Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:


Home / News
ITALIAN SUPERVISORY AUTHORITY: Data retention, the Italian DPA asks for reform

ITALIAN SUPERVISORY AUTHORITY: Data retention, the Italian DPA asks for reform

The Italian Personal Data Protection Authority has sent a report to the Parliament and to the Government with which is asking to assess the opportunity of a reform of the discipline of the phone traffic and telematic data storage for justice.

The mentioned purpose by the Authority was necessary after the Judgement of the European Court of Justice of the last 2nd of March (Judgement C-746/18).

This judgement develops and precises an already consolidate address, since the Judgement of the Digital Rights Ireland of the 8th of April 2014 with which the European Court of Justice has declared the illegality of the Directive 2006/24/CE about data retention for having breached the proportionality principle in balancing between data protection and exigences of public security.

A lack of proportionality that in the Italian case has been additionally marked by the Legislation 167/2017 which has extent to six year the deadline of call logs before established to two years, in a year for telematic and in a month for unanswered calls.  And even if personal data recollected shall be acquired only for particularly serious crimes, like those one of District Attorney (organized crime, mafia, terrorism), this brings to the generalized storage of call logs of all the users for six years.

The Authority is inviting the Parliament to reflect on the opportunity of a reform of data retention discipline, capable of differentiate the conditions, limits and storage retention times of phone an telematic traffic base on the seriousness of the crime for which we proceed, and within the maximum compatible period with the proportionality principle, like interpretated by the European Court of Justice.

According to the Authority, it is useful to assess the opportunity to subordinate the acquisition of traffic and telematic data to the authorization of the gip, without prejudice to, in urgent cases, the possibility for the public ministry to provide these with its own decree, which will be validated in the future.

In the view of the different positions already expressed in some subsequent sentences to that one of the European Court of Justice and the exigence to make the legislative framework in compliance to the European discipline, as interpretated by the European Court of Justice, it is advisable – in the opinion of the Authority – an intervention of the legislator which shall clarify, ensure the balance, between investigative exigences and personal data protection, which has been invoked a lot of times by the European jurisprudence.


Recommended to you

Advanced Research