Editorial Director: Giusella Finocchiaro
Web Content Manager: Giulia Giapponesi

posted by Giusella Finocchiaro on aprile 29, 2014


(No comments)

Google has paid a one million euro fine levied by the Italian Data Protection Authority for its Street View service. Although the fine was imposed on the18th December 2013, its enactment has only recently been made public.

The disputed facts date from 2010 when the D.P.A. intervened after numerous reports from people complaining of being photographed without their consent by Google Street View cars.

In fact, at that time Mountain View cars were operating around Italy without being readily identifiable and as a consequence people in the places covered had no say in deciding whether to avoid being photographed or not.

On the 15th October 2010 the D.P.A. ordered Google to make its cars easily identifiable by using clearly marked signs or stickers and in addition three days before the start of shooting to publish on its website a list of the places visited by the Google cars and also the parts of the big cities which would be covered by them.

The D.P.A. additionally ordered that the same announcement should be published by Google in at least two local newspapers and that the information contained should also be broadcast by at least one radio station in each region visited.

These measures were promptly adopted by Google.

The sanctioning procedure has now been concluded with the issue of an order of injunction in which the D.P.A. has imposed a one million euro fine. The sum was determined on the basis that the data unlawfully collected was destined for such a sizable and significantly important database as the Street View service.

In establishing the sum, the D.P.A. has opted to use the regulation terms of the privacy Code which aims to make fines sanctions effective when levied on large-sized enterprises.

It would appear that Google has already paid the fine.

posted by admin on febbraio 21, 2012


(No comments)

Law Decree no. 5 of the 9th of February 2012 has been published in the Italian Official Journal (no.33, February 9, 2012).

The decree which is effective from February 10 provides for the abolition of the security policy document.

As previously highlighted on this blog, although an easing of requirements for entities that process personal data has been provided, this does not mean that there are no obligations relating to the adoption of minimum safety measures.

However, the programming of the security policy document may still be an instrument which, although no longer obligatory, may be useful in a civil trial to cover any claims for damages in cases of data breach in violation of the law for the protection of personal data.

In addition, art. 21, section 1 bis of the Privacy Code provides for the introduction of a provision on judicial data, the treatment of which is permitted if carried out in accordance with provisions for the prevention of the phenomenon of organized crime concluded with the Italian Interior Ministry or its branch offices which may specify the type of data used and what can be done with it.



posted by Beatrice Succi on gennaio 13, 2012


(No comments)

As previously announced, the Italian Law of 22nd December 2011, No 214 on “Conversion, with amendments, of Decree Law of 6th December 2011, No 201 “(also known as the Monti Economic Measures ) was published in the Ordinary Supplement No 276 of Official Gazette No. 300 of December 27th, 2011.

The law, which came into force on the 28th of December, 2011, introduces the forecasted revolution of the Italian Privacy Code.

It should be noted that the conversion law has not led to further changes to the Privacy Code except for those already contained in the Decree Law of 6th December 2011.

In order to simplify compliance regarding privacy, the changes have effectively eliminated the right to protection of personal data for private and public bodies in Italy.

The following are the details of the changes to the regulations on personal data protection.

In Art. 4, paragraph 1, lett. b) of the Civil Code the notion of “personal data” is drastically reduced. All reference to private and public bodies or associations has disappeared from the definition and it has also been excluded from the category of “interested party”, referred to in subparagraph i).

In other words, only information relating to natural persons is now protected and only natural persons can exercise their rights under Art. 7, such as, for example, the right to find out the source of their personal data, to request their being updated, their rectification, their cancellation or to oppose their processing for commercial or advertising purposes.

In line with the rationale of these changes, the Monti measures also delete the last sentence of Art. 9, paragraph 4, of the Privacy Code, which set out the details of how to identify the natural person entitled to exercise the above rights on behalf of private bodies, public bodies or associations

Paragraph 3 bis of art. 5, has also been deleted even though it was only introduced a few months ago by the so-called “Development Decree” and which excluded from the application of the privacy Code the processing of data carried out by companies, organizations or associations for administrative and accounting purposes.

Letter h) of Art. 43 concerning the transfer of data of legal persons abroad has also been deleted.

In any case, the significant innovations provided for by Law 214 of 2011 do not affect obligations which companies processing personal data relating to individuals must comply with.

It is likely that this “liberalization” of the use of company data will benefit advertising activities targeted at companies and a clarifying comment by the Authority for the protection of personal data on this matter is not to be excluded.


posted by admin on dicembre 12, 2011


(No comments)

Among the various provisions of the Monti government’s new economic measures (Law Decree no.201 of December 6, 2011) published in Official Gazette no. 284 of December 6, 2011, we find the introduction of a radical change to the Italian Privacy Code (Legislative Decree 196 of June 30, 2003).

In order to reduce the administrative burden on companies, by amending Article 4, paragraph 1, letter b) of the Privacy Code, Art.40, paragraph 2 excludes from the definition of personal data all information relating to private and public bodies or associations.

As a result of this exclusion the measures also include an amendment to Art. 4, paragraph 1, letter i) which defines who should be considered “an interested party” by the treatment of the data, namely the individual to whom the personal data refers. Whereas previously private and public bodies or associations could be “interested parties”, only natural persons are considered as “interested parties” with the current amendment.

Therefore this revolutionary provision limits the privacy protection of private and public bodies whose data can now be processed without having to obtain permission and restricts the right to data protection only to natural persons.

Alongside these significant changes, Monti’s measure also deletes the last sentence of Art. 9, paragraph 4 of the privacy Code, which detailed how to identify the natural person entitled to exercise rights on behalf of private bodies, public bodies or associations, paragraph 3-bis of art. 5, which excluded from the application of the Privacy Code the processing of data regarding public and private bodies and associations in communications between said bodies for administration and accountancy purposes, and finally also letter h) of paragraph 1 of article. 43 concerning the processing of data of private bodies, public bodies or associations when transferred abroad.

  • Recent comments

  • Popular posts

    • None found