The Italian Constitution, adopted in 1948, has several limited provisions relating to privacy.[1579] Article 14 states, "(1) Personal domicile is inviolable. (2) Inspection and search may not be carried out save in cases and in the manner laid down by law in conformity with guarantees prescribed for safeguarding personal freedom. (3) Special laws regulate verifications and inspections for reasons of public health and safety, or for economic and fiscal purposes." Article 15 states, "(1) The liberty and secrecy of correspondence and of every form of communication are inviolable. (2) Limitations upon them may only be enforced by decision, for which motives must be given, of the judicial authorities with the guarantees laid down by law."[1580]
The Italian Data Protection Act was enacted in 1996 after twenty years of debate.[1581] The purpose of the Act is to fully implement the European Union Data Protection Directive. It covers both electronic and manual files, for both government agencies and the private sector. In addition to the Act, both the legislature and president have issued decrees relating to data protection. These decrees address issues such as security requirements,[1582] the processing of medical information,[1583] the processing of information for journalistic,[1584] scientific or research purposes,[1585] and personal data held by public bodies.[1586] A Milan court ruled in September 1999, that the Data Protection Act is only concerned with controling the processing of personal information and is not a general privacy act.
The Italian Data Protection Act is enforced by the Supervisory Authority (Garante) for Personal Data Protection.[1587] The Garante maintains a register of databases, conducts audits and enforces the laws. The Garante can also audit databanks not under its jurisdiction, such as those relating to intelligence activities. The decree on the internal organization of the Garante was published in the Official Journal on February 1, 1999.[1588] The decree establishes the procedures for keeping the Register of Data Processes and access to the register by citizens, investigations, registrations and inspections. As of June 2002, the Garante had 69 staff persons.[1589]
The Garante dictates the direction for the implementation of data protection in Italy. In October 1998, the Garante decided that phone companies need not mask the phone numbers on bills and that phone companies should allow for anonymous phone cards to protect privacy. Between December 2000 and February 2001, the Garante made several declarations on privacy issues, including: employees are entitled to access information about them included in evaluation reports drafted by their employers;[1590] political associations can not collect e-mail addresses from the Internet to send unsolicited political messages;[1591] regulating the processing operations of the Italian armed forces corps; finding the Carabinieri failed to comply with the Data Protection Law;[1592] the personal information on identification badges worn by employees who are in regular contact with the public should be relevant and not excessive to the purpose;[1593] banks cannot take fingerprint scans of those entering the premises since is out of all proportion to their security needs;[1594] in insurance liability cases, the personal data in medical expert opinions must be accessible to the data subject but may be temporarily deferred in order not to affect the outcome of the investigation.[1595]
The Garante carries out several different functions with regards to data protection. For example, in 2001, the Garante issued a Code of Conduct and Ethics Regarding the Processing of Personal Data for Historical Purposes, including guidelines on the protection of personal data in electric activities such as campaign literature and elections.[1596] In 2002, the Garante released a report on the treatment of personal data obtained through general video surveillance.[1597] The report sets forth concerns related to such surveillance, and addresses the obligations of a data collector to protect information and the rights of those whose person are observed.[1598] In 2003, the Garante launched a public information television campaign to inform the public of their rights with regards to the collection of personal data.[1599] In the same year, the Garante began work on a do-not-call scheme to deter unwanted marketing calls.[1600] In addition, nearly every year the Garante hosts a conference in Rome. Varies topics have ranged from human genetics to the future of privacy.[1601]
Wiretapping is regulated by articles 266-271 of the penal procedure code and may only be authorized in the case of legal proceedings.[1602] Government interceptions of telephone and all other forms of communications must be approved by a court order. They are granted for crimes punishable by life imprisonment or imprisonment for more than five years; for crimes against the administration punishable by no less than five year imprisonment; for crimes involving the trafficking of drugs, arms, explosives, and contraband; and for insults, threats, abusive activity and harassment carried out over the telephone. The law on computer crime includes penalties on interception of electronic communications.[1603] Interception orders are granted for 15 days at a time and can be extended for the same length of time by a judge. The judge also monitors procedures for storing recordings and transcripts. Any recordings or transcripts that are not used must be destroyed. The conversations of religious ministers, lawyers, doctors or others subject to professional confidentiality rules can not be intercepted. There are more lenient procedures for anti-Mafia cases. Some 44,000 orders were approved in 1996, up from 15,000 in 1992.[1604] A June report indicated that Rome, by itself, had nearly 13,000 wiretaps over the period of a year.[1605]
In October 2001, the Italian Parliament passed a decree (no. 374/2001, converted into Act no. 438/2001) in which the offense of criminal association for purposes of terrorism was re-defined; however, the blanket surveillance of communications by law enforcement bodies was expressly ruled out. Telephone tapping and electronic surveillance were facilitated, only with the authorization and under the supervision of judicial authorities and only with regard to very serious offences. Additional safeguards apply to the use of investigational findings and the prohibition to disclose such findings. On January 7, 2003, Giuseppe Pisanu, the Italian Interior Minister, went before parliament to address terrorism concerns.[1606] His testimony was supplement by a "report in which he warned of a growing climate of 'widespread political illegality' which must be monitored and combated."[1607]
Italy also has several laws relating to workplace surveillance,[1608] statistical information, and electronic files and digital signatures.[1609] For example, the Workers Charter prohibits employers from investigating the political, religious or trade union opinions of their workers, and in general on any matter which is irrelevant for the purposes of assessing their professional skills and aptitudes.[1610] The 1993 computer crime law prohibits unlawfully using a computer system and intercepting computer communications.[1611]
In October 2000, medical researchers from the International Institute of Genetics and Biophysics opened a "genetic park" in Southern Italy. The inhabitants of ten remote villages will be part of an elaborate experiment to identify the causes of diseases such as Alzheimer's, asthma, cancer and hypertension. Over the next two years the researchers plan to build a database combining the church records, medical histories, blood and DNA samples of the inhabitants.[1612]
The Italian authorities quieted arousing speech on various occasions in 2002. Prompted by the Catholic Church, Italian officials seized local Web sites that portrayed religious figures alongside sexual imagery and harsh language.[1613] Officials asserted justification based on the illegality of blasphemy in Italy and because such depictions "offended the 'dignity of the people.'"[1614] Later in the year, a group of activists were arrested for forming a "subversive association."[1615] According to a report, the protestors were "accused of political conspiracy by association aimed at disrupting the exercise of government...by '[organizing] and provoking clashes between numerous demonstrators and the police to make public order unmanageable,' and of continuous distribution of subversive propaganda, sometimes using Internet, to 'violently subvert the economic order of the State.'"[1616] The activists were ultimately released, but remained under investigation.[1617]
Recently, some Italian fashion retailers have begun, or expressed intentions to begin, attaching radio frequency identification (RFID) tags to clothing in order to keep tabs on store inventory.[1618] Another benefit, according to the proponents of RFID, is that "[t]he technology creates a seamless shopping experience designed to enhance customer relationships."[1619] According to opponents, "the transmitter would let the retailer identify and track customers," and "sensors hidden in the retailer's clothing could be used to create a global surveillance network."[1620] Against a backlash of negative publicity to United Colors of Benetton's announcement that it would begun to implement RFID, the clothing retailer quickly issued a reassurance to customers that no RFID technology was currently incorporated into their clothing line, though they reserved the right to implement it at any time.[1621]
Also in 2003, Italy's market for counterfeit products[1622] was shaken when the state enacted stronger regulations on anti-piracy.[1623] The new anti-piracy act applies to music and film, offering wider protection for copyrighted works and subjecting offenders to greater punishments for violation of the act. While the act was still in its proposal stage, the Italian Associazione Software Libero started an on-line petition against the legislation.[1624] The Italian police, authorized by the legislation, have begun "combing through the e-mail accounts of thousands of Italians they suspect of having downloaded music and films to swap on the Internet."[1625]
Italy is a member of several organizations which influence the country's treatment of privacy and personal data. Most notably, Italy is part of the European Union[1626] and the Council of Europe.[1627] Italy signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data.[1628] In addition, Italy ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms[1629] and signed the Council of Europe's Convention for Cyber-crime.[1630] Italy is a member of the Organization for Economic Cooperation and Development and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.