The Italian Data Protection Authority (DPA) has released new rules in relation to the use of biometrics. The rules include a requirement to notify the DPA of all data breaches or cyber incidents involving biometric systems within 24 hours. New simplified rules, in which the DPA’s prior authorization for use of biometrics is no longer needed, were also included. The resolution identified a number of safety measures needed for biometrics use, and called for particular attention to be paid to the safety of mobile devices that could be easily be compromised or lost.

Italian Data Protection Authority Press Release