more substantive assessment. This means moving beyond templates, integrating LIA into internal processes and aligning legal analysis with technical design.

Because today, the real risk isn’t choosing the wrong legal basis. It’s assuming that legitimate interest requires less work than the others.

Author: Giulio Coraggio

 

Italian Garante sets (almost) no limits to former employees’ email access

The Italian Data Protection Authority (the Garante) issued a decision that significantly expands the right of access by former employees to their work-related emails, putting companies at risk of the disclosure of considerable trade secrets and confidential information. While the ruling reinforces the right of access under Article 15 GDPR, it also creates a difficult – and potentially risky – scenario for businesses handling corporate email accounts. 

At its core, the decision states that a former employee can access emails stored in their corporate mailbox, and that the employer cannot pre-screen, filter or alter the content before granting access unless there’s a “concrete risk” deriving from the disclosure. This means that companies might be forced to transfer to former employees business information that’s highly valuable. Is this approach operationally sustainable?

Former employees’ email access: What the Garante decided

In the decision, the Garante found unlawful the company’s approach of reviewing emails in advance and limiting access only to those considered “strictly personal.”

According to the Italian Data Protection Authority:

• Emails stored in a corporate account are not the exclusive property of the employer.
• The employee retains rights over personal data contained in those emails.
• The employer cannot manipulate or “sanitize” email content before disclosure.

This means that former employees’ email access must be granted in a way that preserves the integrity of the data, without any prior filtering.

There is a limitation to such disclosure only in case there is a “concrete risk” deriving from it. The scope of this limitation isn’t clearly defined. It might be possible that the right might be limited in case of pending disputes, but what about business information that if disclosed might be communicated by the former employee to its new employer?

Why this approach is problematic in practice

The decision creates immediate challenges for organisations.

If companies cannot review emails before disclosure, remove third-party personal data or exclude confidential or sensitive business information, then former employees’ email access may lead to the uncontrolled disclosure of information far beyond the employee’s personal data.

This includes client communications, internal legal or strategic discussions, commercially sensitive information and trade secrets embedded in daily correspondence.

In other words, the decision risks turning former employees’ email access into a mechanism for transferring confidential information outside the company.

Trade secrets and confidential information at risk

One of the most critical implications of the Italian Garante former employees email access decision is the potential exposure of trade secrets.

Employers are still legally bound to protect confidential business information, comply with contractual confidentiality obligations and safeguard third-party data. Yet, under this approach, they may have to disclose emails without being able to mitigate these risks.

This creates a structural imbalance between the right of access under GDPR and the protection of trade secrets and business confidentiality.

The lack of a clear balancing mechanism makes compliance extremely challenging.

Log retention and employee monitoring risks

The Garante also addressed the issue of log retention, adding another layer of complexity.

It reiterated that logs retained for cybersecurity purposes must comply with the storage limitation principle, meaning retention must be strictly necessary and proportionate and logs used for defensive purposes may qualify as employee monitoring, triggering the application of the Italian Workers’ Statute.

This confirms that former employees’ email access cannot be assessed in isolation. It’s part of a broader governance framework involving privacy, employment law and cybersecurity.

The need for a very conservative approach

In light of this decision, companies may have no choice but to adopt a very conservative approach to email governance.

Practical steps include:

• restricting or clearly regulating personal use of corporate email accounts;
• implementing data segregation and classification policies;
• minimizing retention of emails and related logs; and
• defining structured procedures for handling access requests.

The key shift is clear: risk cannot be managed at the moment of access; it must be addressed ex ante.

A difficult balance to achieve

The Italian Data Protection Authority’s decision reinforces data subject rights but leaves companies facing a difficult trade-off.

On one side a broad and almost unrestricted right of access. On the other, strict obligations to protect confidential information and trade secrets.

Without a workable middle ground, organisations risk being caught in a compliance paradox where any decision may expose them to liability.

The real question is no longer whether former employees have a right of access, but how companies can comply with that right without compromising their most sensitive information. There’s no doubt that, after this decision, companies will have to change the way confidential information is circulated in the company.

Author: Giulio Coraggio

 

Intellectual Property

The EU-Mercosur Agreement: Protection of geographical indications and intellectual property

After over 25 years of negotiations, the EU and the Mercosur countries (Argentina, Brazil, Paraguay, and Uruguay) have reached a historic trade agreement. This is the largest free trade agreement ever negotiated by the EU, set to create a trade area of around 700-800 million people and a combined GDP of around USD20 trillion. The interim trade agreement will enter into provisional application starting 1 May 2026.

The approval process

The political agreement was reached on 6 December 2024, with formal signature on 17 January 2026 in Asunción. The “two-tier” architecture comprises an EU-Mercosur Partnership Agreement (EMPA) and an interim Trade Agreement (iTA). The European Parliament has referred the agreement to the Court of Justice of the EU for a legality review, but the Commission has nevertheless proceeded with provisional application.

Protection of geographical indications: A victory for Made in Italy

One of the most significant chapters of the agreement concerns the protection of intellectual property, with particular attention to Geographical Indications (GIs). The agreement guarantees the recognition and protection of over 350 European Geographical Indications in the Mercosur countries and over 220 Mercosur indications in the EU. Of these, 57 are Italian excellences, representing the highest number of Geographical Indications ever protected in a EU trade agreement.

The 57 protected Italian geographical indications

The complete list includes iconic food products and prestigious wines:

Food products: Aceto Balsamico di Modena, Aceto Balsamico tradizionale di Modena, Aprutino Pescarese, Asiago, Bresaola della Valtellina, Cantuccini Toscani/Cantucci Toscani, Culatello di Zibello, Fontina, Gorgonzola, Grana Padano, Mela Alto Adige/Südtiroler Apfel, Mortadella Bologna, Mozzarella di Bufala Campana, Pancetta Piacentina, Parmigiano Reggiano, Pasta di Gragnano, Pecorino Romano, Pomodoro S. Marzano dell’Agro Sarnese-Nocerino, Prosciutto di Parma, Prosciutto di San Daniele, Prosciutto Toscano, Provolone Valpadana, Salamini italiani alla cacciatora, Taleggio, Toscano, Zampone Modena.

Wines and spirits: Asti, Barbaresco, Barbera d’Alba, Barbera d’Asti, Bardolino/Bardolino Superiore, Barolo, Brachetto d’Acqui/Acqui, Brunello di Montalcino, Campania, Chianti, Chianti Classico, Conegliano-Prosecco, Valdobbiadene-Prosecco, Dolcetto d’Alba, Emilia/dell’Emilia, Fiano di Avellino, Franciacorta, Greco di Tufo, Lambrusco di Sorbara, Lambrusco Grasparossa di Castelvetro, Marca Trevigiana, Marsala, Montepulciano d’Abruzzo, Prosecco, Sicilia, Soave, Toscana/Toscano, Valpolicella, Veneto, Vernaccia di San Gimignano, Vino Nobile di Montepulciano, Grappa.

Protection mechanisms and the fight against Italian sounding

The agreement prohibits the imitation of protected denominations, with strengthened enforcement mechanisms that will allow more effective action against “Italian sounding” in South American markets. This phenomenon, which costs Italy an estimated EUR120 billion per year worldwide, means that more than two out of three Italian agri-food products are counterfeits with no connection to Italy.

The intellectual property chapter of the agreement establishes clear rules for the treatment of GIs:

• A recognised Geographical Indication cannot be considered a common name.
• In the case of homonymous GIs (same name but different origins), the parties may allow their coexistence on the market, provided consumers aren’t confused about the product’s origin.
• The agreement prohibits the registration of trademarks identical to or containing a GI, except for applications filed in good faith before the agreement’s entry into force.
• A Committee on GIs has been established, composed of representatives of national authorities responsible for GI protection and the Ministries of Foreign Affairs, with functions of supervising the agreement’s implementation.

The US-Argentina Agreement: A threat to geographical indications

While the EU-Mercosur Agreement represents an important step forward for the protection of Italian PDOs and PGIs, another trade agreement risks undermining this progress. The signing of ARTI (Agreement on Reciprocal Trade and Investment) between the US and Argentina, which took place in early February 2026, redefines the balance in international agri-food trade and shines a spotlight on the protection of European geographical indications.

Article 2.4 of the ARTI agreement stipulates that Argentina must ensure transparency and fairness in the protection or recognition of geographical indications, including under international agreements. However, in cases where Argentina protects or recognises a term as a geographical indication but there is no quality, reputation, or other characteristic of the product essentially attributable to its geographical origin, Argentina must allow the use of that term in relation to US products.

The list of “generic” names

The heart of the US-Argentina treaty is represented by Article 2.5 (“Cheese and Meat Terms”), which establishes that Argentina shall not restrict US market access due to the mere use of cheese and meat terms listed in Annex II of the agreement. In the absence of formal demonstration of a “special reputation essentially attributable to geographical origin,” those names can be used freely, even if they evoke products historically linked to Italian territories.

Annex II of the ARTI agreement contains a detailed list of terms for which Argentina must not restrict market access for US products whose name consists of or contains terms such as Asiago, Fontina, Gorgonzola, Grana, Parmesan, Pecorino, Provolone, and Romano for cheeses, and Bologna for cured meats. The formal inclusion of these names in the treaty crystallises their qualification as common use terms in the bilateral relationship between Washington and Buenos Aires.

The conflict with the Mercosur Agreement: A legal analysis

The comparison between the two agreements reveals a normative antinomy rooted in profoundly different legal conceptions of intellectual property.

The European model is founded on the principle that a name registered as a PDO or PGI enjoys protection against any “use, imitation or evocation,” even where the true origin of the product is indicated or the protected name is translated or accompanied by expressions such as “type,” “style,” “imitation” or similar (Art. 26). European protection doesn’t require demonstration of a likelihood of confusion: it’s sufficient that the contested sign “evokes” the protected product in the consumer’s mind. The Court of Justice of the EU, in case C-132/05 Commission v Germany (2008), clarified that evocation may derive not only from phonetic or visual similarity, but also from mere “conceptual proximity” between terms, establishing, for example, that “Parmesan” constitutes evocation of the PDO “Parmigiano Reggiano.”

The US model, reflected in ARTI, is instead founded on the common name doctrine (or genericness doctrine) which considers terms such as “Parmesan,” “Asiago” or “Gorgonzola” as generic names that identify types of products, and which cannot constitute infringement of a PDO.

This conceptual divergence translates into potentially incompatible international obligations for Argentina.

From the perspective of treaty law, the situation raises complex questions. Article 2.3, paragraph 2, of ARTI requires Argentina not to assume commitments with third countries that entail measures incompatible with ARTI obligations. However, Argentina’s commitments to the EU regarding GIs derive from the Mercosur agreement, which predates ARTI in terms of the political agreement (December 2024) but follows it in terms of the iTA’s entry into force (May 2026). The question of temporal precedence and hierarchy between the two treaties in Argentine domestic law remains open and could require years of litigation to be clarified.

From a legal standpoint, this means that the EU or Italy will not easily be able to claim exclusivity over those denominations in Argentina, should they be considered generic under ARTI. As highlighted by Qualivita (the Italian foundation dedicated to protecting PDOs, PGIs and TSGs), “ARTI clearly conflicts with the Mercosur agreement.”

In practical terms, producer groups and individual producers of Italian PDOs and PGIs could find themselves in the paradoxical situation of having formal protection under the Mercosur agreement, but seeing it challenged in court by US operators invoking rights derived from ARTI. The Argentine judge would find themselves having to choose between two sources of international treaty law with equal formal standing, in the absence of clear criteria of precedence. This legal uncertainty represents a real cost for European producers, both in terms of legal expenses and reputational risk arising from the coexistence on the Argentine market of authentic products and legitimised imitations.

It’s significant to note that the US is proposing similar agreements to other nations, including India, and that the list of accepted generic names could be further expanded over time.

Opportunities and challenges for Italian businesses

Opportunities

Mercosur represents a market of over 260 million consumers with growing interest in quality products. For Italian companies, concrete opportunities include privileged access with greater legal certainty for Geographical Indications, enhancement of territorial branding, participation in public procurement, and SME expansion (approximately 30,000 small and medium-sized EU enterprises already export to Mercosur).

Challenges

The main challenges include price competitiveness with South American products, complexity in enforcing rules (which will require familiarity with Mercosur legal systems), and the need for marketing investments to educate consumers on the value of Italian denominations. The most significant challenge, however, concerns the regulatory conflict with the US-Argentina agreement: the coexistence of two international agreements with conflicting provisions on the same denominations creates legal uncertainty, especially in Argentina, where Italian producers could find themselves facing litigation with unpredictable outcomes.

The Subcommittee on Intellectual Property

The agreement establishes a Subcommittee on Intellectual Property with strategic functions for implementing, monitoring and improving the IP chapter provisions. Its main responsibilities include:

• monitoring the implementation of the agreement’s provisions;
• promoting technical cooperation between the EU and Mercosur, including the exchange of legislative experiences, enforcement practices, and strategies for the application of intellectual property rights; and
• managing notifications of new GIs and ensuring compliance with agreed terms.

Conclusions

The EU-Mercosur Agreement represents much more than a trade treaty: it’s an opportunity to further enhance the intangible heritage that makes Italian and European products unique. As emphasised by Foreign Minister Tajani, the agreement is “a great opportunity for all our companies,” with the objective of reaching EUR700 billion in exports.

However, the recent signing of the ARTI agreement between the US and Argentina introduces an element of complexity that requires attention. The coexistence of two potentially conflicting regulatory frameworks on the same territory requires geographical indications to adopt multi-level protection strategies, combining the tools offered by the Mercosur agreement with careful market surveillance and constant dialogue with competent authorities.

For GI producers, this is the right time to evaluate the opportunities offered by the agreement and strengthen their internationalisation strategy, establishing presence in new markets with adequate protection tools. Intensive diplomatic work will be essential to ensure that the protections obtained through the Mercosur agreement aren’t nullified by bilateral agreements that legitimise Italian sounding. With the right preparation and adequate tools, Italian companies can transform this challenge into a lasting competitive advantage, consolidating the reputation of authentic Made in Italy in one of the most promising economic areas in the world.

Author: Maria Rita Cormaci

 

Trademark infringement for the commercial use of an album title: “The Life of a Showgirl” case

In the entertainment industry, where the value of a project is increasingly shaped by its symbolic positioning as much as by its commercial reach, even an album title can trigger a legal dispute. This appears to be the case for globally renowned singer-songwriter Taylor Swift, who has reportedly been drawn into a lawsuit alleging trademark infringement for using the title of her latest album, “The Life of a Showgirl,” as a designation of the commercial origin of goods marketed in connection with the album’s promotion.

“Confessions of a Showgirl” versus “The Life of a Showgirl”

The action was brought by Las Vegas performer Maren Flagg, known professionally as Maren Wade, before a federal court in California against Taylor Swift, her record label, and other affiliated companies. The plaintiff argues that Swift used her album title as a distinctive mark notwithstanding its strong similarity to the trademark “Confessions of a Showgirl,” which Wade has used to identify her own artistic activity.

According to the complaint, the “Confessions of a Showgirl” project began in 2014 as a magazine column recounting episodes and behind-the-scenes anecdotes from the performer’s experience in the entertainment world, and later expanded into a live show, a podcast, and a book, all bearing the same title. The corresponding trademark was registered with the US Patent and Trademark Office (USPTO) in 2015 and is designated in International Class 41, relating to entertainment services, which include, among other things, live performances and musical and audiovisual production.

Starting with the album’s release in October 2025, the defendants allegedly used “The Life of a Showgirl” to distinguish igoods offered for sale as part of the album’s promotional activity. Such use, the plaintiff contends, goes beyond mere artistic expression and instead functions as a distinctive sign capable of identifying the commercial source of the products, including through product names such as “The Life of a Showgirl Candle” and “The Life of a Showgirl Hairbrush.”

The plaintiff further notes that the USPTO refused the application to register “The Life of a Showgirl” because of a likelihood of confusion with Wade’s existing trademark. In the USPTO’s view, the signs share a common component, namely the wording “of a Showgirl,” are similar in appearance and sound, and convey an overall comparable commercial impression. In addition, the parties’ goods and services were considered closely related, because the signs are used in connection with entertainment services involving musical and theatrical performances. As a result, consumers encountering both marks could reasonably assume a connection between the parties.

Although not binding on the court, this type of administrative assessment is presented as an important indicator, since it suggests that the likelihood of confusion had already been identified at the time the registration was sought. According to Wade’s complaint, despite that refusal and the warning that “The Life of a Showgirl” could be confused with the prior registered mark, use of the sign allegedly continued as part of a merchandising strategy that enabled a global rollout through widespread retail distribution reaching millions of consumers. On that basis, the plaintiff argues that the trademark violation arising from the commercial use of Taylor Swift’s latest album title was intentional.

In the plaintiff’s view, “The Life of a Showgirl” is, from a visual, phonetic, and overall commercial-impression standpoint, likely to cause confusion with the plaintiff’s “Confessions of a Showgirl” mark as to the existence of an affiliation, connection, or association between the plaintiff and the defendants, leading the public to believe that the respective brands and products are derived from, sponsored by, or otherwise linked to one another. Because the similarity operates on multiple levels, the plaintiff maintains, it is immediate. The phrase “of a Showgirl” is to be considered as the identity core of both expressions, while the comparable structure of the two titles contributes to a sense of familiarity. This similarity, the plaintiff argues, may mislead consumers: both signs are used within the same market and target the same consumer base, as they are associated with entertainment projects, potentially leading consumers to believe that a connection exists between the two.

Other aspects of the dispute

The dispute isn’t limited to trademark infringement arising from the commercial use of Taylor Swift’s album title. It also includes allegations of unfair competition and false designation, which prohibits marketing goods or services in a manner that leads consumers to believe they originate from an entity other than the true source. In the entertainment industry, where personal branding and recognisability are central, this type of ambiguity can have significant consequences.

In this context, an implicit but crucial aspect of the dispute concerns the asymmetry between the parties. On the one hand stands one of the most influential artists in the world, with immediate global distribution capabilities and one of the broadest trademark portfolios in the music sector; on the other, an independent project built over time around a single mark. According to Wade, this context creates the risk of reverse confusion, whereby the earlier, lesser-known mark may be progressively overshadowed by the enormous visibility of a product linked to a globally recognised figure such as Taylor Swift, to the point that the senior mark could be perceived as derived from, or a copy of, the later one.

According to the complaint, the progressive weakening of the plaintiff’s mark would threaten Wade’s entire brand. The pleading also points to search-engine results: when users search online for “Confessions of a Showgirl,” content connected to Swift allegedly appears more and more frequently at the top, making it harder to locate material tied to Wade’s project. By using “The Life of a Showgirl” as a trademark in connection with consumer goods distributed on a global scale, the defendants, according to the plaintiff, exploited their substantially greater commercial power to overwhelm the senior mark and to weaken both its source-identifying function and its goodwill.

Wade seeks unspecified damages, claiming serious harm to her business, reputation and the value built around her “Confessions of a Showgirl” mark. She also requests an order requiring the defendants to cease and permanently discontinue any use of “The Life of a Showgirl,” or any confusingly similar designation, as a trademark or source-identifying sign in connection with any goods or services.

The importance of trademark protection in the entertainment sector

Regardless of how the case ultimately turns out, it highlights an increasingly pronounced tension within today’s creative industries. Artistic freedom, traditionally grounded in archetypes, shared cultural references, and recurring narrative forms, now confronts an ever more sophisticated system of legal protections, in which even seemingly generic elements may acquire exclusivity when placed in a specific commercial context. This dynamic affects not only music, but also film, publishing, and digital media, where the value of a title, brand, or creative concept can translate into economically significant assets.

It’s precisely within this delicate balance that the modern entertainment industry operates. Choosing a title or a name is no longer solely a creative act; it’s become a strategic step that requires thorough legal checks, attention to pre-existing trademarks and distinctive signs, and full awareness of the relevant market.

Author: Chiara D’Onofrio

 

Technology Media and Telecommunication

DSA and the protection of minors: Snapchat and other online platforms under the Commission’s scrutiny

On 26 March 2026, the European Commission opened an investigation into Snapchat in relation to possible issues concerning the use of the platform by minors. These aspects could constitute a breach of the Digital Services Act (DSA), which requires providers of online platforms accessible to minors to adopt appropriate and proportionate measures to ensure a high level of privacy, safety, and protection of minors.

The Commission’s investigation focuses on five main areas:

1. Age assurance: Snapchat’s practice of relying on users’ mere self-declaration of age may be considered insufficient, as such a system may fail to prevent access by users under 13 and may not allow for adequate age verification.
2. Grooming and recruitment of minors: The platform may not adequately protect minors from harmful contacts, for example for purposes of sexual exploitation or recruitment into criminal activities. In particular, adult users may impersonate minors, increasing risks for younger users.
3. Inadequate default settings: Default settings may not ensure a sufficient level of privacy and safety for minors. Certain features are automatically enabled, without adequate guidance on how to manage them.
4. Dissemination of information related to prohibited products: The moderation tools used by Snapchat may not be effective in limiting the dissemination of information relating to illegal products or products prohibited for minors, such as drugs, vapes or alcohol.
5. Reporting of illegal content: Reporting systems may not be easily accessible or user-friendly and may include so-called dark patterns in their design. In addition, users may not be adequately informed about available redress mechanisms.

This investigation is part of a broader context in which a growing focus by the Commission on the enforcement of the DSA for the protection of minors can be observed. On the same date, 26 March 2026, the Commission also preliminarily found that several platforms sharing pornographic content may be in breach of the DSA for allowing minors to access their services.

The potential violations would stem, on the one hand, from inadequate risk assessments, as such platforms may have failed to properly identify and assess the risks posed to minors. On the other hand, they may have failed to implement effective measures to prevent minors from accessing their services, thereby not ensuring adequate protection of their rights and well-being.

In this context, the Commission has reiterated that self-declaration of age does not constitute an effective measure, while appropriate age verification systems should be adopted, in line with the Guidelines on the protection of minors under the DSA published in 2025.

The Guidelines identify three main categories of age assurance tools used by online platforms:

• Self-declaration: methods requiring users to declare their age or age group.
• Age estimation: methods allowing the provider to estimate a user’s age or their belonging to a specific age group.
• Age verification: systems based on official documents or verified identification sources, providing a high level of certainty.

In particular, according to the Guidelines, age verification represents an appropriate and proportionate measure, especially where services present high risks for minors and such risks cannot be mitigated through less intrusive measures. These categories include, for example, services relating to pornographic content, gambling, alcohol, tobacco, nicotine-containing products and drugs.

Providers of such services, even in the absence of specific national obligations, should ensure the adoption of effective age verification measures, and, more generally, carry out a thorough assessment of the risks their platforms may pose to minors and identify appropriate safeguards to mitigate them. These activities are essential both to ensure effective protection of minors online, who are increasingly exposed to harmful content, and in light of the fact that this area appears to constitute a growing priority in the European Commission’s enforcement action.

Author: Josaphat Manzoni

 

Launch of a public consultation on the use of the 40.5-43.5 GHz band

With Resolution No. 59/26/CONS, AGCom has launched a public consultation on the use of frequencies in the 40.5-43.5 GHz band for terrestrial systems capable of providing wireless broadband electronic communications services, in implementation of Decision (EU) 2024/1983.

This initiative forms part of the European harmonisation process of the 40.5-43.5 GHz band (the so-called 42 GHz band), which Decision (EU) 2024/1983 identified as suitable for the development of wireless broadband systems. The Decision requires member states to designate and make the band available for such systems on a non-exclusive basis by 31 December 2026.

In the consultation document (Annex A to the Resolution), the Authority outlines the relevant regulatory and technical framework, highlighting that the 42 GHz band has characteristics suitable for the provision of innovative next-generation electronic communications services (including 5G) based on wireless broadband, small cells, and the use of large channel bandwidths of at least 200 MHz. As noted in Annex A, the use of this frequency band appears particularly suitable, in this context, for hotspot deployments in urban and suburban areas.

In light of these elements, the consultation aims to assess the level of maturity of the technological ecosystem for the use of the band in wireless broadband applications, the actual availability of equipment (both network and user devices), the main characteristics of the services that can be provided, and therefore the effective level of national market demand.

In particular, the Authority invites interested parties to submit comments on several aspects, including:

• any additional observations regarding Decision (EU) 2024/1983 and the harmonisation framework for the use of the 42 GHz band;
• identifying appropriate conditions for the use of the band by wireless broadband systems, including coexistence measures, protection of incumbent services, and the possible identification of preferential portions of the band for assignment;
• the state of standardisation, commercialisation and deployment of equipment (both network and terminals), including timelines for availability and the positioning of the band within the 5G/6G development path;
• the submission of a possible expression of interest in providing services in the band, including potential site locations, the type of service to be offered, and the target users, with details on both network and terminal equipment;
• comments on the proposed assignment models, under which AGCom outlines two alternative options: a two-tier model based on a pre-qualification phase followed by the assignment of usage rights on a site-by-site basis; and a geographically differentiated model combining competitive procedures in high-density areas with “first come, first served” mechanisms in other areas;
• any alternative assignment models that could be considered in the national context.

Interested parties can submit their contributions to the public consultation by 1 May 2026.

Authors: Massimo D’Andrea, Matilde Losa, Arianna Porretti

 

Gaming and Gambling

Removal of the Italian gambling advertising ban: Why Italy’s football authority is now pushing for change

The Italian gambling advertising ban is no longer just about restrictions, the debate is now about the removal of the Italian gambling advertising ban altogether.

I have written extensively over the past years about the Italian gambling advertising ban, its scope, its enforcement challenges, and the fine line between permitted communication and prohibited promotion. But this is a different conversation. Today, the focus is no longer on how the ban works. It’s on whether it should continue to exist at all. And significantly, the call for change is now coming from the top of Italian football.

The push for removing the Italian gambling advertising ban

When Gabriele Gravina, President of the Italian Football Federation (FIGC), openly supports the removal of the gambling advertising ban, the debate enters a new phase.

For years, the ban introduced under the Italian Dignity Decree has been treated as a fixed point of the Italian regulatory framework. That assumption is now being challenged. Gravina’s position isn’t framed as a technical adjustment. It’s a policy shift: the current model is considered ineffective and, more importantly, misaligned with how the market actually operates.

From regulating the ban to questioning its existence

Most of the legal analysis around the Italian gambling advertising ban, including my own, has traditionally focused on how to interpret the scope of the ban, where the boundary lies between advertising and information, and how to structure compliant communication strategies.

That work is still relevant. But it’s no longer sufficient. The core issue is shifting from “how do we comply with the ban?” to “should the ban still be there?” This is a fundamental change in perspective and one that businesses need to start factoring into their strategic planning.

Why the removal of the Italian gambling advertising ban is now on the table

The argument for removing the ban isn’t ideological, it’s grounded in practical outcomes.

The ban hasn’t achieved its intended effect

The original objective was to reduce exposure to gambling advertising. But Italian users continue to be exposed through international and digital channels. Offshore operators are still active and visible. And enforcement is inherently limited in a cross-border environment.

The result is a system where exposure persists, but regulation doesn’t follow it.

This is the central point behind the push to remove the Italian gambling advertising ban: the current framework doesn’t deliver its intended policy outcome.

It’s distorted the market

One of the consequences I’ve highlighted in previous analyses is the creation of an uneven playing field.

Licensed operators are heavily restricted in their ability to communicate and they have to comply with strict regulatory obligations. 

Unlicensed or offshore operators can still reach Italian users through indirect channels.

This asymmetry is now being explicitly recognised at an institutional level.

For the Italian Football Federation (FIGC), this translates into lost sponsorship opportunities and reduced competitiveness of Italian clubs.

It’s driven advertising underground

Another issue I’ve repeatedly addressed is the emergence of indirect and hybrid communication models. The ban hasn’t eliminated advertising, it’s transformed it. We now see content platforms with embedded brand references, influencer-driven communication strategies, and editorial formats that blur the line between information and promotion.

From a legal standpoint, this is predictable. When a market is prevented from communicating directly, it will find alternative routes – often less transparent and harder to regulate. This is one of the strongest arguments in favour of removing the gambling advertising ban: transparency may actually improve under a regulated system than under a prohibition model.

A contradiction that no longer holds

There’s also a structural inconsistency in the Italian framework that’s becoming increasingly difficult to justify.

On one side advertising is broadly prohibited. On the other, operators have to run responsible gambling campaigns, often with brand visibility.

Authorities like AGCOM have tried to provide guidance to navigate this tension. But the contradiction remains. And it becomes even more evident when discussing the removal of the gambling advertising ban: you cannot simultaneously prohibit and require communication.

What removing the ban would actually mean

Supporting the removal of the ban doesn’t mean opening the market without controls. A more realistic scenario is a shift toward a regulated advertising model where only licensed operators can advertise, messaging is strictly controlled and includes responsible gambling elements, targeting restrictions protect vulnerable users, and enforcement focuses on transparency rather than prohibition.

In other words, the focus would move from “no advertising” to “controlled and accountable advertising.” 

Italian gambling advertising – A strategic shift for businesses

For operators, suppliers and investors, this isn’t just a regulatory debate, it’s a strategic inflection point. If the removal of the gambling advertising ban gains traction sponsorship models – particularly in sports – could be reactivated, brand positioning strategies would need to be redesigned, and compliance frameworks would have to adapt to a new, but still strict, regulatory environment.

Businesses that start preparing for this shift early will be better positioned if and when reform materializes.

From prohibition to regulation?

Having analysed the Italian gambling advertising ban for years, the current debate feels different. This is no longer about interpreting the edges of the rule, it’s about reconsidering the rule itself.

The fact that Gabriele Gravina is backing the removal of the gambling advertising ban signals that the discussion has moved to a policy level where economic, legal and practical considerations intersect.

And when that happens, change, whether gradual or structural, becomes a real possibility. The key question isn’t whether safeguards should exist – they should.

The real question is whether a prohibition-based model is still the right tool – or whether Gambling Advertising Italy is about to transition toward a more effective, regulated framework.

You can read about the different gambling regimes in almost 50 jurisdictions in the DLA Piper Gambling Laws of the World guide.

Author: Giulio Coraggio

 

---

Innovation Law Insights is compiled by DLA Piper lawyers, coordinated by Edoardo Bardelli, Carolina Battistella, Noemi Canova, Gabriele Cattaneo, Maria Rita Cormaci, Camila Crisci, Cristina Criscuoli, Tamara D’Angeli, Chiara D’Onofrio, Federico Maria Di Vizio, Enila Elezi, Laura Gastaldi, Vincenzo Giuffré, Nicola Landolfi, Giacomo Lusardi, Josaphat Manzoni, Valentina Mazza, Lara Mastrangelo, Maria Chiara Meneghetti, Giulio Napolitano, Andrea Pantaleo, Deborah Paracchini, Maria Vittoria Pessina, Marianna Riedo, Rebecca Rossi, Roxana Smeria, Massimiliano Tiberio, Federico Toscani, Giulia Zappaterra.

Articles concerning Telecommunications are curated by Massimo D’Andrea, Flaminia Perna, Matilde Losa and Arianna Porretti.

For further information on the topics covered, please contact the partners Giulio Coraggio, Marco de Morpurgo, Gualtiero Dragotti, Alessandro Ferrari, Roberto Valenti, Elena Varese, Alessandro Boso Caretta, Ginevra Righini.

Learn about Prisca AI Compliance, the legal tech tool developed by DLA Piper to assess the maturity of AI systems against key regulations and technical standards here.

You can learn more about “Transfer”, the legal tech tool developed by DLA Piper to support companies in evaluating data transfers out of the EEA (TIA) here, and check out a DLA Piper publication outlining Gambling regulation here, as well as Diritto Intelligente, a monthly magazine dedicated to AI, here.

If you no longer wish to receive Innovation Law Insights or would like to subscribe, please email Silvia Molignani.