Editorial Director: Giusella Finocchiaro
Web Content Manager: Giulia Giapponesi

In a piece published on the 15th April 2017 in the Quotidiano Nazionale (a daily which features articles from three Italian newspapers, Il Resto del Carlino, Il Giorno and La Nazione), Giusella Finocchiaro offered her thoughts on data protection and minors.

“Can children and adolescents sign up to Facebook or other social network accounts?

If being of age is a legal requirement for concluding a contract, then, why should it not be the case for signing up to a social network account? What is the age required for giving valid consent to the processing of personal data? Under Facebook regulations it is 13 years of age and under Italian law it is 18.

Then, why are so many Italian children and adolescents signed up to social networks? The answer is simple: according to the majority of subscription contracts, it is not Italian law which is applicable but the law governing the social network, which means, in the case of Facebook, the law of the United States of America and of the State of California.

Which law takes precedence? This is the most classical legal problem on the Internet, namely, determining which law is applicable and the jurisdiction. The new European Regulation n. 2016/679 on the Protection of Personal Data, which represents the new European law on data protection and is directly applicable from 25th May 2018, solves the problem with a partial compromise. It provides that European law takes precedence and that 16 is the minimum age to sign up (with an option for each Member State to set a lower age, provided that it is not below 13 years). Where the child is below the age of 16, parental consent is given or authorised.

According to certain recent Italian decisions in similar cases (the posting of pictures of their own children on social networks), the consent of both parents is needed. It is clear that it will not be very difficult to get round this provision. However, as the European Regulation provides for, it is the social network itself which will need to keep a check on things, by using available technology”.



posted by admin on novembre 15, 2016

computer crimes

(No comments)

This is a summary of the interview given by Prof. Giusella Finocchiaro to Vanity Fair, in which she was invited to explain certain legal aspects underlying some particular recent news items regarding online privacy.

Social media allow a choice of the level of visibility for each post published, however for uses such as that of videos illegally circulated online judicial measures are required. Giusella Finocchiaro, the first attorney at law in Italy to teach Internet law, explains how.

Two cases recently appeared in the news in the space of just 24 hours. Firstly, the suicide of a 31-year-old woman, whose hard core videotape had been circulating illegally on the web for more than a year and the case of a 17-year-old girl, whose girl friends recorded and posted a video of her while she was being raped in a disco. Both of these cases raise the question of what the limits of privacy on the Internet are. The head of the Italian Data Protection Authority, Antonello Soro, spoke of « the risk of being pilloried that the Net exposes us to, given the lack of adequate user awareness of the nature of its unlimited space and of the damaging effects that violent communication or the ferocity of ruthless mockery on the part of others may cause».

Lack of legislation was not in question Soro did not speak of a lack of legislation but rather of the need for «appropriate response procedures on the part of the different platforms» and also of another fundamental need: namely «to cultivate respect among people on the Internet». Investment in digital education is fundamental also according to Giusella Finocchiaro, (attorney at law and Professor of Private and Internet law at the University of Bologna, the first chair for this subject in Italy, as laws exist and the legal course followed by Tiziana Cantone (the woman who committed suicide) was the correct one, but timescales remain lengthy and not all people know how to protect themselves.



posted by Giusella Finocchiaro on maggio 20, 2011


(No comments)

The Law Decree regarding “Prime disposizioni urgenti per l’economia” (Urgent First measures for the Economy), also called “Decreto-Sviluppo” (Development Decree), which was published in the Official Journal on May 13 and which led to much discussion of provisions concerning beach concessions, also contains several relevant amendments to the Privacy Code.

This Law Decree must be approved by parliament within 60 days of publication in the Official Gazzette, before it can be changed.

The following is a brief summary of the main changes:



Data regarding public and private bodies

The new art. 3-bis states that the processing of data regarding public and private bodies

in communications between such bodies and for administration and accountancy purposes is no longer subject to the application of the Privacy Code. So, this exemption will not include all data regarding private or public bodies but only data that matches all of the following criteria:

1) data concerning private or public bodies.

2) data used for communications between these bodies

3) data used for administrative and accountancy purposes

Therefore, as an example, invoicing data shared by companies for administrative purposes.

We would like to underline that EU Directive 46/95/EC applies only to data regarding individual persons and that in 1996 the Italian legislator made a different choice.



CVs of job seekers

CVs sent of their own free will by job seekers would no longer need to be given the information by data controllers. The information even in an unwritten form will only be required on the occasion of a first contact after CVs have been sent. In such cases, the consent of CVs senders would be no longer necessary, even if the CVs contained sensitive data.



Consent in relationships between companies

The consent to data communications between companies (in specific areas) for administrative and accountancy purposes will no longer be necessary.



Security measures

Data controllers who handle as sensitive and judiciary data only that regarding their employees and collaborators and their partners and relatives will no longer be obliged to compile the document which is a particular security measure provided for by Italian law. Instead, they can present self-certification.

However we must bear in mind that self-certification also involves relevant consequences regarding responsibility according to the Criminal Code.

The Italian Privacy Authority could further simplify matters on the issue of security.

Administrative accountancy aims are precisely defined in new art. 34, sub. 1 ter.


Unwanted marketing communications

In the same way as for marketing calls, consent will no longer be necessary and the opt-out system with its register of opposition will also be extended to ordinary mail communications.



posted by admin on gennaio 2, 2011


(No comments)

Law & the Internet, the international version of the Finocchiaro Law Firm’s blog is now available.

Our new venture aims to offer an update about Italian laws dealing with the Internet and new technologies to everyone who wishes to keep up with these developments in English. The need for our new English language blog is a natural consequence of a considerable increase in activity on the international scene by Giusella Finocchiaro and her law firm.

The most frequently debated topics on the new blog will be: Privacy, Data Protection, Electronic Commerce, Electronic Signatures and Intellectual Property Rights.

Law & the Internet is one of the first extensive sources of information in English on Internet law in Italy.

The Finocchiaro Law Firm aims to offer new source materials through this new service in order to make its own personal contribution to the international debate in this field.


  • Recent comments

  • Popular posts

    • None found