Like other EU member state, the Italian government has passed and transferred the European Union’s data retention directives into a law. The Italian service providers are compelled to record and retain data like the users IP address, billing information, details about who send you emails, and the websites you visit.
According to the data retention directives, the service providers operating in Italy were also compelled to retain the user’s personal information so that the data can be transferred to the proficient and concerned authorities without any delay.
Data Retention Laws in Italy:
The Italian government for the basic purpose of combating international terrorism issued directives on July 27th, 2005. Under the Article 6, all telephone service providers were compelled to retained traffic data until December 31st, 2007. This degree was transformed into a legislation on July 31st, 2005. The retention period for data and information about mobile and fixed telephony in Italy lasts for 2 years and 5 months. However, the order also forces the providers not to delete any traffic data of the users and at least for telephone service providers the duration lasts for two years.
Moreover, the internet service providers (ISPs) must store the user’s data for six months, with extension possibility for another six months. If the investigation requires data urgently then the access barrier to the data is lowered to the deputy public prosecutor but such orders need to be approved within 48 hours by an investigative authority.
The Article 6 orders all the service providers of internet, networks and telephone communication services must retain all kind of data to ‘’the traceability of access and – if- available services’’, without the content of such communications.
Italian government announces the data retention:
The Italian government later announces the data retention directives until December 31st, 2007. The provisions of data protection were adopted. The Article 6 permits storing of traffic data by banning all kind of relevant provisions of data protection until December 31st, 2007. Within these provisions, the service providers were compelled to erase and delete the traffic data when they no longer need it. However, the excess retained traffic data can get into for combating anti-terrorism purposes and also for general disciplinary enforcement of criminal infringement.
The Italian directives for data retention don’t comprehend any specific set of instructions for internet traffic data. The telephony service providers were required to retain all unsuccessful dial efforts. However, within the Council of Ministers of Justice and Home Affairs (JHA Council), this demand has been the topic of heated debate because many operatives were against the extremely high costs to enforce these measures and thus; they protested aggressively to their government. Moreover, the directives further states that the ministers will have more debate on the registration of unsuccessful call attempts with regards to cost calculation and allocation of relative costs, while not including any financial reimburse by the state.
Current Status of Data Retention Laws:
In November 2017, the Italian government has proposed new data retention laws for the users. Under this legislation, the internet service providers and telecom companies operating in the country to retain the logs of user’s electronic communication data such as telephony traffic data and data related to unsuccessful calls for a period of at least six years. This development in Italian legislation is been called the “shadow of mass surveillance” by Lexology.
The Italian Senate has recently accepted the final approval for data retention laws which were included in their 2017 laws. Two main changes in the data retention laws came into action. The first was about the extension of the time duration in which the user’s online data required to be maintained while the second change was about the introduction of web monitoring for copyright compliance without any previous review from the court.
The Italian Authority for Communications Guarantees (AGCOM) has also been allowed the decree to request the blocking of websites without any legal oversight. Within this new law, actions like the Sci-Hub block will be taken which causes a lot of disagreement in the states- could happen at the drop of a hat and without any court. Moreover, the AGCOM has also been permitted the authority to use profound packet check on all internet traffic.
According to the Court of Justice of the European Union, this law is unlawful and illegal due to the extremely long mandatory data retention period.
The Privacy International Report:
Earlier in 2017, the Privacy International issued a report regarding the EU member states nonconformity with the CJEU. In this report, PI said:
[su_quote]Member States have an obligation to ensure that their laws comply with the CJEU’s jurisprudence, and EU law more generally. It is thus concerning to notice that only a limited proportion of Member States have annulled their pre-Digital Rights legislation and that practically no Member States laws currently comply with Tele-2/Watson.[/su_quote]
Italy’s ISPs way out Infringements:
The higher authorities, the law enforcement agencies, and internet service providers in Italy have a history of unconstitutional internet investigation activities. In 2005, the Italian police installed a backdoor into Italian ISP Autistic’s server which permits the police to look out on the communications of about 30,000 of the ISP users. This activity by the police was breaching the Italian constitution. Then again in 2009, almost 20 members of Telecom Italia’s security team encountered with judicial charges for gathering and interpreting personal data and information of influential and high-profile people such as politicians, sports players, and powerful people in the financial sector. The data collected was used for extortion and economic gain.
The data retention laws implemented in Italy are extremely bizarre. These laws violate the basic rights of citizen’s internet privacy. Moreover, have also targeted not only the general public but also powerful and high profile people from different sectors. Other EU countries like Romania, Cyprus, Bulgaria, and the Czech Republic have declared the data retention laws as unconstitutional but these laws are still being implemented in Italy despite violating the fundamental human rights of privacy protection.