Privacy Law at Italy Privacy Law at Italy
Italy's data protection framework is primarily governed by the General Data Protection Regulation (GDPR) of the European Union, complemented by national legislation and enforced by the Garante per la protezione dei dati personali (Italian Data Protection Authority).
🇮🇹 Legal Framework
General Data Protection Regulation (GDPR) As an EU member state, Italy enforces the GDPR, which sets guidelines for the collection and processing of personal information within the E.
Personal Data Protection Code (Legislative Decree No. 196/2003) This national law, amended by Legislative Decree No. 101/2018, aligns Italian law with the GDPR and provides specific provisions for data processing in various sectors, including healthcare, education, and employmen.
🛡️ Supervisory Authorit
The Garante per la protezione dei dati personali is the independent authority responsible for overseeing data protection in Itay Established in 1997, the Garante ensures compliance with data protection laws, handles complaints, and can impose sanctions for violatios.
⚖️ Enforcement and Sanction
The Garante has significant enforcement powers, includig:
*Investigative Powers: The authority can order data controllers and processors to provide information, conduct audits, and access personal data and processing facilitis.
*Corrective Powers: It can issue warnings, reprimands, impose temporary or permanent bans on data processing, withdraw certifications, and impose administrative fins.
*Criminal Sanctions: Italian law also provides for criminal penalties for serious violations, such as unlawful processing of sensitive data or international data transfers without adequate safeguars.
As of January 2023, the Garante had issued over 340 enforcement actions, amounting to more than €145 million in sanctions, making it one of the most active supervisory authorities in the U
📌 Recent Developments
*OpenAI Fine: In December 2024, the Garante fined OpenAI €15 million for processing users' personal data without sufficient legal basis and violating transparency obligations under the GPR.
*DeepSeek Inquiry: In January 2025, the Garante ordered Chinese AI startup DeepSeek to cease operations in Italy due to inadequate data protection measue. The company failed to provide sufficient information about its data collection practices and claimed it was not subject to Italian jurisdicton.
RELATED Blog
0 comments