Search Menu

Changes to Italian Data Protection legislation introduced by Law Decree no. 201/2011

“The criminal liability of an editor of a weekly on-line magazine”

Those who use false petrol receipts for the purpose of avoiding taxes commit the offence of making a fraudulent declaration with false documents fraudolenta utilizzando documenti falsi chi utilizzi schede carburante false al fine di evadere il fisco

Dark Light

Article 40, paragraph 2 of Law-Decree no. 201/2011, converted by Law no. 214 dated December 22 2011, has introduced important new data protection provisions.

The Law-Decree has, in fact, amended article 4 of Legislative Decree no. 196/2003 (the so-called Italian Data Protection Code), excluding from the definition of “personal data” contained therein the personal data of legal persons, bodies and associations (who are also excluded from the definition of  “data subjects” to which the Code grants – in connection with the processing of personal data – a series of rights such as, for example, data subjects’ right to receive data notices, to give their consent to the processing of personal data, etc.).

The aforementioned Law-Decree has also amended article 5, paragraph 3 bis, article 9, paragraph 4, and article 43, paragraph 1, letter h) of Legislative Decree no. 196/2003, cancelling any reference whatsoever to the aforementioned categories of data subjects.

The amendment provided for under article 40, paragraph 2 has, in fact, the sole purpose of cutting down the amount of bureaucratic formalities that businesses have to deal with (which means that the application of the provisions contained in the Italian Data Protection Code –   including the administrative and criminal sanctions provided for thereunder – has been limited to the processing of natural persons’ personal data).

It is essential, therefore, that, from now on, data controllers and/or data processors check the type of data which is being processed since the provisions contained in the Data Protection Code will only be applicable in the event that such data belongs to natural persons.

While we wait for the Italian Data Protection Authority (the Garante Privacy) to take a stance on this issue and/or for official interpretations of the aforementioned amendments to be issued, the inclusion of professionals and sole traders in the definition of natural persons would seem to be a coherent choice.

It must also be pointed out that the aforementioned amendments come in the wake of recent European data protection legislation dealing with the protection of natural persons and are coherent with the original legislative framework contained in Directive 95/46/EC (on the protection of “natural persons, with reference to the processing of their personal data, as well as the free circulation thereof “).

Article 2 of Directive 95/46/EC restricted, in fact, the scope of the protection afforded by such Directive to natural persons’ private data, leaving unaffected  (recital 24) the provisions governing the protection of legal persons’ personal data.

Both Law 675/1996 (which implemented Directive 95/46/EC) and Legislative Decree 196/2003 (in the version prior to the introduction of the amendments contained in Law-Decree no. 201/2011) had availed themselves of the reserve clause contained in the Directive and extended to legal persons, bodies and associations the protection already afforded to natural persons.

Leave a Reply

Your email address will not be published. Required fields are marked *


Related Posts


Avvocato, vuole gestire tutta la sua professione con un'App?....