Abstract
This chapter focuses on privacy and data protection in Italy. The first section deals with the general situation regarding privacy and personal data protection. The second section deals with national government policies. The third section deals with laws and regulations. The fourth section deals with implementation. The fifth section deals with regulatory authorities and enforcement.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Judgments No. 348 and 349, 2007.
- 2.
Eurobarometer 431 2015, p. 109.
- 3.
Eurobarometer 431 2015, p. 110.
- 4.
Based on survey results (see Sect. 1.3.4).
- 5.
Garante 2016, p. 5.
- 6.
Garante 2015, p. 4.
- 7.
Garante 2014, p. 3.
- 8.
Garante 2015, p. 228, Table 10.
- 9.
The ‘Cookie law’ was introduced in Italy with the legislative decree 69 of 28/05/2012 and the Measure of the Garante of 8 May 2014 in the implementation of the Directive 2009/136/EC. It requires companies to have in place different data protection measures according to the cookies’ typology when installing such in users’ browsers. The Garante issued a Clarification Note about this procedure on 5 June 2015.
- 10.
Based on survey results (see Sect. 1.3.4).
- 11.
Eurobarometer 431 2015, p. 10.
- 12.
Eurobarometer 431 2015, p. 29.
- 13.
Eurobarometer 431 2015, p. 32.
- 14.
Eurobarometer 431 2015, p. 40.
- 15.
Eurobarometer 431 2015, p. 92.
- 16.
Eurobarometer 431 2015, p. 95.
- 17.
The Code is available in English at the following link:
- 18.
Based on survey results (see Sect. 1.3.4).
- 19.
Based on survey results (see Sect. 1.3.4).
- 20.
Based on survey results (see Sect. 1.3.4).
- 21.
- 22.
For instance, by issuing a handbook on privacy at school and the responsible use of apps and social networks. The full list of information campaigns is available only in Italian language here: http://garanteprivacy.it/web/guest/home/stampa-comunicazione/vademecum-e-campagne-informative.
- 23.
Based on survey results (see Sect. 1.3.4).
- 24.
Garante 2015, Section 23.1, p. 187.
- 25.
Garante 2015, Section 23.1, p. 187.
- 26.
- 27.
BBC 2016.
- 28.
- 29.
Jones and Cinelli 2017.
- 30.
Measure no. 548 of 21 December 2017 by the Garante. http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/7400401.
- 31.
- 32.
Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector, and Regulation (EC) No. 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws, introduced the obligation for Member States to regulate the usage of cookies on users’ devices.
- 33.
Legislative decree No. 69 of 28/05/2012, Article 1.5.
- 34.
- 35.
- 36.
- 37.
- 38.
Garante 2016, Section 13, p. 94.
- 39.
Garante 2016, Section 4, p. 30.
- 40.
Garante 2016, Section 13, p. 95.
- 41.
Garante 2015, Section 11.7, p. 108.
- 42.
Garante 2015, Section 11.7, p. 108.
- 43.
Garante 2016, Section 23.5.2, p. 144.
- 44.
Ponemon Institute 2017.
- 45.
The same formula is used in every notice for public consultation. A full list is available on the Garante website at http://www.garanteprivacy.it/web/guest/home/ricerca?p_p_id=searchportlet_WAR_labcportlet&p_p_lifecycle=0.
- 46.
- 47.
- 48.
- 49.
Based on survey results (see Sect. 1.3.4).
- 50.
An exception thereof are the Annexes A.1, A.2 and A.3, which were introduced with the Italian data protection law preceding the DPCode.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
Based on survey results (see Sect. 1.3.4).
- 58.
The Five Star Movement is a political party founded in 2009 by the former comedian Beppe Grillo and the entrepreneur Gianroberto Casaleggio. For the first time in Italy, candidates for the political election of 2013 were chosen online by the members of the party; the same happened in the following European and local elections. The party used online consultations to expel several members when not complying with its guidelines. Official website: http://www.movimento5stelle.it.
- 59.
- 60.
- 61.
Garante 2016, Section 25.1, p. 168.
- 62.
Based on survey results (see Sect. 1.3.4).
- 63.
Garante 2016, Section 25.3, p. 169.
- 64.
The full text in English is available here: http://194.242.234.211/documents/10160/2012405/Personal+Data+Protection+Code+-+Legislat.+Decree+no.196+of+30+June+2003.pdf.
- 65.
Vecchi and Marchese 2016.
- 66.
- 67.
Based on survey results (see Sect. 1.3.4).
- 68.
Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector, and Regulation (EC) No. 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.
- 69.
Legislative decree No. 69 of 28/05/2012, Articles 2, 3 and 4.
- 70.
- 71.
- 72.
Full text of the Declaration is available at http://www.camera.it/application/xmanager/projects/leg17/commissione_internet/TESTO_ITALIANO_DEFINITVO_2015.pdf.
- 73.
Website of the Special Commission for rights and duties on the Internet http://www.camera.it/leg17/1174.
- 74.
Hermes Center 2017.
- 75.
Frediani 2017.
- 76.
Privacy Italia 2017.
- 77.
- 78.
- 79.
See above under Sect. 9.2.
- 80.
- 81.
A list of the codes of conduct is available on the Garante website at http://www.garanteprivacy.it/home/provvedimenti-normativa/normativa/normativa-italiana. See above under Sect. 9.2.
- 82.
“Decisions” are judgments made in response to different kinds of complaints reported to the Garante (see below under Sect. 9.5). “Guidelines” are general indications given by the Garante in relation to specific kind of processing in order to guarantee a correct application of the principles of the DPCode (a list of the issued guidelines is available at http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1772725).
- 83.
For an example of such decisions see: http://www.garanteprivacy.it/web/guest/home_en/main-decisions.
- 84.
- 85.
Based on survey results (see Sect. 1.3.4).
- 86.
http://garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/3590114.
The full list of the general decisions is available here http://garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/3755203.
- 87.
Based on survey results (see Sect. 1.3.4).
- 88.
- 89.
Based on survey results (see Sect. 1.3.4).
- 90.
Based on survey results (see Sect. 1.3.4).
- 91.
Companies have only recently begun to consider PbD due to the entry into force of Article 25 of the GDPR.
- 92.
Provisions on data and systems security, also containing procedures to follow in case of data breaches.
- 93.
Based on survey results (see Sect. 1.3.4).
- 94.
Technical specifications concerning minimum security measures, http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1557184.
- 95.
Consent Country Report on Italy 2012, p. 4.
- 96.
“Il valore della privacy nell’epoca della personalizzazione dei media” Survey by CENSIS, 7/10/2012, p. 6.
- 97.
Based on survey results (see Sect. 1.3.4).
- 98.
“Il valore della privacy nell’epoca della personalizzazione dei media” Survey by CENSIS, 7/10/2012, p. 10.
- 99.
- 100.
Garante 2016, Section 27.1, p. 184.
- 101.
For instance, the newsletter dated 14 February 2017 concerns the indiscriminate monitoring of employees’ emails and smartphones, telemarketing and electronic passport. The archive of all issued newsletters is available on the Garante website at http://www.garanteprivacy.it/web/guest/home/ricerca?p_p_id=searchportlet_WAR_labcportlet&p_p_lifecycle=0.
- 102.
- 103.
Garante 2016.
- 104.
Garante 2016.
- 105.
Garante 2016.
- 106.
Garante 2016.
- 107.
Garante 2016, p. 197, Table 7.
- 108.
Based on survey results (see Sect. 1.3.4).
- 109.
See above under Sect. 9.1.
References
BBC (2016) Tiziana Cantone: Suicide following years of humiliation online stuns Italy. BBC.com, see http://www.bbc.com/news/world-europe-37380704
Consent Country Report Italy (2012) Consumer sentiment regarding privacy on user generated content (UGC) services in the digital economy. https://www.consent.law.muni.cz/
Eurobarometer Survey 431 (2015) Attitudes on Data Protection and Electronic Identity in the European Union. Brussels, June 2015
Frediani C (2017) Garante privacy Ue: “Sulla protezione dei dati l’Europa è leader”. Lastampa.it. http://www.lastampa.it/2017/11/13/esteri/garante-privacy-ue-sulla-protezione-dei-dati-leuropa-leader-edTINi7G4UzW0KvDtM6emL/pagina.html
Garante (2014) Garante per la Protezione dei Dati Personali, Relazione Annuale (Annual Report) 2014
Garante (2015) Garante per la Protezione dei Dati Personali, Relazione Annuale (Annual Report) 2015
Garante (2016) Garante per la Protezione dei Dati Personali, Relazione Annuale (Annual Report) 2016
Hermes Center (2017) Italy extends data retention to six years. Edri.org, 29 November 2017, https://edri.org/italy-extends-data-retention-to-six-years/
Jones G, Cinelli A (2017) Hacking attacks: a pre-election setback for Italy’s 5-Star Movement. Reuters.com, see https://www.reuters.com/article/us-italy-politics-5star/hacking-attacks-a-pre-election-setback-for-italys-5-star-movement-idUSKBN1CA1TM
Ponemon Institute (2017) Cost of Data Breach Study – Global Overview, IBM Security, https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03130WWEN
Privacy Italia (2017) In vigore la legge che impone la Data Retention a 6 anni. PrivacyItalia.eu. 12 December 2017. See https://www.privacyitalia.eu/vigore-la-legge-impone-la-data-retention-6-anni/5463/
Vecchi D, Marchese M (2016) Chapter 15 – Italy. The Privacy, Data Protection and Cybersecurity Law Review, 3rd edn. Law Business Research
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2019 T.M.C. Asser press and the authors
About this chapter
Cite this chapter
Custers, B., Sears, A.M., Dechesne, F., Georgieva, I., Tani, T., van der Hof, S. (2019). Italy. In: EU Personal Data Protection in Policy and Practice. Information Technology and Law Series, vol 29. T.M.C. Asser Press, The Hague. https://doi.org/10.1007/978-94-6265-282-8_9
Download citation
DOI: https://doi.org/10.1007/978-94-6265-282-8_9
Published:
Publisher Name: T.M.C. Asser Press, The Hague
Print ISBN: 978-94-6265-281-1
Online ISBN: 978-94-6265-282-8
eBook Packages: Law and CriminologyLaw and Criminology (R0)