Euro

The european project Training Activities to Implement the Data Protection Reform (TAtoDPR) has received funding from the European Unionís Rights, Equality and Citizenship (REC) Programme of the European Union under Grant Agreement No. 769191

The contents of this Journal represent the views of the author only and are his/her sole responsibility. The European Commission does not accept any responsibility for use that may be made of the information it contains.

Home / ISSUES / Issue / Data protection in the e-commerce field

back print content


Data protection in the e-commerce field

Ph.D. Avv. Maria Cristina Gaeta, Postdoctoral Research Fellow in Law at Suor Orsola Benincasa University of Naples, Ph.D. in Law at Federico II University of Naples, Coordinator of the Editorial Team of EJPLT.

Legal design Ltd is a consulting company that deals with creating websites and managing the related legal aspects, mainly on privacy and e-commerce, adapting the websites created, or to be created, with the existing legislation, as well as drafting updated legal documents, clear and easily understandable, also thanks to the legal design techniques of which they are experts.

Following the entry into force of the GDPR, Legal design Ltd is asked to update the privacy policy part of an online clothing shop: Fashion Style. On the part relating to the terms and conditions, however, the necessary adjustment had already been carried out.

 

Challenge Title: Data protection in the e-commerce field

Use Case Author

Ph.D. Avv. Maria Cristina Gaeta, Postdoctoral Research Fellow in Law at Suor Orsola Benincasa University of Naples, Ph.D. in Law at Federico II University of Naples, Coordinator of the Editorial Team of EJPLT.

Topic

Data protection in the e-commerce field

Overview

Legal design Ltd is a consulting company that deals with creating websites and managing the related legal aspects, mainly on privacy and e-commerce, adapting the websites created, or to be created, with the existing legislation, as well as drafting updated legal documents, clear and easily understandable, also thanks to the legal design techniques of which they are experts.

Following the entry into force of the GDPR, Legal design Ltd is asked to update the privacy policy part of an online clothing shop: Fashion Style. On the part relating to the terms and conditions, however, the necessary adjustment had already been carried out.

 

1. Engage

Big idea

Privacy adjustment of an e-commerce website

Essential Question

What processing of personal data is carried out by Fashion Style online shop?

Initial resources

Useful links

 

Privacy policy example:

 https://teoremamoda.shop/privacy-policy-cookie-restriction-mode

 

Cookie policy example:

https://teoremamoda.shop/privacy-policy-cookie-restriction-mode

https://lavoraconnoi.mediaset.it/cookiespolicy.htm

 

Italian Data Protection Authority, what to do if the website installs cookies (before the GDPR):

  https://www.garanteprivacy.it/documents/10160/0/Infografica+cookie+e+privacy+-+cosa+devi+fare

 

Provision of the Italian Data Protection Authority of 8 May 2014 «Chiarimenti in merito all’attuazione della normativa in materia di cookie»:https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4006878

 

For privacy and e-commerce in general

 

Italian Data protection Authority on cookie: https://www.garanteprivacy.it/cookie

 

Italian Data protection Authority on e-commerce: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4840904

 

European Commission on digital privacy: https://ec.europa.eu/digital-single-market/en/online-privacy

 

Digital Agenda: https://www.agendadigitale.eu/mercati-digitali/ecommerce/e-commerce-e-gdpr-come-essere-in-regola-con-norme-privacy-e-non-solo/

 

E-commerce Europe: https://www.ecommerce-europe.eu

 

Guiding Questions

List of the starting questions for the privacy adjustment:

-       What personal data are collected?

-       What are the purposes of the processing?

-       How long are the personal data kept? On which hosting server?

-       Is the data processing online or offline? In the first case, are there active cookies?

-       Who are the subjects involved in the processing of personal data?

-       Are privacy by default and privacy by design tools already in place?

 

Reflections

Other questions to be discussed:

-       Is there a need to appoint a Data Protection Officer?

-       Is there a need to carry out the data protection impact assessment?

Other notes

 

 

 

2. Investigate

Activity Description

-        Starting from the company's organisational model and personal data processed, what are the next steps?

-        What documents must be prepared for the privacy adjustment?

 

 

Resources

Support material:

-        Link indicated above

 

Synthesis

Prepare a word file in which to indicate:

-        what are the necessary activities or documents to be prepared for the privacy adjustment?

-        what are the possible but unnecessary activities or documents that should be prepared for greater protection.

Reflections

Reflections on the activities and documents to be prepared.

 

Other notes

 

 

 

3. Act

Solution Prototypes

Possible solutions.

 

Let's read the solutions of some learners.

 

Solution

Let's definitively establish which activities and documents must be prepared for the privacy adjustment of Wee Ltd.

 

Implementation plan

 

-        How to proceed to prepare the privacy adjustment?

-        How long do we need?

-        What could be a fair and adequate compensation to ask the customer?

Evaluate

Evaluating the simulation carried out, what would you do differently next time in terms of activities and documentation to be provided for the privacy adjustment, timing and fees?

Other notes

 

 

 

4. Reflection and documentation

Case notes

Reflections on how this case could best be developed in the future.



  • Giappichelli Social