31 Jul The Italian legislator approves an amendment which allows data retention for 6 years

Background Information

On 19 July 2017, during a session dedicated to the fulfilment of obligations resulting from EU membership, the Italian Chamber of Deputies approved an amendment which extends the period of retention of telephone and electronic communication traffic data to 6 years with a view of detecting and suppressing criminal offences and terrorism. It is paramount to underline that such a relevant amendment, which might so deeply interfere with the fundamental rights to privacy, was not only approved in absence of the due transparency and cooperation of the Italian Data Protection Authority, but was also disconcertingly (and maybe strategically) inserted into a law that concerns the security of lifts.

Legislative Framework and main issues

In Italy, Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 (“Data Retention Directive”) was transposed into Legislative decree n. 109 dated 30 May 2008, which amended Section 132 of the Italian Data Protection Code, providing for the following data retention periods with a view of detecting and suppressing criminal offences:

• twenty-four months for telephone traffic data;
• twelve months for electronic communications traffic data;
• thirty days for the data related to unsuccessful calls that are processed on a provisional basis by the providers of publicly available electronic communications services or a public communications network.

In 2014, the Court of Justice of European Union (“CJEU”) declared the Data Retention Directive invalid because it entailed a wide-ranging and particularly serious interference with fundamental rights such as the respect for private life and the protection of personal data without such interference being limited to what was strictly necessary.

Subsequent to the judgment of the CJEU, on 18 February 2015 the Italian legislator approved Decree Law 7/2015 on counter-terrorism, which waived Section 132 of the Italian Data Protection Code and imposed the retention of traffic data (telephone traffic data, electronic communications traffic data and data related to unsuccessful calls) until 31 December 2016, later extended to 30 June 2017. Accordingly, it seems no coincidence that 22 days after the expiration of the period of validity of the Decree Law on counter-terrorism, an amendment with respect to data retention was inserted in a law on the security of elevators and approved in such a silent way.

The President of the Italian Data Protection Authority, Antonello Soro, expressed his concerns about the proposed amendment. According to Soro, the provision introduces modalities of processing of telephone and electronic communications traffic data that are incompatible with European legislation and jurisprudence which stress that the retention of traffic data should not be general and indiscriminate but always proportionate to the needs of the investigation. In fact, President Soro believes that the criterion of proportionality should be more accurately reflected in the next discussion of the proposed amendment and that such an important subject should be regulated in a more transparent manner.

Practical implications

The amendment, which seems not to take European jurisprudence into consideration still has to be approved by the Senate where it is expected to be discussed after the summer holidays.

In case of approval, it would imply that telephone and electronic communications operators should retain all generated traffic data (telephone and electronic communications traffic data as well as data related to unsuccessful calls) for 6 years.

We will continue to observe the evolution of the proposed amendment.