Laura Somaini

Laura Somaini is an associate in the Data Privacy and Cybersecurity Practice Group.

Laura advises clients on EU data protection, e-privacy and technology law, including on Italian requirements. She regularly assists clients in relation to GDPR compliance, international data transfers, direct marketing rules as well as data protection contracts and policies.

Contact:

Italy Adopts Artificial Intelligence Law

By Dan Cooper & Laura Somaini on October 8, 2025

Posted in Artificial Intelligence (AI), European Union

On September 23, 2025, the Italian law on artificial intelligence (hereinafter, “Italian AI Law”) was signed into law, after receiving final approval by the Italian Senate on September 17, 2025.

The law consists of varied provisions, including general principles and targeted sectoral rules in certain areas not covered by the EU AI Act. The Italian AI Law will enter into force on October 10, 2025.

We provide below an overview of key aspects of the final text of the Italian AI Law. For full detail, please see our previous blogpost here.Continue Reading Italy Adopts Artificial Intelligence Law

European Commission Makes New Announcements on the Protection of Minors Under the Digital Services Act

By Dan Cooper, Shona O'Donovan, Madelaine Harrington & Laura Somaini on July 22, 2025

Posted in Children's Privacy, European Commission, Online Safety

On 14 July 2025, the European Commission published its final guidelines on the protection of minors under the Digital Services Act (“DSA”) (the “Guidelines”). The Guidelines are intended to provide guidance to providers of online platforms that are “accessible to minors” on meeting their obligations to “put in place appropriate and proportionate measures to ensure a high level of privacy, safety, and security of minors, on their service” (DSA, Art. 28(1)).

The European Commission published a draft version of the guidelines for consultation on 13 May 2025 (“Draft Guidelines”) (see our blog post here). The final Guidelines include some amendments to the Draft Guidelines on the basis of the feedback received during consultation, clarifying and building out further the recommended measures.

Although the Guidelines are non-binding, the Commission has made clear that it intends to use the Guidelines as a “significant and meaningful” benchmark when assessing in-scope providers’ compliance with Article 28(1) DSA.Continue Reading European Commission Makes New Announcements on the Protection of Minors Under the Digital Services Act

CJEU Upholds Country-of-Origin Principle for Online Service Providers in the EU

By Marty Hansen & Laura Somaini on June 14, 2024

Posted in European Union, Litigation

On May 30, 2024, the Court of Justice of the EU (“CJEU”) handed down its rulings in several cases (C-665/22, Joined Cases C‑664/22 and C‑666/22, C‑663/22, and Joined Cases C‑662/22 and C‑667/22) concerning the compatibility with EU law of certain Italian measures imposing obligations on providers of online platforms and search engines. In doing so, the CJEU upheld the so-called “country-of-origin” principle, established in the EU’s e-Commerce Directive and based on the EU Treaties principle of free movement of services. The country-of-origin principle gives the Member State where an online service provider is established exclusive authority (“competence”) to regulate access to, and exercise of, the provider’s services and prevents other Member States from imposing additional requirements.

We provide below an overview of Court’s key findings.Continue Reading CJEU Upholds Country-of-Origin Principle for Online Service Providers in the EU

Italy Proposes New Artificial Intelligence Law

By Dan Cooper & Laura Somaini on May 30, 2024

Posted in Artificial Intelligence (AI), European Union

On May 20, 2024, a proposal for a law on artificial intelligence (“AI”) was laid before the Italian Senate.

The proposed law sets out (1) general principles for the development and use of AI systems and models; (2) sectorial provisions, particularly in the healthcare sector and for scientific research for healthcare; (3) rules on the national strategy on AI and governance, including designating the national competent authorities in accordance with the EU AI Act; and (4) amendments to copyright law.

We provide below an overview of the proposal’s key provisions.Continue Reading Italy Proposes New Artificial Intelligence Law

European Commission Adopts Adequacy Decision on the EU-U.S. Data Privacy Framework

By Jasmine Agyekum, Dan Cooper, Mark Young, Diana Lee & Laura Somaini on July 17, 2023

Posted in Cross-Border Data Transfers, Data Privacy, European Commission, General Data Protection Regulation

On July 10, 2023, the European Commission adopted its adequacy decision on the EU-U.S. Data Privacy Framework (“DPF”). The decision, which took effect on the day of its adoption, concludes that the United States ensures an adequate level of protection for personal data transferred from the EEA to companies certified to the DPF. This blog summarizes the key findings of the decision, what organizations wishing to certify to the DPF need to do and the process for certifying, as well as the impact on other transfer mechanisms such as the standard contractual clauses (“SCCs”), and on transfers from the UK and Switzerland.Continue Reading European Commission Adopts Adequacy Decision on the EU-U.S. Data Privacy Framework

Inside Global Tech