Privacy Law at Vatican City
Vatican City has established its first comprehensive data protection framework through the General Regulation on the Protection of Personal Data (Decree No. DCLVII), promulgated on April 30, 2024, by the Pontifical Commission for Vatican City State. This regulation is modeled closely on the European Union's General Data Protection Regulation (GDPR) and is set to be in effect for a three-year trial period
Key Features of Vatican City's Data Protection Regulation
1. Scope and Applicability
Territorial Scope The regulation applies within Vatican City State and its extraterritorial areas as defined in Articles 15 and 16 of the Lateran Treat.
Exclusions It does not extend to the Holy See or the Roman Curia, which operate separately from Vatican City Stae
2. Principles of Data Processing
Legitimate Purpose and Consent Personal data processing must be based on legitimate purposes and, where applicable, the explicit consent of the data subjec.
Special Categories of Data Processing of sensitive data, such as racial or ethnic origin, political opinions, or biometric data, is prohibited unless specific conditions are met, including the data subject's consent or necessity for legal obligatios
3. Rights of Data Subjects
Individuals have the right t
Access Obtain information about the processing of their personal dat.
Rectification Request correction of inaccurate or incomplete dat.
Erasure Request deletion of data under certain condition.
Objection and Limitation Object to or restrict processing activitie.
Portability Receive their data in a structured, commonly used forma.
Complaint Lodge a complaint with the Data Protection Officer if they believe their rights have been violatd
4. Data Controller and Responsibilities
Data Controller The Governorate of Vatican City State, represented by the General Secretary, is designated as the data controlle.
Data Protection Officer (DPO) The DPO is the General Councillor of Vatican City State, who operates independently to oversee data protection compliane
Data Processors Entities processing data on behalf of the controller are required to implement appropriate security measures and comply with the regulatin
5. Security and Compliance
Security Measures The regulation mandates the implementation of technical and organizational measures to ensure the confidentiality, integrity, and availability of personal daa
Transparency Data subjects must be informed about the processing activities at the time of data collection or within a reasonable period thereaftr
✅ Summary Table
| Aspect | Details | |--------------------------|--------------------------------------------------------------------------------------------------| | Primary Legislation | General Regulation on the Protection of Personal Data (Decree No. DCLVII) | | Regulatory Authority | Pontifical Commission for Vatican City State; Data Protection Officer: General Councillor | | Territorial Scope | Vatican City State and its extraterritorial areas | | Exclusions | Holy See and Roman Curia | | Key Rights | Access, Rectification, Erasure, Objection, Limitation, Portability, Complaint | | Data Controller | Governorate of Vatican City State | | Data Protection Officer | General Councillor of Vatican City State | | Security Measures | Mandated technical and organizational measures to ensure data protection |
RELATED Blog
0 comments