The Law Decree regarding “Prime disposizioni urgenti per l’economia” (Urgent First measures for the Economy), also called “Decreto-Sviluppo” (Development Decree), which was published in the Official Journal on May 13 and which led to much discussion of provisions concerning beach concessions, also contains several relevant amendments to the Privacy Code.
This Law Decree must be approved by parliament within 60 days of publication in the Official Gazzette, before it can be changed.
The following is a brief summary of the main changes:
Data regarding public and private bodies
The new art. 3-bis states that the processing of data regarding public and private bodies
in communications between such bodies and for administration and accountancy purposes is no longer subject to the application of the Privacy Code. So, this exemption will not include all data regarding private or public bodies but only data that matches all of the following criteria:
1) data concerning private or public bodies.
2) data used for communications between these bodies
3) data used for administrative and accountancy purposes
Therefore, as an example, invoicing data shared by companies for administrative purposes.
We would like to underline that EU Directive 46/95/EC applies only to data regarding individual persons and that in 1996 the Italian legislator made a different choice.
CVs of job seekers
CVs sent of their own free will by job seekers would no longer need to be given the information by data controllers. The information even in an unwritten form will only be required on the occasion of a first contact after CVs have been sent. In such cases, the consent of CVs senders would be no longer necessary, even if the CVs contained sensitive data.
Consent in relationships between companies
The consent to data communications between companies (in specific areas) for administrative and accountancy purposes will no longer be necessary.
Security measures
Data controllers who handle as sensitive and judiciary data only that regarding their employees and collaborators and their partners and relatives will no longer be obliged to compile the document which is a particular security measure provided for by Italian law. Instead, they can present self-certification.
However we must bear in mind that self-certification also involves relevant consequences regarding responsibility according to the Criminal Code.
The Italian Privacy Authority could further simplify matters on the issue of security.
Administrative accountancy aims are precisely defined in new art. 34, sub. 1 ter.
Unwanted marketing communications
In the same way as for marketing calls, consent will no longer be necessary and the opt-out system with its register of opposition will also be extended to ordinary mail communications.
Add comment