|A Obstacles to Access||21 25|
|B Limits on Content||29 35|
|C Violations of User Rights||25 40|
- Concerns about the proliferation of misinformation online intensified in the run-up to national elections in March 2018. In January 2018, the government announced the launch of an online portal to report “fake news” to the postal police (see Media, Diversity and Content Manipulation).
- In November 2017, parliament swiftly approved a provision that would require telecommunications operators to retain telephone and internet data for up to six years (see Surveillance, Privacy and Anonymity).
While Italy’s internet environment remained free during the past year, misinformation and altered images thrived on social media ahead of the 2018 elections.
Italy’s internet penetration lags behind that of many other European countries, at around 65 percent of the population. Italy was the first European country to present a crowdsourced “Declaration of Internet Rights” in July 2015. The nonbinding document includes provisions that promote net neutrality and establishes internet access as a fundamental right. While generally seen as a positive development, the text has also drawn some criticism for inadequately addressing issues such as anonymity, encryption, and data retention.
Italian authorities do not generally engage in political censorship of online speech, and, as in previous years, no bloggers or social media users were imprisoned during the coverage period. However, defamation remains a criminal offense in Italy, and civil libel suits continue to threaten online writers. The debate about online disinformation and fake news was particularly lively in Italy. Politicians across the political spectrum have publicly discussed possible solutions to regulate the spread of disinformation on the internet. The debate intensified in the months leading up to the national elections held on March 4, 2018. In January 2018, former interior minister Marco Minniti announced a new initiative of the National Police that gives citizens the opportunity to report fake news through the postal police’s website.
The regulation of hacking powers for law enforcement investigations has been a controversial topic. In June 2017, parliament approved a law mandating the government to regulate the use of malware for hacking purposes. Concerns have also surrounded Italian companies’ involvement in the cyberweapons trade, and the lack of transparency in the granting of export licenses. In November 2017, parliament swiftly approved a regulation on data retention, which requires telecommunications operators to store telephone and internet data for up to six years. The provision had been added into a transposition law following a European Council directive on the “safety of lifts” in July 2017. There was virtually no public or parliamentary debate on the regulation, despite civil society protests and criticism from the Italian Data Protection Authority and the European Data Protection Supervisor.
Since the 1990s, the Italian government has supported the internet as a catalyst for economic growth, increased tourism, and greater government efficiency. This attitude continued to prevail in 2018, though aspirations for a fully connected Italy remained unfulfilled.
Availability and Ease of Access
While Italy’s internet penetration rate is higher than the global average, it remained lower than the overall rate in Western Europe at 61.3 percent in 2017.1 Several factors have impacted Italy’s relatively low penetration rate, including infrastructural limitations and unfamiliarity with the internet among older people. In general, mobile phone use is much more widespread than internet access. Italy has one of lowest high speed broadband coverage rates in the European Union (EU).2
Significant geographical differences in internet penetration persist across the country, with southern regions such as Calabria lagging behind. The internet is particularly popular among young people, with over 92 percent of people between 15 and 24 surfing the web.3 Some 65 percent of Italians connected to the internet in 2017, and 48 percent surfed the web on a daily basis. The number of households accessing the internet via broadband improved from 67 percent to 70 percent in 2017.
The ambitious infrastructural plan, “Growth 2.0,” launched in 2012 to close Italy’s digital divide between areas that are served by high speed connections and those that are not, but the plan was plagued by delays. The Digital Agenda initiative (based on the EU Agenda 2020) also intends to expand broadband access and e-government functions.4 In a similar attempt to showcase progress in Italy’s digital agenda, the government approved a decree in February 2016 to reduce costs for laying cables and established the Networks Register for Infrastructure (SINFI).5
As part of its plan to expand ultrafast broadband, the government has posted requests for tenders to roll out networks in underserved areas. Open Fiber won the first of three tenders, covering the regions of Abruzzo, Molise, Emilia Romagna, Lombardia, Toscana, and Veneto. Fifth generation mobile network trials also launched in five cities in March 2017.6
In 2016, a “digital transformation team” led by Amazon vice president Diego Piacentini and comprised of leading figures in a number of internet-related sectors, was formed to lead the digital transformation process of Italian public administration, among other goals.7 The team’s three-year mandate is expected to end in 2019.
Restrictions on Connectivity
The government does not impose restrictions on ICT connectivity and access to social media and communication platforms. Telecom Italia, the former state telecom monopoly that owns the physical network, has continued the process of “externalizing” the infrastructure since May 2013, as required by EU legislation to provide fair access to competitors.8
Access to the internet for private users is offered by 14 different internet service providers (ISPs). Telecom Italia has the largest share of the market, followed by Vodafone, Fastweb, and Tiscali. Telecom Italia Mobile (TIM), Vodafone, Wind, and 3 Italia are the major mobile carriers, and all of them operate 3G and 4G networks.9 In May 2018, the French operator Iliad entered the Italian mobile market, offering a low cost option for mobile connectivity.10 In December 2016, 3 Italia and Wind confirmed their merger under the name of Wind Tre Spa, although they still operate separately. With 31 million users, the company is now the largest mobile operator in the country.11
Earlier in 2016, the French media giant Vivendi further raised its stake in Telecom Italia to just under 25 percent, which is the threshold for making a mandatory bid for Telecom Italia. In April 2017, however, the Authority for Communications Guarantees (AGCOM), the Italian communications regulator, ruled that Vivendi had violated Italy’s media antitrust law and gave the company a year to reduce its stake in either Telecom Italia or the private broadcaster Mediaset.12 To comply with the ruling, in April 2018 Vivendi announced that it transferred around 19 percent of its stock in Mediaset to a blind trust.13
In the spring of 2018, the Italian Antitrust Authority fined Telecom Italia 4.8 million euros (US$5.6 million) for misleading advertising regarding its broadband service in underserved areas. According to the authority, Telecom Italia has omitted relevant information about its plans and their limitations.14 In a statement, the company called the decision “groundless” and stated that it intends to file an appeal with the Regional Administrative Court of Lazio15 .
In February 2018, the police and authorities from the Italian Antitrust Agency searched the offices of Telecom Italia, Vodafone, Fastweb, Wind Tre, and industry lobbying firm Asstel, as part of a probe over the pricing of mobile and fixed-line services.16 Regulators suspect that companies had overcharged their clients by charging them for their services every four weeks instead of once a month. In late 2017, parliament passed a law requiring monthly billing for all telephone operators.17 This law followed a new regulation by AGCOM introduced in March 2017 requiring fixed-line operators to move to monthly billing. Several companies, including Vodafone, Wind Tre, and Fastweb, were subsequently fined by AGCOM for noncompliance.18
The main regulatory body for telecommunications is AGCOM, an independent agency that is accountable to parliament. Its responsibilities include providing access to networks, protecting intellectual property rights, regulating advertisements, and overseeing public broadcasting. The majority party in parliament appoints AGCOM’s president.
In recent years, AGCOM has paid particular attention to digital copyright issues. In December 2015, the Constitutional Court, Italy’s highest court, dismissed an appeal that challenged the constitutionality of AGCOM’s online copyright enforcement regulation issued in 2014, which empowers the regulatory authority to order internet or hosting providers to block websites or remove allegedly infringing content.19
In late 2016, in the wake of the fake news debate, Giovanni Pitruzzella, head of AGCOM, argued that regulation of misinformation on the internet was best done by the state, rather than by social media companies such as Facebook. He also suggested the creation of an EU independent body to label fake news and remove it from circulation or impose fines when necessary.20 During the 2018 campaign, AGCOM published a report21 on Italians’ information sources (based on a research conducted in 2017), claiming that it is "characterized by the emergence of pathological phenomena such as the so-called ‘fake news,’ and more generally of disinformation."22 AGCOM also invited social media companies to regulate themselves during the campaign.23
Another important player governing the ICT sector is the Data Protection Authority (DPA). Established in 1997, the DPA is tasked with supervising compliance with data protection laws by both governmental and nongovernmental entities. It also has the authority to ban or block “processing operations that are liable to cause serious harm to individuals.”24 It is generally viewed as professional and fair in carrying out its duties.
- 1International Telecommunication Union (ITU), “Percentage of Individuals Using the Internet 2000-2017,” http://bit.ly/1cblxxY
- 2The EU Digital Agenda calls for 100 percent of the territory covered with 30Mbps and at least 50 percent with ultrafast (over 100Mbps) by 2020. See: European Commission, “Broadband speeds and prices,” accessed October 31, 2017, http://bit.ly/2gQo5YT
- 4D.L. 179/2012 in G.U. 46/2012; See also: Agenzia per l’Italia Digitale, “Agenda Digitale italiana,” http://bit.ly/1PpZcP9
- 5Legislative decree of February 15, 2016, n. 33, http://bit.ly/2cXO558
- 7Diego Piacentini, “Towards the new ‘operating system’ of the country,” Medium.com, December 21, 2016, https://medium.com/team-per-la-trasformazione-digitale/new-operating-sy…
- 8Telecom Italia, “Telecom Italia: CDA approva il progetto di societarizzazione della rete di accesso,” Press release, May 30, 2013, http://bit.ly/1PaTZf5
- 10“France's Iliad ventures into Italy with low-price mobile offer,” Financial Times, May 29, 2018, https://www.reuters.com/article/us-iliad-italy-italy/frances-iliad-vent…
- 12“Italian Regulator Rules Vivendi Can’t Keep Big Stakes in Both Mediaset, Telecom Italia,” The Wall Street Journal, April 18, 2017, http://on.wsj.com/2ysp88w
- 13Agcom, Vivendi lascia il 19% delle azioni Mediaset, La Stampa, April 11, 2018, http://www.lastampa.it/2018/04/11/economia/agcom-vivendi-lascia-il-dell…
- 14“Antitrust sanziona Telecom Italia per 4,8 milioni,” Rai News, March 16, 2018, http://www.rainews.it/dl/rainews/articoli/Antitrust-telecom-Autorita-ga…
- 16“Italy Regulator Searched Phone Carriers in Antitrust Probe,” Bloomberg News, February 15, 2018, https://www.bloomberg.com/news/articles/2018-06-03/microsoft-is-said-to…
- 17“Fatturazione bollette, cosa prevede la legge.” Rai News, February 15, 2018, http://www.rainews.it/dl/rainews/articoli/Fatturazione-bollette-cosa-pr…
- 18“La storia infinita delle bollette ogni quattro settimane,” Il Post, January 6th, 2018, https://www.ilpost.it/2018/01/06/rimborsi-bollette-quattro-settimane-le…
- 19EDRi, “Italian Constitutional Court avoids decision on blocking,” January 26, 2016, http://bit.ly/2d03zR7
- 20“Italy antitrust chief urges EU to help beat fake news,” Finantial Times, December 30, 2016, https://www.ft.com/content/e7280576-cddc-11e6-864f-20dcb35cede2
- 21Rapporto sul consumo di informazione, AGCOM, February 2018, https://www.agcom.it/documents/10179/9629936/Studio-Ricerca+19-02-2018/…
- 22“Agcom, nel 2017 book di fake news,” February 19, 2018, http://www.ansa.it/sito/notizie/tecnologia/tlc/2018/02/19/agcom-nel-201…
- 23“In Italian election campaign, Facebook, Twitter replace posters and piazzas,” Reuters, March 1, 2018 https://uk.reuters.com/article/uk-italy-election-socialmedia/in-italian…
- 24The Italian Data Protection, “The Italian Data Protection Authority: Who We Are,” November 17, 2009, https://www.garanteprivacy.it/en/web/guest/home_en/who_we_are
The Italian authorities do not engage in significant blocking or filtering of internet content, although measures to block illegal materials without a court order have worried digital rights activists. Italian politicians have made increasing demands to tackle the proliferation of hate speech and fake news online, a concern that intensified in the run-up to national elections in March 2018.
Blocking and Filtering
Italy does not block or filter content of a political, social, or religious nature, while Facebook, Twitter, YouTube, and international blog-hosting sites are all freely available. According to data gathered by Open Observatory of Network Interference (OONI),1 developed by the Tor Project, Italy’s blocking and filtering of the internet is limited and is primarily implemented by means of DNS tampering.2 Websites related to child abuse, gambling, copyright infringement, and terrorism are subject to blocking or removals. An antiterrorism decree passed by parliament in 2015 allows the public prosecutor to order the blocking or removal of websites affiliated with terrorist groups. Similar to the system used to block child pornography sites, the Interior Ministry compiles a blacklist of terrorist websites for ISPs to block.3
A controversial resolution on online copyright enforcement enacted in March 2014 enables AGCOM to issue administrative blocking orders to ISPs for specific websites that infringe on copyright, even those that only contain links for downloading copyright-protected content. The regulation also gives AGCOM the power to remove content upon review by an internal panel, but without prior judicial approval if a copyright violation is detected.4 In March 2017, an administrative court dismissed a challenge to the regulation lodged by consumer organizations and ISP associations in 2014.5
Authorities sometimes request the removal of specific content. According to a Facebook report, from January to June 2017, 321 pieces of content were reported “by the UNAR, a trusted reporter under the European Commission Code of Conduct on Countering Illegal Hate Speech Online, and in response to court orders related to defamation.” A total of 244 items were also removed for Holocaust denial.6 Twitter’s transparency report for 2017 lists five requests for content removal from Italian authorities between January and June, but no content was withheld.7 According to Google’s transparency report, the government sent 143 content removal requests between January and June 2017, including 71 for defamatory content, 13 for privacy and security reasons, and 55 for hate speech.8
In January 2018, former interior minister Marco Minniti announced the National Police’s new initiative to fight the spread of fake news.9 The project, named “red button,” gives citizens the opportunity to report fake news using a portal on the police’s website. The National Anti-Crime Information Center for Critical Infrastructure Protection (CNAIPIC) was tasked with analyzing the reported content. According to the plan, the police website and their social media accounts would be set to publish retractions based on their analysis of reported content. David Kaye, the UN special rapporteur on freedom of opinion and expression, expressed his concerns about the protocol, citing its vague language on the definition of fake news. In a formal communication, he urged the government to reconsider the initiative.10 The government later confirmed that the initiative concluded within a few days of the elections on March 4.11 It is unclear how many reports the police received and how many instances of alleged fake news were assessed.12 According to Wired, published responses to citizens’ reports were generally vague, short, and not published in a timely manner.13
In May 2017, parliament approved a new cyberbullying law after several high-profile cases of cyberbullying came to light.14 The bill had raised concerns for giving users too much latitude to remove content from social media sites.15 Minors over the age of 14 or their parents can demand content hosting sites to remove damaging content within 48 hours of a request.16 If no action is taken, victims can refer their case to a privacy guarantor.
Italian courts have ruled in favor of the so-called right to be forgotten since a Court of Justice of the European Union (CJEU) ruling in May 2014. On December 3, 2015, a civil court in Rome upheld the CJEU’s reasoning on the right to be forgotten but rejected the plaintiff’s request, in a case that sought to balance such a right with the right to information in the public interest.17 In a problematic move in 2016, the Supreme Court upheld a 2013 court decision ordering the removal of an article that damaged a restaurant’s reputation from a website’s archives after two years, deeming that the time elapsed between the publication date and the request for removal “sufficed to satisfy the public interest as far as its right to be informed was concerned.”18
Media, Diversity, and Content Manipulation
Blogging is very popular in Italy, though television remains a leading medium for obtaining news. Most policymakers, popular journalists, and figures in the entertainment industry have their own blogs, as do many ordinary citizens. Social-networking sites, especially Facebook and Twitter, have emerged as crucial tools for organizing protests and other mass gatherings such as concerts, parties, or political rallies.
The government does not proactively manipulate news websites. However, in the run-up to March 2018 elections, Italian politicians renewed demands to address the proliferation of disinformation, as fabricated opinion polls, manipulated pictures, and false stories circulated online.19 Bot activity was also detected in the hours running up to the vote.20
In November 2017, Buzzfeed investigated a large network of media sites and Facebook pages owned by an Italian entrepreneur, dedicated to spreading misinformation and hyper-partisan content online.21 In 2016, an analysis by Buzzfeed had also found that the antiestablishment Five Star Movement was running a network of websites and social media pages that disseminated fake news and pro-Kremlin content.22
In early 2017, a widely criticized bill to tackle the spread of fake news and hate speech was presented for parliamentary discussion by parliamentarian Adele Gambaro. According to this bill, online news organizations could be fined up to €5,000 (US$5,820) for publishing "false, exaggerated or biased" news reports and failing to remove them within 24 hours. If fake news is deemed to damage the public interest or seeks to undermine the democratic process, publishers would face heftier fines and prison sentences.23 The bill was officially presented in February 2017 but was not ultimately passed.24
Content hosts may exercise some self-censorship regarding content that could prove controversial or create friction with powerful entities or individuals. Online writers also exercise caution to avoid libel suits by public officials, whose litigation—even when unsuccessful—often takes a significant financial toll on defendants. Individuals writing about the activities of organized crime in some parts of the country may be especially at risk of reprisals. In March 2018, the magazine Famiglia Cristiana deleted an article about the seizure of a Spanish ship carrying refugees in Sicily by the Italian Navy, possibly in violation of international law on asylum.25 After 24 hours, an altered version of the article was published online,26 and the original author withdrew his name from it. The mention of the Italian Navy was dropped from the title, and mentions of its involvement in the case were modified.
Some restrictions on internet content that are uncommon in other Western European countries remain in place in Italy. Drawing on a 1948 law against the “clandestine press,” a regulation issued in 2001 holds that anyone providing a news service, including on the internet, must be a “chartered” journalist within the Communication Workers’ Registry (ROC) and hold membership in the Italian National Press Federation.27 With the exception of one case from the late 2000s, these rules have generally not been applied to bloggers and, in practice, millions of blogs are published in Italy without repercussions. Nonetheless, many people who create websites on a range of issues (including scholarly research) still collaborate with registered journalists to protect themselves from potential legal action.
Italian civil society organizations have actively campaigned on transparency and social issues, with a particular focus on open data and freedom of information initiatives, with some results.
For instance, after two years of a civil society campaign called FOIA4Italy, a new access to information law was approved by the Council of Ministers in May 2016 and came into force on December 23, 2016.28
In 2017, as the #MeToo movement gained momentum, Italy had, to a smaller extent, its own emerging movement seeking to tackle pervasive sexism in Italy. The Italian movement used the hashtag #quellavoltache (that time that). While the movement stirred conversation online and in public forums,29 it did not lead to a sustained debate in parliament or the country’s other institutions.
- 3Sghirinzetti, “Italy: Anti-terrorism decree to strengthen government surveillance,” EDRi, April 22, 2015, http://bit.ly/1RCR0KR
- 4AGCOM, “Regolamento in materia di tutela del diritto d’autore sulle reti di comunicazione elettronica,” December 12, 2013, http://bit.ly/1WXMfys; See also: European Parliament, “Subject: Internet censorship in Italy—via administrative procedure,” July 13, 2011, http://bit.ly/1MsIZrQ
- 12“Dov'è la lista delle "128 fake news" smentite dalla Polizia Postale? “Motherboard, February 28, 2018, https://motherboard.vice.com/it/article/pamwkz/dove-la-lista-delle-128-…
- 13“Come sta andando il servizio della Polizia postale contro le fake news,” Wired Italia, February 20, 2018, https://www.wired.it/attualita/media/2018/02/20/polizia-postale-fake-ne…
- 14“Italy passes law to fight cyberbullying,” Reuters, May 17, 2017, http://in.reuters.com/article/italy-cyberbullying/italy-passes-law-to-f…
- 15“La nuova legge sul cyberbullismo,” Il Post, May 17, 2017, http://www.ilpost.it/2017/05/17/legge-cyberbullismo/
- 16“Cyberbullismo, sì definitivo della Camera. Ecco cosa prevede la legge,” May 17, 2017, http://tg24.sky.it/politica/2017/05/17/Cyberbullismo-camera-approva-leg…
- 17Nctm, “Right to be forgotten, right to reputation and privacy: comment to the decision no. 23771/2015 of the civil court of Rome,” April 2016, http://bit.ly/2dQZn8c
- 18Guido Scorza, “A ruling by the Italian Supreme Court: News do “expire.” Online archives would need to be deleted,” L’Espresso, July 1, 2016, http://bit.ly/29aeJ5c; See also: Athalie Matthews, “How Italian courts used the right to be forgotten to put an expiry date on news,” The Guardian, September 20, 2016, http://bit.ly/2cPSINq
- 22“Italy's Most Popular Political Party Is Leading Europe In Fake News And Kremlin Propaganda,” BuzzFeed, November 29, 2016, http://bzfd.it/2hsLy6v
- 23“Italy debates fines and prison terms for people who spread fake news,” thelocal.it, February 16, 2017, https://www.thelocal.it/20170216/italy-mulls-introducing-fake-news-fines
- 25The original version of the article: https://web.archive.org/web/20180327215221/http://m.famigliacristiana.i…
- 26The new version of the article http://www.famigliacristiana.it/articolo/cosi-crolla-l-accusa-a-open-ar…
- 27Diritto Tecnologia Informazione, Legge March 7, 2001, n. 62, “Nuove norme sull’editoria e sui prodotti editoriali,” [New Rules on Publishing and Publishing Products], http://www.interlex.it/testi/l01_62.htm
- 28FOIA4Italy, “L’Italia ha un Freedom of Information Act,” [Italy has a Freedom of Information Act], May 19, 2016, http://bit.ly/2d19ipS; See also: “Ecco il testo del decreto Foia, la trasparenza della PA parte da dicembre,” Repubblica, May 19, 2016, http://bit.ly/2dTLOsZ
- 29“#quellavoltache non ci vergogneremo mai più,” November 27, 2017, http://www.giuliablasi.it/quellavoltache-non-ci-vergogneremo-mai-piu/; “Having a misogynist leader has consequences. And no, I don’t mean Trump,” December 14, 2017, https://www.washingtonpost.com/news/global-opinions/wp/2017/12/14/the-m…
Violations against users’ rights are uncommon in Italy, although cases of legal intimidation and threats against online writers are occasionally reported. Criminal defamation laws remain a grave threat to online journalists and social media users, particularly in the ambiguous form they have been applied to the online sphere. Privacy concerns have also surrounded legislative moves to regulate hacking for the purpose of criminal investigations, and a recent regulation extending the period in which ISPs must keep users’ traffic records.
As a signatory to the European Convention on Human Rights and other relevant international treaties, freedoms of speech and the press, as well as the confidentiality of correspondence, are constitutionally guaranteed in Italy.1 Italy was the first European country to adopt a crowdsourced “Declaration of Internet Rights” in July 2015. The nonbinding document includes provisions that promote net neutrality and establishes internet access as a fundamental right. While generally seen as a positive development, the text has also raised some criticism for falling short on certain issues like such as anonymity, encryption, and data retention.
Several laws present a threat to internet freedom in the country, however. Italy passed an antiterrorism law in April 2015 that broadened language in the criminal code on terrorist recruitment, as well as the endorsement or incitement of terrorism, to include activities on online channels.2 Critics argued that the law could be applied broadly and would sanction legitimate instances of free expression that fall within international norms of protected speech.3
Defamation is a criminal offense in Italy: according to the criminal code, “aggravated defamation” is punishable by prison terms ranging from six months to three years and a minimum fine of EUR 516 (US$580). In cases of libel through the press, television, or other public means, there is no prescribed maximum fine.4 Though these provisions are rarely applied, civil libel suits against journalists, including by public officials and politicians, are a common occurrence, and the financial burden of lengthy legal proceedings may have chilling effects on journalists and their editors. In March 2017, the United Nations Human Rights Committee expressed renewed concerns that “forms of expression including defamation, libel and blasphemy remain criminalized, including with punishment of imprisonment, and that article 13 of the Press Law and that Article 595 of the Criminal Code imposes harsher punishment for defaming public officials, including the head of state.”5
Prosecutions and Detentions for Online Activities
Defamation is a criminal offense in Italy according to the criminal code. Civil libel suits against journalists, including those operating online, are a common occurrence. The financial burden of lengthy legal proceedings may have chilling effects on journalists and their editors. Ossigeno per l’Informazione, an organization that tracks threats to journalists in Italy, has reported 562 “frivolous defamation suits” against media since 2011, which includes cases against online media.6
Surveillance, Privacy, and Anonymity
Despite the 2013 Snowden revelations and reports of eavesdropping by the British and American governments’ intelligence organizations on Italian phone calls and internet traffic,7 Italy has not engaged in a thorough public debate on surveillance.
Authorities are widely perceived to be engaged in regular wiretapping, and the news media regularly publicizes wiretap information that is leaked to them.8 In November 2017, it was revealed that Lorenzo Tondo, an Italian journalist at the Guardian, was secretly wiretapped by prosecutors while investigating the notorious Eritrean human trafficker Medhanie Yehdego Mered. Tondo condemned the wiretapping as “a clear violation of my rights as a professional journalist.”9
The use of hacking by Italian law enforcement has also been documented, and in May 2017, the United Nations Human Rights Committee raised concerns that “intelligence agencies are intercepting personal communications and employing hacking techniques without explicit statutory authorization or clearly defined safeguards from abuse.”10 In July 2016 however, the Supreme Court of Italy ruled that hacking was constitutional and in accordance with human rights law.11
Italian lawmakers have made several attempts to regulate hacking in recent years.12 In March 2017, the Senate voted on a bill proposed by Justice Minister Andrea Orlando to reform the criminal justice system.13 Approved in June 2017, the law mandates the government to regulate hacking for the purpose of criminal investigations. Organizations such as Privacy International have contended that the law fails to meet the standard of legality, necessity, and proportionality, and does not establish sufficient minimization procedures, effective oversight, or safeguards from abuse.14 Another proposal known as the “Trojan Bill” sought to establish a more robust system for authorizing remote and covert hacking.15 The bill was ultimately withdrawn in the aftermath of the March 2018 elections.
Although the Court of Justice of the European Union struck down the 2006 directive on the retention of data, Italy has extended the period in which ISPs must keep users’ traffic records (metadata). In November 2017, parliament swiftly approved a regulation on data retention requiring telecommunications operators to store telephone and internet data for up to six years. The provision had been added into a transposition law following a European Council directive on the “safety of lifts” in July 2017. There was virtually no public or parliamentary debate on the bill, despite civil society protests.16 The Italian Data Protection Authority expressed its objection to the bill, citing its incompatibility with EU law and case law.17 European Data Protection Supervisor Giovanni Buttarelli commented that the newly approved regulation does not reflect the European approach to data retention: “The European Court of Justice has said that we can no longer collect anything that concerns us all just to have it "in case." This is a type of approach that is not part of the European legal system.”18
As Italy moves towards greater e-governance, some concerns have been raised over the protection of user data in the hands of public agencies, as well as the security of digital data and the risk of identity theft.19 As part of the Italy’s digital agenda, the Digital Italy Agency (AgID) recently introduced an eID system called the Public System of Digital Identity (SPID).20 Launched in March 2016, SPID creates a “unique” PIN number that allows users to log into different public administration web services, including social security, pension, and tax agencies and municipalities. A total of eight providers are authorized to issue a digital identity.21 In two years, approximately 2.3 million people registered; however, reports indicate that the growth in registrations is slowing, and that it seems unlikely that the objective of a minimum of 9 million registered people (or 20 percent of the population) will be reached by March 2019.22
Intimidation and Violence
Cases of intimidation or physical violence in response to online activity are reported sporadically, although individuals who expose organized crime activities in some parts of the country may especially be at risk of reprisals. In August 2015, the parliamentary anti-mafia committee voiced concerns about the high number of “acts of hostility” against investigative journalists by organized crime groups. This included “traditional methods” of intimidation such as burning cars, verbal threats, and sending bullets through the mail, but also increasing legal threats.23 According to the interior minister, almost 200 journalists received police protection in 2017.24 Ossigeno per L’Informazione also recorded over 423 instances of Italian journalists and bloggers subjected to threats in 2017.25 It is likely that many other cases are not publicly reported.
The country’s official cybersecurity strategy has been in place since December 2013.26 Common forms of technical attacks in Italy include defacement or distributed denial-of-service (DDoS) attacks against websites as a form of political protest. Other cyberattacks—particularly against banks, government institutions, and business websites—remain a problem.
The 2018 elections were also characterized by a few instances of “public-interest hacks.”27 In February 2018, the website of the Florence section of the Democratic Party was hacked and personal information, including former prime minister Matteo Renzi’s mobile phone number, was posted by hackers on Twitter.28 In the same week, two Matteo Salvini campaign websites were hacked, and some data was subsequently released on Twitter by the hackers. The AnonPlus collective claimed responsibility for both hacks.29 During the summer of 2017, the Five Star Movement was hacked by a black hat hacker named @r0gue_0. The hacker infiltrated Rousseau, the party’s online organizing platform, and leaked internal data, including the password used by the staff to access the platform.30
Awareness regarding Italian involvement in the cyberweapons market has grown, and companies have faced growing scrutiny over surveillance software sales to government agencies and repressive regimes. In July 2015, a leak of internal documents from the Milan-based surveillance technology firm Hacking Team revealed details about some of the company’s clients across the world, including countries with poor human rights records.31 The company had been criticized in the past for cooperating with undemocratic regimes and lacking sufficient considerations of users’ privacy.32 In April 2016, however, the Italian government suspended its “global” authorization to export its software. While this would not affect countries within the EU, the company would be required to seek approval from Italian authorities to request individual licenses for each country outside of the EU.33
According to a study published by the UK-based NGO Privacy International in August 2016, three other companies based in Italy market intrusion technology.34 In January 2017, the Italian Coalition for Civil Liberties and Rights, Privacy International and the Hermes Center for Transparency and Digital Human Rights wrote a public letter to the Italian Ministry for Economic Development asking to reconsider the export authorization for Italian company, AREA, which had been investigated after selling their products in Syria and Egypt.35 The ministry issued a press release stating that the company’s export authorization to Egypt had been suspended and would be revoked.36 However, civil society organizations have continued to demand greater transparency on export licensing and the countries involved.37
- 1An English copy of the constitution is available at: Constitution of the Italian Republic, http://bit.ly/1hARFPS; See especially art.15 and 21
- 2Sghirinzetti, “Italy: Anti-terrorism decree to strengthen government surveillance.”
- 3“Tolto dal decreto antiterrorismo l’emendamento sui computer,” Internazionale, March 26, 2015, http://bit.ly/1Lr1CeP
- 4Organization for Security and Cooperation in Europe Representative on Freedom of the Media, Libel and Insult Laws: A matrix on where we stand and what we would like to achieve, (Vienna: OSCE, 2005), 79, http://www.osce.org/fom/41958.
- 5“Concluding observations on the sixth periodic report of Italy,” United Nations, Human Rights Committee, March 2017, http://tbinternet.ohchr.org/_layouts/treatybodyexternal/Download.aspx?s…
- 7“Revealed: How the Nsa Targets Italy,” L’Espresso, December 5, 2013, http://espresso.repubblica.it/inchieste/2013/12/05/news/revealed-how-th…; “Datagate, così ci spiano Stati Uniti e Gran Bretagna,” L’Espresso, October 24, 2013, http://espresso.repubblica.it/internazionale/2013/10/24/news/cosi-ci-sp…
- 8Although it is difficult to determine the real number of people affected by wiretaps (estimates range from 25,000 to over 130,000), many individuals who are caught up in wiretaps have no incriminating connection to the main target of the eavesdropping. The current law stipulates that such peripheral communications cannot be transcribed and any recordings should be destroyed right away, though this is not always carried out in practice. Thus it may happen that some exchanges are recorded and leaked to the media. This is the problem that the proposed bill on electronic surveillance was meant to address.
- 9https://www.theguardian.com/world/2017/nov/11/italian-prosecutors-wiret…; https://www.valigiablu.it/giornalista-guardian-intercettazioni/
- 10“Concluding observations on the sixth periodic report of Italy”, United Nations, Human Rights Committe, March 2017: http://tbinternet.ohchr.org/_layouts/treatybodyexternal/Download.aspx?s…
- 11Corte di Cassazione, supra note 3, Reasons for the Decision, para. 11 (“limited exclusively to proceedings relating to offences of organized crimes, the Court allows the real-time interception of conversations or communications by installing a “computerized sensor” in portable electronic devices (e.g. personal computer, tablet, smartphone, etc.) also in private homes under Art. 614 of the Code of Criminal Procedure, even if those dwelling are not identified in the warrant or if it is not determined that they were used to conduct criminal activity”)
- 12Carola Frediani, Intercettazioni col trojan, ecco la proposta di legge, La Stampa, January 31 2017, http://www.lastampa.it/2017/01/31/italia/cronache/intercettazioni-col-t…
- 13Changes to the Criminal Code, Criminal Procedure Code and Penal Procedure Bill (15 Mar. 2017), available at http://www.senato.it/service/PDF/PDFServer/BGT/01009188.pdf
- 14Privacy International, “Privacy International’s Analysis of the Italian Hacking Reform, under DDL Orlando,” March 5, 2017, http://bit.ly/2zwWUgC
- 15Proposta di Legge, Disciplina dell’uso dei Captatori legali nel rispetto delle garanzie individuali. The full Italian bill, and its summary in English are both available at: http://www.civicieinnovatori.it/wp-content/uploads/2017/02/Sintesi-PDL-…
- 17Data retention: Soro, troppi 6 anni conservazione dati Tlc e Internet, http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/doc…
- 18Garante privacy Ue: “Sulla protezione dei dati l’Europa è leader,” La Stampa, Nov 13 2017, http://www.lastampa.it/2017/11/13/esteri/garante-privacy-ue-sulla-prote…
- 19M. Calamari “Lo SPID è nato morto?”, Punto Informatico, April 21, 2016, http://bit.ly/2fQLhso.
- 23Anti-Mafia Parliamentary Committee, “Report on the State of Information and on the Condition of Journalists threatened by Organised Crime,” August 5, 2015, http://bit.ly/2dAMvUN
- 26Presidency of the Council of Ministers, National Plan for Cyberspace Protection and ICT Security, December 2013, http://bit.ly/1Lr3Gn4; and Presidency of the Council of Ministers, National Strategic Framework for Cyberspace Security, December 2013, http://bit.ly/1qVEWpW
- 31Wikileaks, “Hacking Team,” https://wikileaks.org/hackingteam/emails/
- 32Alfonso Maruccia, “L'orgoglio ferito di Hacking Team,” Punto Informatico, July 23, 2015, http://bit.ly/1LFkylL. See also the conclusions by CitizensLab here, “Tag Archives: Hacking Team,” https://citizenlab.org/tag/hacking-team/; and by computer security expert Bruce Schneier here: Bruce Schneier, “Hacking Team Is Hacked,” Schneier on Seurity (blog), July 6, 2015, http://bit.ly/1RD0iWY
- 33“Hacking Team Has Lost Its License to Export Spyware,” Motherboard, April 6, 2016, http://bit.ly/1q9klUD
- 34Privacy International, “Privacy International launches the Surveillance Industry Index & New Accompanying Report,” August 1, 2016, https://www.privacyinternational.org/node/912
- 35Italy urged to act as Internet surveillance systems are exported to Egypt, Cild.eu, January 23, 2017: https://cild.eu/en/2017/01/23/italy-urged-to-act-internet-surveillance-…
- 36“Ministry of Economic Development’s reply: Area Spa license to be revoked,” Cild.eu, January 24, 2017, https://cild.eu/en/2017/01/24/ministry-economic-developments-reply-area…
- 37“Software spia, il ministero revoca la licenza di vendita in Egitto di Area Spa dopo le indagini della procura,” Il Fatto Quotidiano, June 30, 2016, http://bit.ly/2s8WfuY
See all data, scores & information on this country or territory.See More
Global Freedom Score90 100 free
Internet Freedom Score75 100 free