Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


I. Legal Framework

Data protection framework

The Act on Collection, Elaboration and Use of Computerized Personal Data was enacted in 1983 and amended in 1995.1 The Act applies to any computerized filing system or data bank, both private and public. It prohibits the collection of personal and confidential data through fraudulent, illegal or unfair means. It requires that information is accurate, relevant and complete. Any individual is entitled both to inquire whether his or her personal data have been collected or processed, to obtain a copy, and to require that inaccurate, outdated, incomplete, or ambiguous data, or data whose collection, processing, transmission, or preservation is forbidden, be rectified, integrated, clarified, updated, or canceled. The creation of a data bank requires the prior authorization of both the State Congress (the Government) and the Guarantor for the Safeguard of Confidential and Personal Data. There are additional rules for sensitive information. Infringements can be punished by means of administrative sanctions or penalties. There were a number of Regency's Decrees issued under the 1983 Act that remained in force after the 1995 revisions.2 The Regulation on Statistical Data Collection and Public Competence in Data Processing3 regulates data processing within the Public Administration.

The Guarantor enforces the Act for the Safeguard of Confidential and Personal Data, and is a judge of the Administrative Court. The Guarantor can examine any claim or petition relating to the application of the above-mentioned law and pass judgment whenever the confidentiality of personal data is violated. His judgment can be appealed to a higher court. The release of information to other countries is conditioned on the prior authorization of the Guarantor, who must verify that the country to which confidential information is being transmitted ensures the same level of protection of personal data as that established in Sammarinese legislation.

Under pressure from the Organization for Economic Cooperation and Development (OECD), San Marino has agreed to amend its tax laws and, if necessary, weaken financial privacy standards, in order to facilitate better "exchange of information in tax matters."4 San Marino continues to conduct a complete overhaul of its financial sector regulations. In 2006, it signed the Council of Europe Convention on the Prevention of Terrorism and the Council of Europe Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism. In June 2007, San Marino began holding bilateral talks with governments and central banks in Italy and other European Union countries that will allow it to sell financial products abroad and let its 12 banks open branches outside the tiny state.5


  • 1. Regulating the Computerized Collection of Personal Data, Law No. 70 of May 23, 1995; revising Law No. 27 of March 1, 1983, amended by Law No. 70/95.
  • 2. Decree No. 7 of March 13, 1984, Establishment of a State Data Bank as Provided for by Article 5 of Law No. 27 of March 1, 1983; Decree No. 7 of June 3, 1986, Integration to Decree No. 7 of March 13, 1984, Establishing a State Data Bank; Decree No. 140 of November 26, 1987, Procedures for the Establishment of Private Data Banks.
  • 3. Regulation on Statistical Data Collection and Public Competence in Data Processing, Law No. 71 of May 23, 1995.
  • 4. "The War on Tax Havens," The National Post, September 4, 2001.
  • 5.