Data protection and privacy—Italy—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Data protection and privacy—Italy—Q&A guide
  • 1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?
  • 2. Which authority is responsible for overseeing the data protection law? Describe the investigative powers of the authority.
  • 3. Are there legal obligations on the data protection authority to cooperate with other data protection authorities, or is there a mechanism to resolve different approaches?
  • 4. Can breaches of data protection law lead to administrative sanctions or orders, or criminal penalties? How would such breaches be handled?
  • 5. Does the data protection law cover all sectors and types of organisation or are some areas of activity outside its scope?
  • 6. Does the data protection law cover interception of communications, electronic marketing or monitoring and surveillance of individuals? If not, list other relevant laws in this regard.
  • 7. Identify any further laws or regulations that provide specific data protection rules for related areas.
  • 8. What forms of PII are covered by the law?
  • 9. Is the reach of the law limited to PII owners and processors of PII established or operating in the jurisdiction?
  • More...

Data protection and privacy—Italy—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to data protection and privacy in Italy published as part of the Lexology Getting the Deal Through series by Law Business Research (published: July 2020).

Authors: ICT Legal Consulting—Paolo Balboni; Luca Bolognini; Davide Baldini

1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?

The primary legislation governing the processing of personal data by private entities and public institutions in Italy is the EU General Data Protection Regulation (GDPR) (2016/679). Specific rules for privacy in the electronic communications sector are contained in EU Directive 2002/58/EC. Specific Italian legislation on data protection is set forth in the Personal Data Protection Code (Legislative Decree 196/2003), which implements EU Directive 2002/58/EC and has been largely amended by Legislative Decree 101/2018 in order to align its content with the GDPR.

EU Directive 2016/680 specifically regulates the processing of personal data by public authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. It has been implemented in Italy by Legislative Decree 51/2018.

Additional sector-specific guidance is set out in the

Popular documents