There are two laws covering data protection: Law n. 71 of 1995, regulating the collection of statistical data and attributions in public information technology matters, and Law n. 70 of 1995 reforming Law n. 27 of 1 March 1983 and regulating the computerised collection of personal data, with its related Delegated Decree no. 75 of 2014 on data processed in the video surveillance system. Law n. 70 of 1995 applies to any IT applications by the State, public bodies or natural or legal persons, entailing the setting up or the use of magnetic or automated files containing names or other data which can easily identify legal persons. The Law protects both individuals and legal entities that have the right to know, challenge, rectify their data, electronically collected and processed. The setting up and use of databases are subject to the prior authorisation of the competent bodies under San Marino legislation. Social or cultural associations intending to collect, process or use personal data for their purposes are required to inform the Guarantor (an administrative judge).
The Guarantor will measure the impact of scientific progress on human rights and dignity and, if necessary, set forth rules and fix limitations in order to protect computerised data from unauthorised use. Many of the functions attributed to the Guarantor are not easy to fulfil due to the lack of instruments provided for by law which are not yet implemented. Besides giving a mandatory opinion in respect of authorisation requests from private databases, the Guarantor shall also ascertain that both public and private databases comply with legal provisions; grant access to databases; examine complaints and, in case of infringement, report to the judicial authorities; give opinions with regard to decrees and regulations implementing the legislation in force; authorise the dissemination of data to third parties.