Italian Parliament passes landmark law against cyberbullying

Background information/Scenario

On June 3rd, Law No. 71 of 29 May 2017, containing provisions preventing and combating cyberbullying (“Disposizioni a tutela dei minori per la prevenzione ed il contrasto del fenomeno del cyberbullismo”, hereinafter the “Law”) was published on the Italian Official Gazette No. 127. The Law has come into force on 18 June 2017.

Main issue

The long-awaited Law was voted unanimously by the Italian Chamber of Deputies, as a response to the numerous cases of suicide of cyberbullying victims which occurred in Italy as a result of cyberbullying.

Section 1(2) of the Law defines “cyberbullying” as any form of pressure, aggression, harassment, defamation, identity theft, manipulation, illicit data processing of personal data (..) harming the minor. The section also condemns the diffusion of online material regarding one or more members of the minor’s family with the intention of harming the minor or a group of them.

According the Section 1(3) of the Law the so-called “Website Manager” (the entity which manages the content of a website/social media in which cyberbullying activities may take place) is the main subjects of the obligation to combat cyberbullying.

On the other hand, the so-called “Information Society Service Providers” (i.e., mere conduit, caching and hosting providers as defined in in Sections 14, 15 and 16 of Legislative Decree No. 70 of 9 April  2003 which is the implementation of Directive 2000/31/EC on certain legal aspects of information society services in the Internal Market) seem exempted from the obligations contained in the Law.

As a result, Section 2(1) of the Law grants to the victim of cyberbullying and to his/her parents the right to request indistinctively the data controller (i.e., the natural or legal person, public authority, agency or other body which, alone or jointly with others, has determined the purposes and means of the processing of the victim’s personal data) or the Website Manager (in which cyberbullying activities have occurred) to remove or block abusive content within 48 hours from the receipt of the request. Once the 48 hours without any intervention from the responsible entity have expired or in case of data controller or the Website Manager are not identifiable, the interested individual can lodge a complaint with the Italian Data Protection Authority (“Garante”). Within 48 hours from the receipt of the request, the Garante will take action according to the provisions of Sections 143 and 144 of Italian Personal Data Protection Code. Pursuant to these provisions, the Garante:

  • may call upon the data controller or the Website Manager to autonomously block the processing before ordering that the measures referred to in letter b) are taken, or before prohibiting or blocking the processing as per letter c);
  • shall order the data controller to take such measures as are necessary or appropriate to bring the processing into line with the provisions in force;
  • shall block or prohibit the processing, in whole or in part, if the latter is found to be unlawful or unfair partly because of the failure to take the necessary measures as per letter b), or otherwise if there is an actual risk that it may be considerably prejudicial to one or more of the data subjects;
  • may prohibit, in whole or in part, processing of data concerning individual entities or categories if it is in conflict with substantial public interests.


Practical actions

The Law will likely give raise to an ever-increasing number of reports for violations involving cyberbullying. The Garante will play a central role in keeping track of harmful online content falling within the definition of cyberbullying.

Whilst the Law seems excluding the Information Society Services Providers from its scope, this might not be the case especially when it comes to companies providing hosting services: according to the EU case law on Article 14 of the Directive 2000/31/EC,  such companies are  considered hosting providers to the same extent of Website Managers, thus be subject to a “notice and take down” as Website Managers in case they become aware of any illegal activity or information.

A code for the prevention and contrast of cyberbullying will be provided in near future to help stakeholders to comply with the Law.