g-docweb-display Portlet

Annual Report 2005 Summary

Stampa Stampa Stampa
PDF Trasforma contenuto in PDF

versione italiana  

Annual Report 2005

The Annual Report of the Italian data protection authority for 2005 was submitted to Parliament on 7 July 2006.

This summary is meant to provide an overview of the work done by the Garante in the many sectors that required steps to be taken in order to protect fundamental rights of individuals. The Garante´s activity was aimed – like in the past – to build up a veritable culture of personal data protection.

The Work Done
A feature of the activities performed by the Garante throughout 2005 was the major commitment towards regulating wide-ranging sectors of social and economic life and enhancing controls and supervision on compliance with data protection provisions.

The main areas of activity included: electronic communications; interception of communications; major public and private databases; Internet; consumer credit; confidentiality in health care; electoral propaganda; education and schools; monitoring of employees; video surveillance; freedom of the press; chain stores; hotels; condominia; and credit factoring.

Increased attention was paid to the huge opportunities made available by the new technologies for collecting and retaining personal data; the need for ensuring security of databases; the growing use of biometric data; and the potentially ubiquitous exploitation of highly sensitive personal information such as genetic data.

The new collegiate panel of the Authority (Prof. Francesco Pizzetti, President; Giuseppe Chiaravalloti, Vice-President; Mauro Paissan, Member; Giuseppe Fortunato, Member) attached special importance to the activities carried out by the public administration, which allowed public bodies to come to grips with their delay in drafting the required internal regulations on the processing of sensitive and judicial data and thereby make a new start in their relationships with citizens.

Emphasis was also put on fostering the concept that privacy is an "added value" to the business economy, in view of giving rise to a new relationship with users and consumers, and that data protection can become a major resource as well as a quality asset in the globalised economy.

Some Figures
collegiate provisions were adopted by the Garante in 2005, of which 634 were related to the handling of complaints. Taking account of some cases that came up in 2005 and were concluded recently, the Garante replied to 324 requests for information and 1.633 reports and claims. 31 opinions were rendered on regulatory provisions to be adopted by Government, and 61 draft regulations were adopted in respect of the processing of sensitive data by the public administration.

Over 100 general provisions were issued, including the renewal of six general authorisations for the processing of sensitive data [Authorisation no. 1/2005, no. 2/2005, no. 3/2005, no. 4/2005, no. 5/2005, no. 6/2005].

With regard to inspection and control activities, there was a considerable increase in the number of inspections, which rose to 200 in 2005 and totalled 145 in the first six months of 2006.

94 administrative sanctions were imposed and information was preferred to judicial authorities in 10 cases.

About 12.000 notifications were submitted to the Garante in respect of processing operations that were started, modified and/or terminated with regard to the categories of data expressly laid down in the data protection Code (genetic data, biometric data, health care data processed for assisted reproduction purposes, data processed for staff recruitment purposes, data aimed at profiling consumers, etc.).

Main Steps Taken
The main areas of activity were the following [LINKS to the main provisions adopted by the Garante in the different areas, in English; either the full text or a summary is available]:

Codes of Practice
Following publication of the codes of practice adopted by journalists (1998), historians and archivists (2001), public statistical research bodies (2002), and private statistical research bodies (2004), the 
 code of practice applying to consumer credit came into force in 2005. This code set out the rules for communicating and retaining data in the information systems managed by private credit reference agencies (or credit bureaus).

Work is in progress with other industry sectors to draw up codes of practice in such important areas as the Internet, investigations by defence counsel, employment, and direct marketing.

International Activities
At the international level, the Garante contributed first and foremost to the work of the Article 29 Working Party [
 http://ec.europa.eu] – composed of representatives from the EU´s data protection authorities – by working out opinions on geolocalisation, intellectual property, use of RFID devices, and e-health.

In 2005, the collaboration between the Article 29 WP and the European Commission, in particular the vice-President in charge of Freedom, Security and Justice matters, was strengthened further. Considerable attention was paid to the exchange of data for judicial co-operation and security purposes, in particular to the creation of a new information system (SIS-II) that is expected to replace the current Schengen information system as well as to the database containing information on applicants for short-stay visas, i.e. the so-called VIS (Visa Information System).

Regarding the retention of telephone traffic data, an opinion was adopted in 2005 by the Article 29 WP under the co-ordination of the Italian Garante; the opinion concerned the (then) draft data retention directive, which was subsequently adopted by the European Commission, and asked for specific safeguards protecting European citizens.

Within the context of the debate on the balance to be struck between security and privacy, reference should also be made to the efforts made by the European data protection authorities in respect of the transfer of flight data concerning EU citizens to customs authorities of non-EU countries. The debate was recently re-vamped by the decision of the European Court of Justice to set aside the regulatory instruments adopted by the EU Council and the Commission to make it legitimate to transfer PNR (Personal Name Record) data to US authorities.

The Italian Garante participated in all the international conferences of data protection authorities ( Montreux, Madrid, Budapest, Warsaw) and contributed to the activities of the OECD working party in charge of privacy issues.




Relazione annuale

Documenti citati