The first Italian law specifically oriented to the protection of personal data is n. 675/1996, adopted to implement Directive 95/46/ EC. Article 1 of the law states that “[…] the processing of personal data is carried out in compliance with the rights, fundamental freedoms, as well as the dignity of individuals, with particular reference to confidentiality and personal identity; it also guarantees the rights of individuals and any other body or association”. The law itself also established the Personal Data Protection Authority (Garante per la protezione dei dati personali), an independent administrative authority that verifies compliance with the law of personal data processing, examines complaints, suspends and prohibits data processing that violates the relevant regulations, and imposes corrective sanctions. The European directives and indications from 1996 to 2003 were implemented with Legislative Decree no. 196/2003 containing the “Code regarding the protection of personal data”, also known as the Privacy Code, profoundly modified by Legislative Decree no. 101/2018 to adapt it to the provisions of regulation (EU) 2016/679 concerning the protection of individuals with regard to personal data processing, as well as the free circulation of such data (so-called GDPR). To date, therefore, the legislation on the protection of personal data applicable in Italy results from the set of directly applicable provisions of GDPR and from the provisions of the Privacy Code, as reformed by Legislative Decree no. 101/2018. In particular, the first part of the Code is almost entirely replaced by the European Regulation provisions.
With regards to public administrations, the principle of public access to records and documents is in force, which means that they are fully accessible by interested parties (and today by citizens in general). It is accompanied by the transparency principle, which, since 2016, has been understood as granting “total accessibility” to data and documents managed by public administrations, on the model of the Freedom of Information Act (FOIA). The Digital Administration Code (CAD), introduced in 2005 and amended several times, also contains important provisions; it governs, among many other things, the accessibility and encryption of data and information between public administrations, and between them and citizens and businesses, the interoperability and cooperation (i.e. the possibility of making different information systems communicate with each other for the purpose of exchanging data and services by attributing univocal meanings to the information) and the legal regime of the data held by public administrations, which must be made available in an open format and must be accessible and reusable by other administrations, citizens and businesses.
Comments are closed.