📬 NicFab Newsletter #12 | 17 marzo 2026
Privacy, Data Protection, AI e Cybersecurity — la rassegna settimanale.
In questo numero:
🔴 Intesa Sanpaolo sanzionata per 17,6 milioni: trasferimento illegittimo di 2,4 milioni di clienti tramite profilazione non autorizzata
🟢 EDPB ed EDPS sostengono l'armonizzazione delle sperimentazioni cliniche nell'European Biotech Act con nuove salvaguardie
🔴 Acea Energia multata per 2 milioni per contratti fraudolenti attivati all'insaputa dei clienti tramite agenti porta a porta
📈 TraceMap: Commissione UE lancia piattaforma AI per accelerare il rilevamento di frodi e contaminazioni alimentari
⚠️ Operation Synergia III smantella reti cybercriminali internazionali, compromessi 369.000 IP in 163 paesi
🏛️ Parlamento UE proroga deroga privacy per contrastare abusi sessuali online sui minori
📖 AI Act in Pillole: analisi degli obblighi per fornitori di sistemi ad alto rischio secondo l'Articolo 16
🔍 ICO multa Police Scotland per condivisione impropria di dati personali, crescono le sanzioni UK
👉 Leggi il numero completo: https://www.nicfab.eu/it/newsletter/2026-03-17-issue-12/
📩 Iscriviti alla newsletter: https://www.nicfab.eu/it/pages/newsletter/#iscriviti-ora
#Privacy #GDPR #AIAct #Cybersecurity
Privacy, Data Protection, AI e Cybersecurity — la rassegna settimanale.
In questo numero:
🔴 Intesa Sanpaolo sanzionata per 17,6 milioni: trasferimento illegittimo di 2,4 milioni di clienti tramite profilazione non autorizzata
🟢 EDPB ed EDPS sostengono l'armonizzazione delle sperimentazioni cliniche nell'European Biotech Act con nuove salvaguardie
🔴 Acea Energia multata per 2 milioni per contratti fraudolenti attivati all'insaputa dei clienti tramite agenti porta a porta
📈 TraceMap: Commissione UE lancia piattaforma AI per accelerare il rilevamento di frodi e contaminazioni alimentari
⚠️ Operation Synergia III smantella reti cybercriminali internazionali, compromessi 369.000 IP in 163 paesi
🏛️ Parlamento UE proroga deroga privacy per contrastare abusi sessuali online sui minori
📖 AI Act in Pillole: analisi degli obblighi per fornitori di sistemi ad alto rischio secondo l'Articolo 16
🔍 ICO multa Police Scotland per condivisione impropria di dati personali, crescono le sanzioni UK
👉 Leggi il numero completo: https://www.nicfab.eu/it/newsletter/2026-03-17-issue-12/
📩 Iscriviti alla newsletter: https://www.nicfab.eu/it/pages/newsletter/#iscriviti-ora
#Privacy #GDPR #AIAct #Cybersecurity
NicFab Blog
Newsletter #12 - 17 marzo 2026
Privacy, Data Protection, AI, Cybersecurity & Tech Law - Weekly Review
📬 NicFab Newsletter #12 | March 17, 2026
Privacy, Data Protection, AI & Cybersecurity — weekly review.
In this issue:
🔴 Intesa Sanpaolo fined €17.6 million for unlawful profiling of 2.4 million customers transferred to digital subsidiary Isybank
🔴 Acea Energia sanctioned €2 million for over 1,200 fraudulent door-to-door contracts activated without customer knowledge
🏛️ EDPB and EDPS publish joint opinion supporting European Biotech Act while requesting specific safeguards for health data
📊 European Commission launches TraceMap, new AI platform for food safety using artificial intelligence to detect fraud and contamination
🔍 CNIL issues new recommendations for web filtering proxy servers balancing corporate cybersecurity with GDPR compliance
⚠️ Operation Synergia III targets international cybercrime while SocksEscort botnet dismantled with 369,000 compromised IPs
📈 EU moves toward banning AI nudification apps following high-profile cases and growing regulatory concerns
📖 AI Act Explained Part 12 covers Article 16 obligations for high-risk AI system providers including technical documentation requirements
👉 Read the full issue: https://www.nicfab.eu/en/newsletter/2026-03-17-issue-12/
📩 Subscribe to the newsletter: https://www.nicfab.eu/en/pages/newsletter/#subscribe-now
#Privacy #GDPR #AIAct #Cybersecurity
Privacy, Data Protection, AI & Cybersecurity — weekly review.
In this issue:
🔴 Intesa Sanpaolo fined €17.6 million for unlawful profiling of 2.4 million customers transferred to digital subsidiary Isybank
🔴 Acea Energia sanctioned €2 million for over 1,200 fraudulent door-to-door contracts activated without customer knowledge
🏛️ EDPB and EDPS publish joint opinion supporting European Biotech Act while requesting specific safeguards for health data
📊 European Commission launches TraceMap, new AI platform for food safety using artificial intelligence to detect fraud and contamination
🔍 CNIL issues new recommendations for web filtering proxy servers balancing corporate cybersecurity with GDPR compliance
⚠️ Operation Synergia III targets international cybercrime while SocksEscort botnet dismantled with 369,000 compromised IPs
📈 EU moves toward banning AI nudification apps following high-profile cases and growing regulatory concerns
📖 AI Act Explained Part 12 covers Article 16 obligations for high-risk AI system providers including technical documentation requirements
👉 Read the full issue: https://www.nicfab.eu/en/newsletter/2026-03-17-issue-12/
📩 Subscribe to the newsletter: https://www.nicfab.eu/en/pages/newsletter/#subscribe-now
#Privacy #GDPR #AIAct #Cybersecurity
NicFab Blog
Newsletter #12 - March 17, 2026
Privacy, Data Protection, AI, Cybersecurity & Tech Law - Weekly Review
Daily Digest | 17 March 2026
PI_COM:Ares(2026)2806442: Proposal for a Regulation on the European Union Agency for Law Enforcement Cooperation (Eur...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=PI_COM:Ares(2026)2806442
Cyber-attacks against the EU and its member states: Council sanctions three entities and two individuals
Council of the EU Press Releases
https://www.consilium.europa.eu/en/press/press-releases/2026/03/16/cyber-attacks-against-the-eu-and-its-member-states-council-sanctions-three-entities-and-two-individuals/
CELEX:32026R0695: Council Implementing Regulation (EU) 2026/695 of 14 March 2026 implementing Regulation (EU) No 269/...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=CELEX:32026R0695
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
The Hacker News
https://thehackernews.com/2026/03/glassworm-attack-uses-stolen-github.html
Privacy-Preserving Federated Fraud Detection in Payment Transactions with NVIDIA FLARE
cs.LG updates on arXiv.org
https://arxiv.org/abs/2603.13617
#Privacy #AI #Cybersecurity #DailyDigest
PI_COM:Ares(2026)2806442: Proposal for a Regulation on the European Union Agency for Law Enforcement Cooperation (Eur...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=PI_COM:Ares(2026)2806442
Cyber-attacks against the EU and its member states: Council sanctions three entities and two individuals
Council of the EU Press Releases
https://www.consilium.europa.eu/en/press/press-releases/2026/03/16/cyber-attacks-against-the-eu-and-its-member-states-council-sanctions-three-entities-and-two-individuals/
CELEX:32026R0695: Council Implementing Regulation (EU) 2026/695 of 14 March 2026 implementing Regulation (EU) No 269/...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=CELEX:32026R0695
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
The Hacker News
https://thehackernews.com/2026/03/glassworm-attack-uses-stolen-github.html
Privacy-Preserving Federated Fraud Detection in Payment Transactions with NVIDIA FLARE
cs.LG updates on arXiv.org
https://arxiv.org/abs/2603.13617
#Privacy #AI #Cybersecurity #DailyDigest
Daily Digest | 18 March 2026
Towards trustworthy AI in the EU public administration: The EDPS Compass for its new role under the AI Act
EDPS News Feed
https://www.edps.europa.eu/press-publications/press-news/news/2026/towards-trustworthy-ai-eu-public-administration-edps-compass-its-new-role-under-ai-act
Briefing - Simplifying cybersecurity reporting: The Digital Omnibus Single-Entry Point mechanism - 17-03-2026
Documents - Think Tank - European Parliament
https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2026)785675
Europe sanctions Chinese and Iranian firms for cyberattacks
BleepingComputer
https://www.bleepingcomputer.com/news/security/europe-sanctions-chinese-and-iranian-firms-for-cyberattacks/
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
BleepingComputer
https://www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
The Hacker News
https://thehackernews.com/2026/03/leaknet-ransomware-uses-clickfix-via.html
#Privacy #AI #Cybersecurity #DailyDigest
Towards trustworthy AI in the EU public administration: The EDPS Compass for its new role under the AI Act
EDPS News Feed
https://www.edps.europa.eu/press-publications/press-news/news/2026/towards-trustworthy-ai-eu-public-administration-edps-compass-its-new-role-under-ai-act
Briefing - Simplifying cybersecurity reporting: The Digital Omnibus Single-Entry Point mechanism - 17-03-2026
Documents - Think Tank - European Parliament
https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2026)785675
Europe sanctions Chinese and Iranian firms for cyberattacks
BleepingComputer
https://www.bleepingcomputer.com/news/security/europe-sanctions-chinese-and-iranian-firms-for-cyberattacks/
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
BleepingComputer
https://www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
The Hacker News
https://thehackernews.com/2026/03/leaknet-ransomware-uses-clickfix-via.html
#Privacy #AI #Cybersecurity #DailyDigest
Daily Digest | 19 March 2026
At a Glance - Enforcement of the AI Act - 17-03-2026
Documents - Think Tank - European Parliament
https://www.europarl.europa.eu/thinktank/en/document/EPRS_ATA(2026)785670
COM:2026:321:FIN: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on THE 28TH REGIME CORPORAT...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=COM:2026:321:FIN
Russian hybrid threats: four individuals added to EU sanctions list for information manipulation activities
Council of the EU Press Releases
https://www.consilium.europa.eu/en/press/press-releases/2026/03/16/russian-hybrid-threats-four-individuals-added-to-eu-sanctions-list-for-information-manipulation-activities/
EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations
SecurityWeek RSS Feed
https://www.securityweek.com/eu-sanctions-chinese-iranian-firms-supporting-hacking-operations/
Anonymous-by-Construction: An LLM-Driven Framework for Privacy-Preserving Text
cs.LG updates on arXiv.org
https://arxiv.org/abs/2603.17217
#Privacy #AI #Cybersecurity #DailyDigest
At a Glance - Enforcement of the AI Act - 17-03-2026
Documents - Think Tank - European Parliament
https://www.europarl.europa.eu/thinktank/en/document/EPRS_ATA(2026)785670
COM:2026:321:FIN: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on THE 28TH REGIME CORPORAT...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=COM:2026:321:FIN
Russian hybrid threats: four individuals added to EU sanctions list for information manipulation activities
Council of the EU Press Releases
https://www.consilium.europa.eu/en/press/press-releases/2026/03/16/russian-hybrid-threats-four-individuals-added-to-eu-sanctions-list-for-information-manipulation-activities/
EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations
SecurityWeek RSS Feed
https://www.securityweek.com/eu-sanctions-chinese-iranian-firms-supporting-hacking-operations/
Anonymous-by-Construction: An LLM-Driven Framework for Privacy-Preserving Text
cs.LG updates on arXiv.org
https://arxiv.org/abs/2603.17217
#Privacy #AI #Cybersecurity #DailyDigest
📢 EDPB & EDPS | Joint Opinion on Cybersecurity Act 2 and NIS2
On 19 March 2026, EDPB and EDPS adopted Joint Opinion 4/2026 on the proposed Cybersecurity Act 2 and NIS2 amendments.
Key points:
▪️ Strengthened role of ENISA and cybersecurity certification
▪️ ENISA must consult the EDPB on certification schemes for personal data processing
▪️ Single-entry point for personal data breach notifications
▪️ Digital Identity Wallet providers designated as NIS2 essential entities
📄 https://www.edpb.europa.eu/our-work-tools/our-documents/edpbedps-joint-opinion/edpb-edps-joint-opinion-42026-proposal_en
#Privacy #DataProtection #Cybersecurity #EDPB #NIS2
On 19 March 2026, EDPB and EDPS adopted Joint Opinion 4/2026 on the proposed Cybersecurity Act 2 and NIS2 amendments.
Key points:
▪️ Strengthened role of ENISA and cybersecurity certification
▪️ ENISA must consult the EDPB on certification schemes for personal data processing
▪️ Single-entry point for personal data breach notifications
▪️ Digital Identity Wallet providers designated as NIS2 essential entities
📄 https://www.edpb.europa.eu/our-work-tools/our-documents/edpbedps-joint-opinion/edpb-edps-joint-opinion-42026-proposal_en
#Privacy #DataProtection #Cybersecurity #EDPB #NIS2
Daily Digest | 20 March 2026
EDPB-EDPS Joint Opinion 4/2026 on the Proposal for a Cybersecurity Act 2 and the Proposal on amendments to the NIS 2 ...
EDPB publications
https://www.edpb.europa.eu/our-work-tools/our-documents/edpbedps-joint-opinion/edpb-edps-joint-opinion-42026-proposal_en
CEF 2026: EDPB launches coordinated enforcement action on transparency and information obligations under the GDPR
European Data Protection Board
https://www.edpb.europa.eu/news/news/2026/cef-2026-edpb-launches-coordinated-enforcement-action-transparency-and-information_en
Navia discloses data breach impacting 2.7 million people
BleepingComputer
https://www.bleepingcomputer.com/news/security/navia-discloses-data-breach-impacting-27-million-people/
Critical ScreenConnect Vulnerability Exposes Machine Keys
SecurityWeek RSS Feed
https://www.securityweek.com/critical-screenconnect-vulnerability-exposes-machine-keys/
FBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack
TechCrunch
https://techcrunch.com/2026/03/19/fbi-seizes-pro-iranian-hacking-groups-websites-after-destructive-stryker-hack/
#Privacy #AI #Cybersecurity #DailyDigest
EDPB-EDPS Joint Opinion 4/2026 on the Proposal for a Cybersecurity Act 2 and the Proposal on amendments to the NIS 2 ...
EDPB publications
https://www.edpb.europa.eu/our-work-tools/our-documents/edpbedps-joint-opinion/edpb-edps-joint-opinion-42026-proposal_en
CEF 2026: EDPB launches coordinated enforcement action on transparency and information obligations under the GDPR
European Data Protection Board
https://www.edpb.europa.eu/news/news/2026/cef-2026-edpb-launches-coordinated-enforcement-action-transparency-and-information_en
Navia discloses data breach impacting 2.7 million people
BleepingComputer
https://www.bleepingcomputer.com/news/security/navia-discloses-data-breach-impacting-27-million-people/
Critical ScreenConnect Vulnerability Exposes Machine Keys
SecurityWeek RSS Feed
https://www.securityweek.com/critical-screenconnect-vulnerability-exposes-machine-keys/
FBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack
TechCrunch
https://techcrunch.com/2026/03/19/fbi-seizes-pro-iranian-hacking-groups-websites-after-destructive-stryker-hack/
#Privacy #AI #Cybersecurity #DailyDigest
Daily Digest | 23 March 2026
EDPB-EDPS Joint Opinion on the Proposal for a Cybersecurity Act 2 and the Proposal on amendments to the NIS 2 Directive
EDPS News Feed
https://www.edps.europa.eu/press-publications/press-news/news/2026/edpb-edps-joint-opinion-cybersecurity-act-2-and-amendments-nis-2-directive
High-Level Debate: “From Omnibus to Opportunity: Driving Data Protection and Innovation”
EDPS News Feed
https://www.edps.europa.eu/press-publications/press-news/news/2026/high-level-debate-omnibus-opportunity-driving-data-protection-and-innovation_en
PODCAST - A proposito di privacy - Sesto episodio - DOSSIER SANITARIO
Garante Protezione dei dati personali - news
https://www.gpdp.it/garante/doc.jsp?ID=10148225
VoidStealer malware steals Chrome master key via debugger trick
BleepingComputer
https://www.bleepingcomputer.com/news/security/voidstealer-malware-steals-chrome-master-key-via-debugger-trick/
A Novel Solution for Zero-Day Attack Detection in IDS using Self-Attention and Jensen-Shannon Divergence in WGAN-GP
cs.LG updates on arXiv.org
https://arxiv.org/abs/2603.19350
#Privacy #AI #Cybersecurity #DailyDigest
EDPB-EDPS Joint Opinion on the Proposal for a Cybersecurity Act 2 and the Proposal on amendments to the NIS 2 Directive
EDPS News Feed
https://www.edps.europa.eu/press-publications/press-news/news/2026/edpb-edps-joint-opinion-cybersecurity-act-2-and-amendments-nis-2-directive
High-Level Debate: “From Omnibus to Opportunity: Driving Data Protection and Innovation”
EDPS News Feed
https://www.edps.europa.eu/press-publications/press-news/news/2026/high-level-debate-omnibus-opportunity-driving-data-protection-and-innovation_en
PODCAST - A proposito di privacy - Sesto episodio - DOSSIER SANITARIO
Garante Protezione dei dati personali - news
https://www.gpdp.it/garante/doc.jsp?ID=10148225
VoidStealer malware steals Chrome master key via debugger trick
BleepingComputer
https://www.bleepingcomputer.com/news/security/voidstealer-malware-steals-chrome-master-key-via-debugger-trick/
A Novel Solution for Zero-Day Attack Detection in IDS using Self-Attention and Jensen-Shannon Divergence in WGAN-GP
cs.LG updates on arXiv.org
https://arxiv.org/abs/2603.19350
#Privacy #AI #Cybersecurity #DailyDigest
Daily Digest | 24 March 2026
CONSIL:ST_7470_2026_INIT: Proposal for a COUNCIL RECOMMENDATION on a European Union framework for science diplomacy -...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=CONSIL:ST_7470_2026_INIT
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
The Hacker News
https://thehackernews.com/2026/03/north-korean-hackers-abuse-vs-code-auto.html
FBI says Iranian hackers are using Telegram to steal data in malware attacks
TechCrunch
https://techcrunch.com/2026/03/23/fbi-says-iranian-hackers-are-using-telegram-to-steal-data-in-malware-attacks/
Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack
SecurityWeek RSS Feed
https://www.securityweek.com/aquas-trivy-vulnerability-scanner-hit-by-supply-chain-attack/
Rule-State Inference (RSI): A Bayesian Framework for Compliance Monitoring in Rule-Governed Domains
cs.LG updates on arXiv.org
https://arxiv.org/abs/2603.21610
#Privacy #AI #Cybersecurity #DailyDigest
CONSIL:ST_7470_2026_INIT: Proposal for a COUNCIL RECOMMENDATION on a European Union framework for science diplomacy -...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=CONSIL:ST_7470_2026_INIT
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
The Hacker News
https://thehackernews.com/2026/03/north-korean-hackers-abuse-vs-code-auto.html
FBI says Iranian hackers are using Telegram to steal data in malware attacks
TechCrunch
https://techcrunch.com/2026/03/23/fbi-says-iranian-hackers-are-using-telegram-to-steal-data-in-malware-attacks/
Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack
SecurityWeek RSS Feed
https://www.securityweek.com/aquas-trivy-vulnerability-scanner-hit-by-supply-chain-attack/
Rule-State Inference (RSI): A Bayesian Framework for Compliance Monitoring in Rule-Governed Domains
cs.LG updates on arXiv.org
https://arxiv.org/abs/2603.21610
#Privacy #AI #Cybersecurity #DailyDigest
📩 NicFab Newsletter #13 — 24 marzo 2026
È disponibile il numero 13 della newsletter bilingue (IT/EN) su privacy, protezione dei dati, regolazione AI e cybersecurity.
Questa settimana:
🔹 Tribunale di Roma annulla la sanzione da €15M a OpenAI
🔹 EDPB lancia il CEF 2026 sulla trasparenza (25 autorità)
🔹 Chat Control — nessuna intesa tra Parlamento e Consiglio
🔹 Parere congiunto EDPB-EDPS su Cybersecurity Act 2 e NIS2
🔹 Approvato il rinvio di alcune norme AI Act
🔹 Sanzioni UE contro entità cinesi e iraniane per cyberattacchi
🎙️ NOVITÀ: Debutta il Podcast — Legal Prompting, Episodio #1
🔖 AI Act in Pillole – Parte 13: Articolo 17
📖 https://www.nicfab.eu/it/newsletter-issues/2026-03-24-issue-13/
📩 Iscriviti → https://www.nicfab.eu/it/pages/newsletter/#iscriviti-ora
#Privacy #GDPR #AIAct #Cybersecurity #EDPB #NicFab #LegalPrompting #Podcast
È disponibile il numero 13 della newsletter bilingue (IT/EN) su privacy, protezione dei dati, regolazione AI e cybersecurity.
Questa settimana:
🔹 Tribunale di Roma annulla la sanzione da €15M a OpenAI
🔹 EDPB lancia il CEF 2026 sulla trasparenza (25 autorità)
🔹 Chat Control — nessuna intesa tra Parlamento e Consiglio
🔹 Parere congiunto EDPB-EDPS su Cybersecurity Act 2 e NIS2
🔹 Approvato il rinvio di alcune norme AI Act
🔹 Sanzioni UE contro entità cinesi e iraniane per cyberattacchi
🎙️ NOVITÀ: Debutta il Podcast — Legal Prompting, Episodio #1
🔖 AI Act in Pillole – Parte 13: Articolo 17
📖 https://www.nicfab.eu/it/newsletter-issues/2026-03-24-issue-13/
📩 Iscriviti → https://www.nicfab.eu/it/pages/newsletter/#iscriviti-ora
#Privacy #GDPR #AIAct #Cybersecurity #EDPB #NicFab #LegalPrompting #Podcast
NicFab Blog
Newsletter #13 - 24 marzo 2026
Privacy, Data Protection, AI, Cybersecurity & Tech Law - Weekly Review
📩 NicFab Newsletter #13 — March 24, 2026
Issue #13 of the bilingual (IT/EN) newsletter on privacy, data protection, AI regulation and cybersecurity is now available.
This week:
🔹 Rome Court annuls the €15M fine against OpenAI
🔹 EDPB launches CEF 2026 on transparency (25 DPAs)
🔹 Chat Control — no deal between Parliament and Council
🔹 EDPB-EDPS Joint Opinion on Cybersecurity Act 2 & NIS2
🔹 EU AI Act delay approved
🔹 EU sanctions Chinese and Iranian entities for cyberattacks
🎙️ NEW: Podcast launches today — Legal Prompting, Episode #1
🔖 AI Act in a Nutshell – Part 13: Article 17
📖 https://www.nicfab.eu/en/newsletter-issues/2026-03-24-issue-13/
📩 Subscribe → https://www.nicfab.eu/en/pages/newsletter/#subscribe-now
#Privacy #GDPR #AIAct #Cybersecurity #EDPB #NicFab #LegalPrompting #Podcast
Issue #13 of the bilingual (IT/EN) newsletter on privacy, data protection, AI regulation and cybersecurity is now available.
This week:
🔹 Rome Court annuls the €15M fine against OpenAI
🔹 EDPB launches CEF 2026 on transparency (25 DPAs)
🔹 Chat Control — no deal between Parliament and Council
🔹 EDPB-EDPS Joint Opinion on Cybersecurity Act 2 & NIS2
🔹 EU AI Act delay approved
🔹 EU sanctions Chinese and Iranian entities for cyberattacks
🎙️ NEW: Podcast launches today — Legal Prompting, Episode #1
🔖 AI Act in a Nutshell – Part 13: Article 17
📖 https://www.nicfab.eu/en/newsletter-issues/2026-03-24-issue-13/
📩 Subscribe → https://www.nicfab.eu/en/pages/newsletter/#subscribe-now
#Privacy #GDPR #AIAct #Cybersecurity #EDPB #NicFab #LegalPrompting #Podcast
NicFab Blog
Newsletter #13 - March 24, 2026
Privacy, Data Protection, AI, Cybersecurity & Tech Law - Weekly Review
Daily Digest | 25 March 2026
Crunchyroll confirms data breach after hacker claims unauthorized access
TechCrunch
https://techcrunch.com/2026/03/24/crunchyroll-confirms-data-breach-after-hacker-claims-unauthorized-access/
Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
BleepingComputer
https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
Yanluowang ransomware access broker gets 81 months in prison
BleepingComputer
https://www.bleepingcomputer.com/news/security/yanluowang-ransomware-access-broker-gets-81-months-in-prison/
3.1 Million Impacted by QualDerm Data Breach
SecurityWeek RSS Feed
https://www.securityweek.com/3-1-million-impacted-by-qualderm-data-breach/
Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn
SecurityWeek RSS Feed
https://www.securityweek.com/critical-citrix-netscaler-vulnerability-poised-for-exploitation-security-firms-warn/
#Privacy #AI #Cybersecurity #DailyDigest
Crunchyroll confirms data breach after hacker claims unauthorized access
TechCrunch
https://techcrunch.com/2026/03/24/crunchyroll-confirms-data-breach-after-hacker-claims-unauthorized-access/
Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
BleepingComputer
https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
Yanluowang ransomware access broker gets 81 months in prison
BleepingComputer
https://www.bleepingcomputer.com/news/security/yanluowang-ransomware-access-broker-gets-81-months-in-prison/
3.1 Million Impacted by QualDerm Data Breach
SecurityWeek RSS Feed
https://www.securityweek.com/3-1-million-impacted-by-qualderm-data-breach/
Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn
SecurityWeek RSS Feed
https://www.securityweek.com/critical-citrix-netscaler-vulnerability-poised-for-exploitation-security-firms-warn/
#Privacy #AI #Cybersecurity #DailyDigest
Daily Digest | 26 March 2026
Delve did the security compliance on LiteLLM, an AI project hit by malware
TechCrunch
https://techcrunch.com/2026/03/25/delve-did-the-security-compliance-on-litellm-an-ai-project-hit-by-malware/
Vie privée des enfants : les résultats de l’audit du Global Privacy Enforcement Network
CNIL France
https://www.cnil.fr/fr/vie-privee-des-enfants-les-resultats-de-laudit-du-global-privacy-enforcement-network
G7 meets in France to narrow transatlantic Iran split
Euractiv
https://www.euractiv.com/news/g7-meets-in-france-to-narrow-transatlantic-iran-split/
Press release - Future EU Customs Authority to be headquartered in Lille, France
Press releases - Committees - European Parliament
https://www.europarl.europa.eu/news/en/press-room/20260323IPR38814/
Briefing - Artificial Intelligence in Classrooms: Ethical Dimensions - 25-03-2026
Documents - Think Tank - European Parliament
https://www.europarl.europa.eu/thinktank/en/document/IUST_BRI(2026)784573
#Privacy #AI #Cybersecurity #DailyDigest
Delve did the security compliance on LiteLLM, an AI project hit by malware
TechCrunch
https://techcrunch.com/2026/03/25/delve-did-the-security-compliance-on-litellm-an-ai-project-hit-by-malware/
Vie privée des enfants : les résultats de l’audit du Global Privacy Enforcement Network
CNIL France
https://www.cnil.fr/fr/vie-privee-des-enfants-les-resultats-de-laudit-du-global-privacy-enforcement-network
G7 meets in France to narrow transatlantic Iran split
Euractiv
https://www.euractiv.com/news/g7-meets-in-france-to-narrow-transatlantic-iran-split/
Press release - Future EU Customs Authority to be headquartered in Lille, France
Press releases - Committees - European Parliament
https://www.europarl.europa.eu/news/en/press-room/20260323IPR38814/
Briefing - Artificial Intelligence in Classrooms: Ethical Dimensions - 25-03-2026
Documents - Think Tank - European Parliament
https://www.europarl.europa.eu/thinktank/en/document/IUST_BRI(2026)784573
#Privacy #AI #Cybersecurity #DailyDigest
The European Parliament has published a briefing on the ethical dimensions of AI in classrooms (PE 784.573, March 2026), authored by Prof. Wayne Holmes for the CULT Committee.
The document is strong on the ethical-philosophical plane. But the real challenge lies elsewhere: we don't need more principles — we need operational connections between the principles already formulated, binding rules (GDPR, AI Act) and European competence frameworks (DigComp 3.0, eCF 4.0).
In my latest article, I analyse the briefing from the perspective of a data protection lawyer, focusing on:
— The false dichotomy between ethics and law
— Children as rights-bearing subjects, not objects of optimisation
— The "flipped AI divide" as a matter of substantive equality
— The CEN-CENELEC JTC 21 standard on professional AI ethicists
— The role of DigComp 3.0 and eCF 4.0 in bridging the principles-to-practice gap
Full article: https://www.nicfab.eu/en/posts/ai-ethics-classrooms-ep/
Stay updated on AI, privacy and digital rights — subscribe to the newsletter: https://www.nicfab.eu/en/pages/newsletter/#subscribe-now
#AIAct #GDPR #AIethics #Education #DigComp #eCF #EuropeanParliament #DigitalRights #Privacy #ArtificialIntelligence
The document is strong on the ethical-philosophical plane. But the real challenge lies elsewhere: we don't need more principles — we need operational connections between the principles already formulated, binding rules (GDPR, AI Act) and European competence frameworks (DigComp 3.0, eCF 4.0).
In my latest article, I analyse the briefing from the perspective of a data protection lawyer, focusing on:
— The false dichotomy between ethics and law
— Children as rights-bearing subjects, not objects of optimisation
— The "flipped AI divide" as a matter of substantive equality
— The CEN-CENELEC JTC 21 standard on professional AI ethicists
— The role of DigComp 3.0 and eCF 4.0 in bridging the principles-to-practice gap
Full article: https://www.nicfab.eu/en/posts/ai-ethics-classrooms-ep/
Stay updated on AI, privacy and digital rights — subscribe to the newsletter: https://www.nicfab.eu/en/pages/newsletter/#subscribe-now
#AIAct #GDPR #AIethics #Education #DigComp #eCF #EuropeanParliament #DigitalRights #Privacy #ArtificialIntelligence
NicFab Blog
AI Ethics in Classrooms: When Principles Meet the Law
The European Parliament publishes a briefing on the ethical dimensions of AI in classrooms. We analyse the document through the lens of a legal practitioner, connecting ethical principles to the existing European regulatory framework and digital competence…
Il Parlamento Europeo ha pubblicato un briefing sulle dimensioni etiche dell'IA nelle aule scolastiche (PE 784.573, marzo 2026), redatto dal Prof. Wayne Holmes per la commissione CULT.
Il documento è solido sul piano etico-filosofico. Ma il vero nodo è un altro: non servono nuovi principi — servono connessioni operative tra i principi già formulati, le norme vincolanti (GDPR, AI Act) e i framework europei di competenze (DigComp 3.0, eCF 4.0).
Nel mio ultimo articolo analizzo il briefing dalla prospettiva del giurista specializzato in protezione dei dati, con un focus su:
— La falsa dicotomia tra etica e diritto
— I minori come soggetti di diritto, non oggetti di ottimizzazione
— Il "flipped AI divide" come questione di uguaglianza sostanziale
— Lo standard CEN-CENELEC JTC 21 sugli eticisti professionali dell'IA
— Il ruolo di DigComp 3.0 e eCF 4.0 nel colmare il divario principi-prassi
Articolo completo: https://www.nicfab.eu/it/posts/ai-ethics-classrooms-ep/
Per restare aggiornati sui temi di AI, privacy e diritti digitali, iscrivetevi alla newsletter: https://www.nicfab.eu/it/pages/newsletter/#iscriviti-ora
#AIAct #GDPR #EticaIA #Istruzione #DigComp #eCF #ParlamentoEuropeo #DigitalRights #Privacy #ArtificialIntelligence
Il documento è solido sul piano etico-filosofico. Ma il vero nodo è un altro: non servono nuovi principi — servono connessioni operative tra i principi già formulati, le norme vincolanti (GDPR, AI Act) e i framework europei di competenze (DigComp 3.0, eCF 4.0).
Nel mio ultimo articolo analizzo il briefing dalla prospettiva del giurista specializzato in protezione dei dati, con un focus su:
— La falsa dicotomia tra etica e diritto
— I minori come soggetti di diritto, non oggetti di ottimizzazione
— Il "flipped AI divide" come questione di uguaglianza sostanziale
— Lo standard CEN-CENELEC JTC 21 sugli eticisti professionali dell'IA
— Il ruolo di DigComp 3.0 e eCF 4.0 nel colmare il divario principi-prassi
Articolo completo: https://www.nicfab.eu/it/posts/ai-ethics-classrooms-ep/
Per restare aggiornati sui temi di AI, privacy e diritti digitali, iscrivetevi alla newsletter: https://www.nicfab.eu/it/pages/newsletter/#iscriviti-ora
#AIAct #GDPR #EticaIA #Istruzione #DigComp #eCF #ParlamentoEuropeo #DigitalRights #Privacy #ArtificialIntelligence
NicFab Blog
Il Parlamento Europeo pubblica un briefing sulle dimensioni etiche dell'IA nelle aule scolastiche. Analizziamo il documento attraverso la lente del giurista, mettendo in relazione i principi etici con il quadro normativo europeo e i framework di competenze…
Daily Digest | 27 March 2026
EDPB conference on cross-regulatory cooperation: what we learned
EDPB News
https://www.edpb.europa.eu/news/news/2026/edpb-conference-cross-regulatory-cooperation-what-we-learned_en
NEWSLETTER del 26 marzo 2026 - Telemarketing, il Garante privacy sanziona Enel Energia per oltre 500mila euro - Annun...
Garante Protezione dei dati personali - news
https://www.gpdp.it/garante/doc.jsp?ID=10233427
Press release - Artificial Intelligence Act: delayed application, ban on nudifier apps
Press releases - Plenary sessions - European Parliament
https://www.europarl.europa.eu/news/en/press-room/20260323IPR38829/
PI_COM:Ares(2026)3247482: COMMISSION DELEGATED REGULATION (EU) …/… supplementing Directive (EU) 2023/1791 of the Euro...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=PI_COM:Ares(2026)3247482
Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles
Dark Reading
https://www.darkreading.com/vulnerabilities-threats/automotive-cybersecurity-threats-grow-connected-autonomous-vehicles
#Privacy #AI #Cybersecurity #DailyDigest
EDPB conference on cross-regulatory cooperation: what we learned
EDPB News
https://www.edpb.europa.eu/news/news/2026/edpb-conference-cross-regulatory-cooperation-what-we-learned_en
NEWSLETTER del 26 marzo 2026 - Telemarketing, il Garante privacy sanziona Enel Energia per oltre 500mila euro - Annun...
Garante Protezione dei dati personali - news
https://www.gpdp.it/garante/doc.jsp?ID=10233427
Press release - Artificial Intelligence Act: delayed application, ban on nudifier apps
Press releases - Plenary sessions - European Parliament
https://www.europarl.europa.eu/news/en/press-room/20260323IPR38829/
PI_COM:Ares(2026)3247482: COMMISSION DELEGATED REGULATION (EU) …/… supplementing Directive (EU) 2023/1791 of the Euro...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=PI_COM:Ares(2026)3247482
Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles
Dark Reading
https://www.darkreading.com/vulnerabilities-threats/automotive-cybersecurity-threats-grow-connected-autonomous-vehicles
#Privacy #AI #Cybersecurity #DailyDigest
Daily Digest | 30 March 2026
COM:2026:135:FIN: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on establishing the Program...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=COM:2026:135:FIN
OJ:L_202600705: Commission Implementing Regulation (EU) 2026/705 of 20 March 2026 establishing model identification d...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=OJ:L_202600705
CELEX:52026PC0135: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on establishing the Progra...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=CELEX:52026PC0135
CONSIL:ST_7716_2026_INIT: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on establishing the...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=CONSIL:ST_7716_2026_INIT
Press release - Returns regulation: MEPs ready to start negotiations
Press releases - Plenary sessions - European Parliament
https://www.europarl.europa.eu/news/en/press-room/20260324IPR38908/
#Privacy #AI #Cybersecurity #DailyDigest
COM:2026:135:FIN: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on establishing the Program...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=COM:2026:135:FIN
OJ:L_202600705: Commission Implementing Regulation (EU) 2026/705 of 20 March 2026 establishing model identification d...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=OJ:L_202600705
CELEX:52026PC0135: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on establishing the Progra...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=CELEX:52026PC0135
CONSIL:ST_7716_2026_INIT: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on establishing the...
EUR-Lex | AI Act | EN
https://eur-lex.europa.eu/legal-content/AUTO/?uri=CONSIL:ST_7716_2026_INIT
Press release - Returns regulation: MEPs ready to start negotiations
Press releases - Plenary sessions - European Parliament
https://www.europarl.europa.eu/news/en/press-room/20260324IPR38908/
#Privacy #AI #Cybersecurity #DailyDigest
Daily Digest | 31 March 2026
COMUNICATO STAMPA - Data breach, Garante privacy sanziona Intesa Sanpaolo per 31,8 milioni di euro. Accessi indebiti ...
Garante Protezione dei dati personali - news
https://www.gpdp.it/garante/doc.jsp?ID=10235001
COMUNICATO STAMPA - Ddl tutela minori sui social, precisazione Garante privacy
Garante Protezione dei dati personali - news
https://www.gpdp.it/garante/doc.jsp?ID=10235032
European Commission confirms data breach after Europa.eu hack
BleepingComputer
https://www.bleepingcomputer.com/news/security/european-commission-confirms-data-breach-after-europaeu-hack/
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
The Hacker News
https://thehackernews.com/2026/03/openai-patches-chatgpt-data.html
A Regression Framework for Understanding Prompt Component Impact on LLM Performance
cs.LG updates on arXiv.org
https://arxiv.org/abs/2603.26830
#Privacy #AI #Cybersecurity #DailyDigest
COMUNICATO STAMPA - Data breach, Garante privacy sanziona Intesa Sanpaolo per 31,8 milioni di euro. Accessi indebiti ...
Garante Protezione dei dati personali - news
https://www.gpdp.it/garante/doc.jsp?ID=10235001
COMUNICATO STAMPA - Ddl tutela minori sui social, precisazione Garante privacy
Garante Protezione dei dati personali - news
https://www.gpdp.it/garante/doc.jsp?ID=10235032
European Commission confirms data breach after Europa.eu hack
BleepingComputer
https://www.bleepingcomputer.com/news/security/european-commission-confirms-data-breach-after-europaeu-hack/
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
The Hacker News
https://thehackernews.com/2026/03/openai-patches-chatgpt-data.html
A Regression Framework for Understanding Prompt Component Impact on LLM Performance
cs.LG updates on arXiv.org
https://arxiv.org/abs/2603.26830
#Privacy #AI #Cybersecurity #DailyDigest