On July 10, 2018, the Italian Data Protection Authority (DPA), the Garante per la Protezione dei Dati Personali, issued the annual report on its activity for 2017.
The English version of the report is not yet available. However, we extracted some numbers for you from the Italian text. Overall, there is a decrease in the number of notified administrative violations compared to 2016, but the amount of fines imposed in 2017 is higher.
In 2017, the Italian DPA adopted 573 decisions (561 were adopted in 2016). It answered 5,819 claims and reports (4,633 were answered in 2016) concerning phone marketing – constantly increasing – consumer credit, video surveillance, providers of public services, credit recovery, financial and banking sector, insurances, public and private employers, public administration, health and welfare.
The Italian DPA decided pretty much the same amount of formal complaints (276 in 2017 and 277 in 2016), which mainly concerned the publishing sector (including TVs), banking and financial companies, public and private employers, public administrations, phone services and marketing.
The Commissioners’ panel rendered a similar number of opinions to the Italian Government and Parliament (19 in 2017, 20 in 2016), which concerned: police and national security activities, health data, taxation agencies.
There is one figure that decreased in 2017: the number of administrative violations. The Italian DPA notified a third of the administrative violations it did in 2016. Particularly, in 2017, the Italian DPA notified 589 administrative violations (compared to around 2,300 in 2016) in which a considerable portion concerned failure to obtain consent to the processing, diffusion of data by the public administration, telemarketing, lack of or inadequate privacy notice, lack of security measures. The high number of violation reported in 2016 concerned a failure to report a data breach.
The administrative fines by the DPA grew again in 2017 by 15%. They totaled about €3,776,694 after they had decreased to €3,300,000 in 2016.
275 on-the-spot inspections were carried out in the private and public sector, partly in collaboration with the Privacy Squad of the Financial Police (Guardia di finanza).
The inspections involved many sensitive sectors, both in the public and private sectors. As far as the private sector is concerned, the inspections mainly concerned the processing of data by companies operating in the “sharing economy”, from home sales companies, companies operating in the field of credit intermediation or debt collection, personnel selection or commercial information. The inspections also aimed at assessing the use of geolocation systems targeting employees.
The DPA’s front desk handled 16,193 queries (compared to the 24,097 of 2016) concerning, in particular, unsolicited promotional communications, implementation of the GDPR, the Internet, video surveillance, mail, fax and text messages, employer-employee relationships, and banking data. The decrease being due to the new reporting tools made available, such as the FAQ and an automated answering system.
The Italian DPA’s 2017 report is available (in Italian) at https://www.garanteprivacy.it…
For more information about how privacy is implemented in Europe, contact Francesca Giannoni-Crystal & Federica Romanelli.