Italy
A Obstacles to Access | 21 25 |
B Limits on Content | 29 35 |
C Violations of User Rights | 25 40 |

Internet freedom in Italy declined slightly during the coverage period. In response to a European Union (EU) regulation, Italy blocked access to Russian state-owned websites following Russia’s brutal invasion of Ukraine. Italy also lags behind some of its EU peers when it comes to overall connectivity, although it continues to invest funds in closing the digital divide. The data protection authority was active, issuing a large fine for privacy violations. However, according to some sources, the number of cyberattacks increased during the coverage period, compared to recent years.
Italy’s parliamentary system features competitive multiparty elections. Civil liberties are generally respected, but concerns persist regarding the rights of migrants and the long-term problems of organized crime and corruption.
- In March 2022, Italian internet service providers (ISPs) and telecom operators blocked access to a number of Russian state-owned websites, after the EU ordered member states to do so (see B1).
- The Italian Data Protection Authority (DPA) fined Clearview AI €20 million ($22.6 million) for violating the General Data Protection Regulation (GDPR) and demanded that the company delete all data related to Italian users (see C6).
- During the coverage period, the number of cyberattacks increased, after decreasing during the first year of the pandemic, according to some sources (see C8).
Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections? | 5.005 6.006 |
Italy has relatively low internet penetration rates compared to the rest of the EU. According to June 2021 data from the EU’s Digital Economy and Society Index (DESI), 90.5 percent of households have access to the internet.1 Italy’s fixed-broadband penetration rate is 31.1 percent and its mobile broadband penetration rate is 95.5 percent.2 The percent of households covered by fourth-generation (4G) mobile broadband is 99.9 percent.3
Several factors have contributed to Italy’s relatively low overall penetration rates, including infrastructural limitations. According to the EU’s 2021 DESI, Very High Capacity Network Coverage (VHCN) connections were only available to 34 percent of households in 2021.4 The country ranks above the EU average on fifth-generation (5G) readiness, with 60 percent of the total harmonized 5G spectrum assigned for deployment.5
Italy’s Digital Agenda initiative, based on the Europe 2020 Digital Agenda, aimed to expand broadband access and e-government functions.6 A 2016 government decree reduced the costs for laying cables and established the Networks Register for Infrastructure (SINFI), a dedicated instrument for implementing broadband strategy, managed by the Ministry of Economic Development.7
In 2016, a “digital transformation team” was created to lead the technological modernization of Italian public administration, among other goals.8 Before its mandate ended in 2019, the team issued a Three-Year Plan for Information Technology in the Public Administration.9
In September 2020, the government announced the creation of AccessCo, a new entity responsible for the management of broadband infrastructure in Italy. Previously, the infrastructure was managed separately by Telecom Italia (TIM) and Open Fiber, a telecommunications provider. In forming AccessCo, the two companies seek to establish a single high-speed broadband network in the country. The deal was approved by Cassa Depositi e Prestiti—an investment firm controlled by the Ministry of Economy and Finance that owns 9.7 percent of TIM and 50 percent of Open Fiber—and energy company Enel, which owns the other 50 percent of Open Fiber. As part of the deal, TIM must form a new company, FiberCop, to manage the network with Open Fiber.10 In February 2022, FiberCop was greenlit by the Authority for Communications Guarantees (AGCOM), the primary telecommunications regulator (see A4).11
According to Ookla’s Speedtest, the median fixed broadband download speed in May 2022 was 53.9 Mbps, while the median mobile broadband speed was 38.5 Mbps.12
- 1European Union, “Households with access to the internet at home,” “The Digital Economy and Society Index (DESI 2021),” accessed September 2022; https://bit.ly/3LVEngY.
- 2European Commission, “Fixed Broadband take-up (penetration rate),” “The Digital Economy and Society Index (DESI 2021),” accessed September 2022; https://bit.ly/3rkMgTC; European Commission, “Mobile Broadband take-up (penetration rate),” “The Digital Economy and Society Index (DESI 2021),” accessed September 2022; https://bit.ly/3Svznlx.
- 3European Commission, “4G Mobile Broadband Coverage,” “The Digital Economy and Society Index (DESI 2021),” accessed September 2022; https://bit.ly/3fvyAm6.
- 4European Commission, “The Digital Economy and Society Index (DESI 2021) — Countries' performance in digitisation” 2021, p. 10, https://digital-strategy.ec.europa.eu/en/policies/countries-digitisatio…
- 5European Commission, “The Digital Economy and Society Index (DESI 2021) — Countries' performance in digitisation” 2021, p. 10, https://digital-strategy.ec.europa.eu/en/policies/countries-digitisatio…
- 6Official Gazette of the Italian Republic, “Gazzetta Ufficiale Della Repubblica Italiana,” October 2012, https://www.gazzettaufficiale.it/moduli/DL_181012_179.pdf; See also: Agency for Digital Italy, “Agenzia per l’Italia Digitale,” “Strategy and Regulatory Framework [Strategia e Quadro Normativo],” https://www.agid.gov.it/it/agenzia/strategia-quadro-normativo
- 7Legislative decree of February 15, 2016, N. 33, https://www.normattiva.it/uri-res/N2Ls?urn:nir:stato:decreto.legislativ…
- 8Diego Piacentini, “Towards the new ‘operating system’ of the country,” Medium, December 21, 2016 https://medium.com/team-per-la-trasformazione-digitale/new-operating-sy…
- 9Agency for Digital Italy, “Three-year Plan 2019-2021 [Piano Triennale 2020-2022],” December 12, 2019, https://www.agid.gov.it/it/agenzia/piano-triennale
- 10“Perché si riparla di ‘rete unica’,” IlPost.it, September 1, 2020, https://www.ilpost.it/2020/09/01/rete-unica-tim-cassa-depositi-e-presti…
- 11Banda ultralarga, disco verde dall’Antitrust a Fibercop: “Garantita la concorrenza,” Corriere Comunicazioni, February 23, 2022, https://www.corrierecomunicazioni.it/telco/banda-ultralarga/banda-ultra….
- 12Speedtest, “Italy’s Mobile and Fixed Broadband Internet Speeds,” accessed September 2022, https://www.speedtest.net/global-index/italy.
Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons? | 2.002 3.003 |
Internet connections are relatively affordable. According to the International Telecommunications Union (ITU), the cheapest fixed broadband plan that provides at least 5 gigabytes (GB) of monthly high-speed data costs 1.3 percent of gross national income (GNI) per capita, while the cheapest plan providing at least 2 GB of high-speed mobile data cost 0.4 percent of GNI per capita.1
Significant geographical differences in internet penetration persist across the country, with southern regions such as Calabria lagging behind. An ambitious infrastructure plan called Growth 2.0 was launched in 2012 to close the digital divide between areas that are served by high-speed connections and those that are not, but the plan was plagued by delays.2 In May 2019, a new initiative was launched to raise digital literacy and increase skills in emerging technologies. Called Repubblica Digitale,3 it aims to reduce various aspects of the digital divide by 2025.
As part of Italy’s Recovery and Resilience Plan (RRP), also referred to as “Italia Domani” (“Italy Tomorrow”), the government will further invest in connectivity and digitization. In early 2022, approximately €350 million ($396 million) were made available under the scheme to fund projects for digital innovation and transition.4 Overall, 27 percent of the total €191.5 billion ($216.9 billion) allocated under the RRP will be dedicated to digital innovation and transformation.5 The "Italia a 1 Giga” program, which is a component of the broader plan, aims to provide one gigabit per second (Gbps) in download speed and 200 Mbps in upload speed to areas where fast broadband coverage is unavailable.
- 1International Telecommunication Union, “ICT Prices,” accessed September 2022, https://www.itu.int/en/ITU-D/Statistics/Pages/ICTprices/default.aspx
- 2Federica Meta, “Digital agenda, the Chamber accuses: "Scary delays" [Agenda Digitale, la Camera Accusa: “Ritardi Paurosi],” Network Digital 360, March 14, 2014, https://www.corrierecomunicazioni.it/telco/agenda-digitale-la-camera-ac…
- 3Gabriele Porro, “Italy Enters the European Campaign Against the Digital Divide [L'Italia entra nella campagna europea contro il digital divide],” Wired, April 8, 2020, https://www.wired.it/internet/web/2020/04/08/italia-digital-divide/; https://innovazione.gov.it/it/repubblica-digitale/
- 4Ministro per l’innovazione tecnologica e la transizione digitale. “Nasce il Fondo per la Repubblica Digitale,” January 29, 2022, https://innovazione.gov.it/notizie/comunicati-stampa/nasce-il-fondo-per….
- 5Ministro per l'innovazione tecnologica e la transizione digitale. “Italia Digitale 2026,” accessed September 2022, https://innovazione.gov.it/italia-digitale-2026/
Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity? | 6.006 6.006 |
The government does not impose restrictions on connectivity, nor does it centralize control over information and communication technology (ICT) infrastructure.
TIM has continued the process of “externalizing” its infrastructure since 2013 to provide fair access to competitors as required by EU legislation,1 though it was unclear during the coverage period exactly how far the effort had progressed. TIM was privatized in 1997, and Cassa Depositi e Prestiti holds only a 9 percent stake in the company.2 However, under a 2012 decree-law, the state enjoys special supervisory authority, or “golden power,” over TIM and other companies in strategic sectors of the economy.3
In 2019, the government approved a decree-law allowing the state to use its “golden power” to veto the purchase and deployment of 5G technology provided by Chinese companies.4
- 1Telecom Italia, “Telecom Italia: CDA approva il progetto di societarizzazione della rete di accesso,” May 30, 2013, https://www.telecomitalia.com/tit/it/archivio/media/comunicati-stampa/t…
- 2Telecom Italia, “Struttura azionaria [Shareholder Structure],” last updated July 4, 2019, https://web.archive.org/web/20190704134604/https://www.telecomitalia.co…
- 3Alessandro Piermanni, “Italy: From 'golden share' to 'golden powers',” DLA Piper, July 12, 2015, https://www.dlapiper.com/en/us/insights/publications/2012/07/italy-from…
- 4Luca Zorloni, “5G, how Italy's "shield" works on technologies made in China, [5G, come funziona lo “scudo” dell’Italia sulle technologie made in China]” Wired, March 26, 2019, https://www.wired.it/internet/tlc/2019/03/26/5g-golden-power-cina/?refr…
Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers? | 5.005 6.006 |
Access to the internet for private users is offered by a range of ISPs, all of which must be authorized by the Ministry of Economic Development.1 As of June 2021, TIM had the largest share (44.1 percent) of the fixed-line market, followed by Vodafone (15.9 percent), Fastweb (14.5 percent), Wind Tre (14 percent), and others.2
TIM, Vodafone, Wind Tre, and Iliad are the major mobile service providers,3 and all of them operate third-generation (3G) and 4G networks.4 Iliad, a French company, entered the Italian mobile market in May 2018, offering a low-cost option for consumers.5 Later in 2018, Kena Mobile,6 operated by TIM, and Ho. Mobile, managed by Vodafone, entered the low-cost mobile market to compete with Iliad.7 In the prepaid market, Wind Tre has 27.5 percent, TIM 23.7 percent, and Vodafone 22.5 percent, followed by Iliad at 11.4 percent and other operators with smaller shares.8
In January 2020, Fastweb, TIM, Vodafone, and Wind Tre were fined a total of €228 million ($258 million)9 by the Italian Competition Authority (AGCM).10 However, in July 2021, the fines against the companies were annulled by the Regional Administrative Court of Lazio because AGCM allegedly failed to provide sufficient evidence to justify its claim that operators acted in coordination.11 In February 2018, the police and authorities from the agency had searched the offices of the four providers, and of the industry lobbying firm Asstel12 Regulators suspected that the companies had overcharged their clients by billing them for their services every four weeks instead of once a month. In late 2017, parliament13 This law followed a March 2017 regulation by the Authority for Communications Guarantees (AGCOM), the primary telecommunications regulator, that required fixed-line providers to move to monthly billing. Several companies, including Vodafone, Fastweb, and Wind Tre, were fined by the Authority for Communications Guarantees (AGCOM).14
In March 2020, AGCM fined TIM €116 million ($131 million) for abusing its dominant market position by “obstructing the entrance of rivals” into the ultrafast broadband market. The fine concerned TIM’s 2018 claim that it would not provide broadband to cities and towns where it could not ensure a return on the investment, which led Rome to provide state-subsidized tenders. Then, after losing out in a bid to Open Net, TIM reneged on its earlier claim and agreed to provide broadband to rural areas without a state subsidy.15
In December 2020, AGCM launched an investigation into TIM-owned FiberCop, which manages the development of fiber communication networks projects, and its potential investors (see A1).16 In February 2022, the FiberCop initiative received final approval from AGCOM after the closure of the investigation in 2021.17
- 1The Law Reviews, “The Technology, Media and Telecommunications Review Edition 10 – Italy,” December 2019, https://thelawreviews.co.uk/edition/the-technology-media-and-telecommun…
- 2AGCOM, “Communication Markets Monitoring System n. 3,” 2021,https://www.agcom.it/documents/10179/5403671/Allegato+28-10-2021/449b29….
- 3AGCOM, “Communication Markets Monitoring System n. 3,” 2021,https://www.agcom.it/documents/10179/5403671/Allegato+28-10-2021/449b29…
- 4Open Signal, “Italy Mobile Network Experience Report,” May 2019, https://www.opensignal.com/reports/2019/05/italy/mobile-network-experie…
- 5Agnieszka Flak, Gwénaëlle Barzic, “France's Iliad ventures into Italy with low-price mobile offer,” Reuters, May 29, 2018, https://www.reuters.com/article/us-iliad-italy-italy/frances-iliad-vent…
- 6Lorenzo Longhitano, “Iliad against all, here are the low cost rates that others offer [Iliad contro tutti, ecco le tariffe low cost che offrono gli altri],” Wired, June 11, 2018, https://www.wired.it/economia/business/2018/06/11/iliad-offerte-tariffe…
- 7Antonio Carnevale, “Low cost telephony, Vodafone answers Iliad: Ho arrives [Telefonia low cost, Vodafone risponde a Iliad: arriva Ho],” Wired, June 22, 2018 https://www.wired.it/internet/tlc/2018/06/22/ho-vodafone-iliad-low-cost/
- 8AGCOM, “Communication Markets Monitoring System n. 3” 2021https://www.agcom.it/documents/10179/5403671/Allegato+28-10-2021/449b29….
- 9All currency conversions are calculated using Oanda’s Currency Converter, and the exchange rate is from December 1, 2020, the midpoint of this coverage period.
- 10Alessandro Longo, “28-day bills, €228 Million Antitrust fine to Companies [Bollette a 28 giorni, multa dell'Antitrust da 228 milioni di euro alle compagnie],” La Repubblica, January 31, 2020 https://www.repubblica.it/economia/2020/01/31/news/bollette_a_28_giorni…
- 11Yanitsa Boyadzhieva, “Italian court overturns €230M fines over telecom billing,” Mobile Word Live, July 13, 2021, https://www.mobileworldlive.com/featured-content/top-three/italian-cour…
- 12Daniele Lepido, Chiara Albanese, “Italy Regulator Searched Phone Carriers in Antitrust Probe,” Bloomberg News, February 15, 2018, https://www.bloomberg.com/news/articles/2018-02-15/italy-regulator-sear…
- 13“Bill invoicing, what the law provides [Fatturazione bollette, cosa prevede la legge],” Rai News, February 15, 2018, http://www.rainews.it/dl/rainews/articoli/Fatturazione-bollette-cosa-pr…
- 14“The never-ending story of bills every four weeks [La storia infinita delle bollette ogni quattro settimane],” Il Post, January 6, 2018, https://www.ilpost.it/2018/01/06/rimborsi-bollette-quattro-settimane-le…
- 15Reuters, “Telecom Italia fined 116 million euros for broadband market abuse,” Reuters, March 6, 2020, https://www.reuters.com/article/us-telecom-it-antitrust/telecom-italia-…
- 16Autorità Garante della Concorrenza e del Mercato, “I850 - ICA: investigation launched into contracts for the establishment of FiberCop,” December 21, 2020, https://en.agcm.it/en/media/press-releases/2020/12/I850.
- 17Banda ultralarga, disco verde dall’Antitrust a Fibercop: “Garantita la concorrenza,” Corriere Comunicazioni, February 23, 2022, https://www.corrierecomunicazioni.it/telco/banda-ultralarga/banda-ultra….
Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner? | 3.003 4.004 |
The main regulatory body for telecommunications is AGCOM, an independent agency that is accountable to parliament. Its responsibilities also include protecting intellectual property rights, regulating advertisements, and overseeing public broadcasting. The parliamentary majority appoints AGCOM’s president.
Another important player governing the ICT sector is the Data Protection Authority (DPA). Established in 1997, it is tasked with supervising compliance with data protection laws by both governmental and nongovernmental entities. It also has the authority to ban or block “processing operations that are liable to cause serious harm to individuals.”1 It is generally viewed as professional and fair in carrying out its duties. The DPA is the supervisory authority responsible for monitoring application of the EU’s General Data Protection Regulation (GDPR) in Italy, and between May 2018 and March 2020 it actively managed more than 17,000 GDPR complaints and reports.2
- 1Garante Per La Protezione Dei Dati Personali, “The Italian Data Protection Authority: Who We Are,” November 17, 2009, https://www.garanteprivacy.it/web/guest/home_en/who_we_are
- 2Garante Per La Protezione Dei Dati Personali, “EU REGULATION – The Application budget from 25 May 2018 to 31 March 2020 [REGOLAMENTO UE - Il bilancio di applicazione dal 25 maggio 2018 al 31 marzo 2020],” April 14, 2020, https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/do…
Does the state block or filter, or compel service providers to block or filter, internet content, particularly material that is protected by international human rights standards? | 4.004 6.006 |
Score Change: The score declined from 5 to 4 to reflect the government’s implementation of a European Union regulation ordering member states to block the websites of RT and Sputnik, as well as their local subsidiaries.
Italy does not typically block or filter content of a political, social, or religious nature; however, during the coverage period it did limit access to Russian state-owned websites in response to an EU regulation. Otherwise, all major websites and communication platforms are freely available. According to data gathered by the Open Observatory of Network Interference (OONI), Italy’s blocking and filtering of the internet is limited and is primarily implemented by means of domain name system (DNS) tampering.1
In early March 2022, following the Russian government’s brutal invasion of Ukraine, the EU Council issued Regulation 2022/350, ordering member states to “urgently suspend the broadcasting activities” of RT, Sputnik, RT France, RT Spanish, RT Germany, and RT UK within the EU and to block their websites because they “engaged in continuous and concerted propaganda actions targeted at civil society.”2 Asstel, the organization representing Italian telecom operators, confirmed that its members had promptly blocked these websites, but remained uncertain about the government agency responsible for overseeing the blocking.3 In June 2022, after the coverage period, the EU adopted a new package of sanctions, which also included directives for member states to block additional media websites: Rossiya RTR/RTR Planeta, Rossiya 24/Russia 24, and TV Centre International.4
Websites and other popular digital services are also blocked for hosting copyright-violating content. In a major intervention in February 2021, AGCOM blocked five websites that were used by millions to stream Spanish football matches illegally. The blocking came in response to a request from the Spanish La Liga football organization.5
In April 2020, the Italian Federation of Newspaper and Periodical Publishers (FIEG) urged AGCOM to restrict access to the Telegram messaging application, citing the existence of some Telegram channels that violated copyright by distributing digital copies of Italian newspapers.6 After two ensuing investigations led authorities to order 19 Telegram channels and 28 websites blocked, Telegram itself removed the relevant channels.7
One of the sites that was targeted for blocking as part of the Telegram investigation in May 2020 was that of Project Gutenberg, a prominent online distributor of public-domain e-books.8 Project Gutenberg appears on a list of websites put under investigation for the distribution of copyright-protected content published in the United States, where Project Gutenberg is based. The site remained blocked as of May 2022.9
AGCOM has issued 723 blocking orders since 2013, according to August 2019 data.10 These orders are publicly available on AGCOM’s website.11
Illegal gambling sites are frequently blocked by the Customs and Monopolies Agency (ADM), an administrative body under the Ministry of Finance, In March 2021, ADM blocked the popular content-sharing platform Medium in Italy because of posts that allegedly shared illegal gambling links. Following inquiries from the press, the block was lifted later the same day.12
Italy’s public blacklist contains over 7,000 illegal gambling websites, according to a January 2019 report from the European Commission.13 Websites hosting content related to terrorism or child sexual abuse images may also be subject to blocking. Through a June 2019 decree, the government gave the National Companies and Exchange Commission (CONSOB), the public authority responsible for regulating the Italian securities market, the mandate to order service providers to block websites offering unauthorized financial services. In September 2021, the overall number of websites blocked by the CONSOB rose to 505, the majority of which were abusive online financial and trading services.14
- 1Open Observatory of Network Interference, “Italy” https://explorer.ooni.torproject.org/country/IT
- 2“COUNCIL REGULATION (EU) 2022/350 of 1 March 2022 amending Regulation (EU) No 833/2014 concerning restrictive measures in view of Russia's actions destabilising the situation in Ukraine,” Official Journal of the European Union, Volume 65, March 2, 2022, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2022:065:F….
- 3Giovanna Faggionato. “In Italia non si riesce a fermare la propaganda del Cremlino,” Domani, March 16, 2022, https://www.editorialedomani.it/politica/propaganda-russa-italia-agcom-….
- 4Chris Dziadul, “EU bans more Russian channels,” Broadband TV News, June 9, 2022, https://www.broadbandtvnews.com/2022/06/09/eu-bans-more-russian-channel….
- 5Gabriele Buscaglia. “Liga, colpo alla pirateria in Italia: chiusi 5 siti da un milione di visite”, Calcio e Finanza, February 15. 2021, https://www.calcioefinanza.it/2021/02/15/liga-colpo-alla-pirateria-ital….
- 6IlPost.it, “The Italian Federation of Publishers has requested the suspension of Telegram [La Federazione italiana degli editori ha chiesto la sospensione di Telegram],” April 14, 2020, https://www.ilpost.it/2020/04/14/fieg-sospenione-telegram/
- 7Portolano Cavallo, “Newspaper Publishers go After Telegram, and Book Publishers Follow Suit,” June 19, 2020, https://portolano.it/en/newsletter/portolano-cavallo-inform-digital-ip/…
- 8Project Gutenberg, @gutenberg_org, “To all Italian followers/users. Please see below our CEO’s statement about some issues with some people in Italy reaching PG,” photo, May 24, 2020, https://twitter.com/gutenberg_org/status/1264512881309085702; https://blog.andreamonti.eu/?p=1764; See also: Notiziole di mau, “Italian Republic against Project Gutenberg: a case study [Repubblica Italiana contro project Gutenberg: un case study],” https://xmau.com/wp/notiziole/2020/06/04/repubblica-italiana-contro-pro…
- 9Raffaele Angius, “Because the Gutenberg Project will be seized forever [Perché il Progetto Gutenberg sarà sotto sequestro per sempre],” Wired, June 30, 2020, https://www.wired.it/internet/web/2020/06/30/progetto-gutenberg-sequest…
- 10AGCOM, https://www.agcom.it/documents/10179/16003137/Comunicato+stampa+05-08-2…
- 11AGCOM, “Measures,” https://www.agcom.it/provvedimenti-a-tutela-del-diritto-d-autore
- 12Raffaele Angius, “Perché l'Agenzia delle dogane e dei monopoli ha disposto il blocco di Medium dall'Italia,” Wired, March 3, 2021. https://www.wired.it/internet/social-network/2021/03/03/monopoli-blocco…
- 13European Union, “Evaluation of regulatory tools for enforcing online gambling rules and channeling demand towards controlled offers,” January 29, 2019, https://publications.europa.eu/en/publication-detail/-/publication/6bac…
- 14Veronica Balocco. “Trading online: cresce la black list Consob, oltre 500 i siti abusivi oscurati”, Corriere Comunicazioni, September 17, 2021, https://www.corrierecomunicazioni.it/finance/trading-online-cresce-la-b….
Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content, particularly material that is protected by international human rights standards? | 3.003 4.004 |
Authorities and courts sometimes request the removal of specific content.
In May 2021, the Supreme Court of Cassation ruled that the popular television show “Le Lene” must remove a segment allegedly defaming Roberto Burioni, a scientist and public figure. Burioni had sued Mediaset, which airs “La Lene,” for defamation, claiming reputational damages from a segment of an episode that alleged that Burioni had promoted pharmaceutical products for his own financial benefit. The May 2021 ruling upheld an earlier decision in which a court ruled in favor of Burioni and imposed the restriction of the allegedly defamatory segment on Le Lene’s website. The Supreme Court’s ruling also confirmed that a court can order the restriction of an entire journalistic piece in a defamation suit, rather than only the parts of the piece considered defamatory. Various observers have warned of the negative impact the case could have on free expression.1
According to Meta, from January to December 2021, 1,149 comments, 563 posts, and 10 pages and groups were removed from Facebook, while 504 pieces of “media” and 14 accounts were removed from Instagram based on requests originating from Italy, as well as 21 global restrictions that were externally imposed. According to Meta, 1,831 of the removals were in response to private reports of defamation, 290 were in response to valid court orders, and 91 were because items violated local law.2 Twitter’s transparency report for the period January to June 2021 lists seven requests for content removal, including one court order; Twitter complied with 57 percent of these requests. From July to December 2021, the Italian government issued eight requests, and Twitter complied with 38 percent of them.3 According to Google’s transparency report, the company received 184 content-removal requests originating from Italy between January and December 2021, including 97 for defamatory content and 47 for privacy and security reasons.4
Italian courts have ruled in favor of the so-called right to be forgotten (RTBF) established by the Court of Justice of the European Union (CJEU) in 2014. In December 2015, a civil court in Rome upheld the CJEU’s reasoning on the RTBF but rejected the plaintiff’s request, seeking to balance such a right with the right to information in the public interest.5 In a problematic move in 2016, the Supreme Court upheld a 2013 court decision ordering the removal of an article that damaged a restaurant’s reputation from a website’s archives after two years, finding that the time elapsed between the publication date and the request for removal did not satisfy the public interest.6 Google reported that, between May 2014 and the end of May 2022, the company removed some 178,500 URLs in Italy (40.7 percent of the total requested) following RTBF complaints from users.7
- 1Sarzana Fulvio, “Burioni vince su Mediaset, la Cassazione apre a sequestri di siti giornalistici,” AgendaDigitale, May 24, 2021, https://www.agendadigitale.eu/cultura-digitale/burioni-vince-su-mediase…
- 2Facebook Transparency, “Italy: Country Overview,” accessed September 2022, https://transparency.fb.com/data/content-restrictions/country/IT/.
- 3Twitter, “Transparency Report: Italy,” accessed September 2022, https://transparency.twitter.com/en/reports/countries/it.html
- 4Google, “Transparency Report: Government requests to remove content - Italy,” accessed September 2022, https://transparencyreport.google.com/government-removals/government-re….
- 5Lexology, “Right to be forgotten, right to reputation and privacy: comment to the decision No. 23771/2015 of the civil court of Rome,” April 4, 2016, https://www.lexology.com/library/detail.aspx?g=99d62f78-4eb1-4de7-8661-…
- 6Di Guido Scorza, “A ruling by the Italian Supreme Court: News do “expire”. Online archives would need to be deleted,” L’Espresso, July 1, 2016, http://espresso.repubblica.it/attualita/2016/07/01/news/a-ruling-by-the… ; See also: Athalie Matthews, “How Italian courts used the right to be forgotten to put an expiry date on news,” The Guardian, September 20, 2016, https://www.theguardian.com/media/2016/sep/20/how-italian-courts-used-t…
- 7Google, “Transparency Report Requests to delist content under European privacy law,” accessed September 2022, https://transparencyreport.google.com/eu-privacy/overview?hl=en.
Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process? | 3.003 4.004 |
Websites related to child sexual abuse images, copyright infringement, illegal gambling, and terrorism may be subject to blocking or targeted with content removal orders generally issued by the courts. An antiterrorism decree-law passed by parliament in 2015 allows the public prosecutor to order the blocking or removal of websites affiliated with terrorist groups.1 In a system similar to those used to block child sexual abuse images and illegal gambling sites, the Ministry of the Interior compiles a blacklist of terrorist websites for ISPs to block.2
A controversial resolution on online copyright enforcement enacted in 2014 enables AGCOM to issue administrative blocking orders to ISPs for specific websites that infringe on copyright, even those that only contain links for downloading copyright-protected content. The regulation also gives AGCOM the power to remove content upon review by an internal panel, but without prior judicial approval, if a copyright violation is detected.3
Debate about the 2019 EU Copyright Directive, which holds “online content sharing service providers” liable for copyright violations that take place on their platforms, was lively in Italy, where political parties expressed strong and diverging opinions. The first government headed by Prime Minister Giuseppe Conte expressed opposition to the new directive, while the Democratic Party, which formed the second Conte government favored the measure.4 In April 2021, Italy adopted a law to transpose the Copyright Directive,5 but it did not enact the law before the June 7 deadline set by the EU.6 The 2019 EU Copyright Directive was officially adopted by Italy in December 2021, under the Draghi government.7
In July 2022, The European Parliament (EP) adopted the European Union’s Digital Services Act (DSA),8 which seeks to harmonize member states’ legislation regarding illegal content and introduces transparency measures for large platforms.
In 2017, Parliament approved a new law on cyberbullying after several high-profile cases came to light.9 Minors over the age of 14 or their parents can demand that content-hosting sites remove damaging material within 48 hours.10 If no action is taken, the victims can refer their case to the DPA, which can order the damaging content to be blocked or taken down.11 Critics of the bill said it gave users too much latitude to force the removal of content from social media sites.12
Italian lawmakers and regulators have at times proposed measures allowing for the blocking or removal of “fake news” websites (see C2), but these proposals have made little progress to date.
ISPs are not generally liable for illegal third-party content, but they must inform authorities of such content should they become aware of it, and they face civil penalties if they do not comply with official requests to restrict access to it.13
- 1Library of Congress, “Italy: Updated Legislation on Fight Against Terrorism,” March 24, 2015, https://www.loc.gov/law/foreign-news/article/italy-updated-legislation-…
- 2“Italy: Anti-terrorism decree to strengthen government surveillance,” EDRi, April 22, 2015, https://edri.org/italy-anti-terrorism-decree-strengthen-government-surv…
- 3AGCOM, “Regolamento in materia di tutela del diritto d’autore sulle reti di comunicazione elettronica,” December 12, 2013, https://www.agcom.it/documents/10179/0/Documento/b0410f3a-0586-449a-aa9…; See also: European Parliament, “Subject: Internet censorship in Italy—via administrative procedure,” July 13, 2011, http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+WQ+E-2…
- 4Diego Naranjo, “EU Member States give green light for copyright censorship,” EDRi: European Digital Rights, April 15, 2019, https://edri.org/eu-member-states-give-green-light-for-copyright-censor…
- 5Daniele Monaco, “L’Italia ha recepito la direttiva europea sul copyright,” Wired Italia, April 21, 2021. https://www.wired.it/economia/business/2021/04/21/copyright-direttiva-e…
- 6Foo Yun Chee, “Commission starts legal action against 23 EU countries over copyright rules,” Reuters, July 26, 2021, https://www.reuters.com/world/europe/commission-starts-legal-action-aga….
- 7Bruno Saetta. “La Direttiva Copyright diventa legge degli Stati Europei,” Valigia Blu, March 20, 2022. https://www.valigiablu.it/direttiva-copyright-legge-stati-europei/
- 8European Parliament Legislative Observatory, "European Parliament legislative resolution of 5 July 2022 on the proposal for a regulation of the European Parliament and of the Council on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC (COM(2020)0825 – C9-0418/2020 – 2020/0361(COD)),” July 5, 2022, https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?la…).
- 9“Italy passes law to fight cyberbullying,” Reuters, May 17, 2017, http://in.reuters.com/article/italy-cyberbullying/italy-passes-law-to-f…
- 10“Cyberbullismo, sì definitivo della Camera. Ecco cosa prevede la legge,” Sky TG24, May 17, 2017, http://tg24.sky.it/politica/2017/05/17/Cyberbullismo-camera-approva-leg…
- 11Article 19, “Italy: Responding to ‘hate speech’,” 2018, https://www.article19.org/wp-content/uploads/2018/04/Italy-Responding-t…
- 12“The new law on cyberbullying [La nuova legge sul cyberbullismo],” Il Post, May 17, 2017, http://www.ilpost.it/2017/05/17/legge-cyberbullismo/
- 13The Law Reviews, “The Technology, Media and Telecommunications Edition 10 - Italy,” December 2019, https://thelawreviews.co.uk/edition/the-technology-media-and-telecommun…
Do online journalists, commentators, and ordinary users practice self-censorship? | 3.003 4.004 |
Content creators and hosts may exercise some self-censorship regarding content that could prove controversial or create friction with powerful entities or individuals. Online writers also exercise caution to avoid libel suits by public officials, whose litigation—even when unsuccessful—can take a significant financial toll. Individuals writing about the activities of organized crime in some parts of the country may be especially at risk of extralegal reprisals.
In March 2018, the magazine Famiglia Cristiana deleted an article about the seizure by Italian authorities of a Spanish nongovernmental rescue ship carrying asylum seekers, following a confrontation at sea that may have violated international law.1 After 24 hours, an altered version of the article was published online,2 and the original author withdrew his name from it. Mention of the Italian navy was dropped from the title, and descriptions of the navy’s involvement in the incident were modified.
- 1The original version of the article: Andrea Palladino, “The Accusation Against Open Arms Collapses, But Behind The Libyans Is The Italian Navy,” Famiglia Cristiana, March 27, 2018, https://www.famigliacristiana.it/articolo/il-presidente-di-open-arms-st…
- 2The new version of the article: “The Accusation Against Open Arms Collapses, And A Parliamentary Question Speaks Of ‘Masked Rejections’ [Crolla L’accusa a Open Arms, e Un’interrogazione Parlamentare Parla di ‘Respingimenti Mascherati’],” Famiglia Cristiana, March 27, 2018, http://www.famigliacristiana.it/articolo/cosi-crolla-l-accusa-a-open-ar…
Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest? | 3.003 4.004 |
Manipulated online content was prevalent in Italy during the COVID-19 pandemic and also following the Russian invasion of Ukraine. In recent years political parties have also engaged in online manipulation surrounding elections.
The Russian invasion of Ukraine led to a wave of foreign disinformation and misinformation campaigns targeting the Italian public. In April 2022, Italian fact-checking organization Facta reported on a network of at least five Facebook pages with around 40,000 followers supporting Vladimir Putin and echoing Russian disinformation.1 According to figures published by daily La Repubblica, around 50 Facebook profiles were removed in Italy for spreading Russian disinformation.2 In May 2022, the Italian parliament’s security committee opened a probe into pro-Putin disinformation being spread through news outlets.3
Additionally, a September 2022 Meta report noted that a Russian influence operation used “false media sites” mimicking those of prominent publications in the European Union, to target users in Italy and the European Union with Russian propaganda. The campaign spent around $100,000 on advertisements and sponsored pages spread narratives about the potential energy crisis in Europe and claimed that war crimes committed by the Russian military in Ukraine, which have been documented by rights groups, did not happen. Ultimately, the network had little influence within the European Union.4
Newsguard’s Coronavirus Disinformation monitoring center5 found that 41 websites—including conspiratorial blogs, alternative websites, and popular news outlets—published COVID-19 disinformation in Italy as of September 2021. Among the outlets were right-wing daily La Verità and Il Primato Nazionale, a website with ties to the neofascist CasaPound movement. An investigation by online magazine Formiche found that the Chinese government and its proxies played a key role in spreading manipulated information about COVID-19 in Italian on Twitter in March 2020, using the hashtags #forzaCinaelItalia (”go China and Italy”) and #grazieChina (”thank you China”).6
In May 2019, ahead of that month’s EU parliamentary elections, a Facebook spokesperson in Italy said the platform had removed a number of accounts or pages for violating policies on authenticity, name changes, and spreading incorrect information.7 This decision followed an investigation by the activist group Avaaz, which said Facebook had removed 23 accounts with a total of 2.46 million followers. According to Avaaz, more than half of the closed accounts supported either the Five Star Movement or Lega, the two parties that governed the country in coalition from June 2018 to September 2019.
In January 2018, then–interior minister Marco Minniti announced a new Postal Police initiative to fight the spread of fake news.8 The project, named Red Button, offered citizens the opportunity to report suspected fake news using a portal on the police’s website. The National Anticrime Information Center for Critical Infrastructure Protection (CNAIPIC) was tasked with analyzing the reported content. The government later confirmed that the initiative concluded within a few days of Italy’s March 2018 elections.9 According to Wired, published responses to citizens’ reports were generally vague, short, and not released in a timely manner.10
- 1Simone Fontanta. “Dentro i gruppi Facebook italiani che amano Putin e fanno disinformazione sulla Guerra,” Facta, April 2022, https://facta.news/storie/2022/04/14/dentro-i-gruppi-facebook-italiani-….
- 2Giuliano Foschini e Giovanna Vitale. “La propaganda russa riattiva i canali social, Facebook blocca 50 profili,” La Repubblica, March 1, 2022, https://www.repubblica.it/politica/2022/03/01/news/propaganda_russa_can….
- 3Hannah Roberts, “Infowars: Putin’s propaganda permeates Italian media,” Politico Europe May 20, 2022, https://www.politico.eu/article/infowars-russia-vladimir-putin-propagan….
- 4Mark Scott, “Grotesque’ Russian disinfo campaign mimics Western news websites to sow dissent,” Politico, September 27, 2022, https://www.politico.eu/article/russia-influence-ukraine-fake-news/.
- 5”Centro di monitoraggio della disinformazione sul Coronavirus,” NewsGuard, accessed September 13, 2021, https://www.newsguardtech.com/it/coronavirus-misinformation-tracking-ce…
- 6Francesco Bechis, Gabriele Carrer, “How China unleashed Twitter bots to spread COVID-19 propaganda in Italy,” 2020, https://formiche.net/2020/03/china-unleashed-twitter-bots-covid19-propa…
- 7Valentina Za, “Facebook takes down fake Italian accounts ahead of EU elections,” Reuters, May 12, 2019, https://www.reuters.com/article/us-facebook-italy/facebook-takes-down-f…
- 8Polizia di Stato, “Fake news: from today you can report them to the police [Fake news: da oggi puoi segnalarle alla Polizia],” January 18, 2018, http://www.poliziadistato.it/articolo/155a6077fdb05e3865595940
- 9United Nations Human Rights, Office of the High Commissioner, “Italy’s Remarks Following Communication From UN Special Rapporteur On The Promotion And Protection Of The Right To Freedom Of Opinion And Expression On The Red Button Protocol,” May 2018, http://www.ohchr.org/Documents/Issues/Opinion/Legislation/ItalyReplyMay…
- 10Gianluca Dotti, “How is the Postal Police Service against fake news going? [Come sta andando il servizio della Polizia postale contro le fake news],” Wired Italia, February 20, 2018, https://www.wired.it/attualita/media/2018/02/20/polizia-postale-fake-ne…
Are there economic or regulatory constraints that negatively affect users’ ability to publish content online? | 3.003 3.003 |
In practice, Italians do not face special economic or regulatory obstacles to publishing content online.
Italy’s Declaration of Internet Rights (see C1) expresses the country’s commitment to the net neutrality principle. However, the declaration is nonbinding, and net neutrality is not enshrined in national law, though a 2015 EU-level regulation empowers AGCOM to supervise and enforce the principle.1
- 1AGCOM, “Open Internet - Net Neutrality,” https://www.agcom.it/internet-aperta_net-neutrality
Does the online information landscape lack diversity and reliability? | 4.004 4.004 |
The online information landscape in Italy is diverse, representative, and relatively unrestricted.
In more recent years, social media platforms have become a more popular forum for online expression. Facebook, YouTube and Instagram in particular are among the most-visited websites in the country.1 Twitter is particularly popular among journalists and politicians.
Misinformation related to the COVID-19 virus was prevalent in the online environment. For example, In December 2020, Facta published a report about the state of online dis- and misinformation in Italy.2 The report identified a network of Facebook pages originally created for sharing nonpolitical content that played a major role in spreading COVID-19 misinformation, reaching over two million users. The report also identified a Twitter network that included politicians and bloggers and circulated COVID-19 dis- and misinformation on the platform.
Observers have also frequently raised the problem of inadequate or flawed representation of immigrants, migrants, and refugees in media coverage as well as in newsrooms. A January 2020 report by Voci Globali,3 the Italian chapter of Global Voices, noted that despite the central place that migration has in the public and social debate in the country, foreign-born journalists are still very rare in Italian newsrooms. Such journalists often create forms of alternative journalism that find space online or work in what are called “ethnic media.” The latter, while important, could potentially lead to isolation from the mainstream debate.4
- 1Alexa, “Top Sites in Italy,” accessed June 2021, https://www.alexa.com/topsites/countries/IT; See also: SimilarWeb, “Top sites ranking for all categories in Italy,” August 1, 2020, https://www.similarweb.com/top-websites/italy, accessed April 9, 2021, https://www.semrush.com/website/top/italy/all/
- 2Facta. “Chi ha diffuso la disinformazione in Italia nel 2020?”, Facta, December 29, 2020. https://facta.news/storie/2020/12/29/chi-ha-diffuso-la-disinformazione-…
- 3Silvia Godano, “Media and diversity, in Itality editorial offices without foreign journalists [Media e diversità, in Italia redazioni prive di giornalisti stranieri],” Voci Globali, September 15, 2020, https://vociglobali.it/2020/01/29/media-e-diversita-in-italia-redazioni…
- 4Silvia Godano, “Media and diversity, in Itality editorial offices without foreign journalists [Media e diversità, in Italia redazioni prive di giornalisti stranieri],” Voci Globali, September 15, 2020, https://vociglobali.it/2020/01/29/media-e-diversita-in-italia-redazioni…
Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues? | 6.006 6.006 |
In Italy, social media platforms, especially Facebook, have emerged as crucial tools for organizing protests and other mass gatherings such as parties or political rallies. There are no restrictions on their use.
In the spring of 2021, a social media campaign emerged around a new bill to establish penalties for discrimination on the basis of sexual orientation and gender identity, commonly referred to as “ddl Zan” (the Zan bill) in reference to Alessandro Zan, the parliamentarian and LGBT+ activist who introduced the bill. As activists denounced the bill’s slow progress in parliament, the magazine Vanity Fair Italy asked people to share photos on social media of the slogan “DDL ZAN” written on a hand, along with the hashtag #diamociunamano (#LetsGiveEachOtherAHand).1 Many celebrities joined the campaign, which became widely popular on social media.
In November 2020, civil society, activists, and media organizations joined forces for the #datibenecomune (#DataForTheCommonGood) campaign, pressuring Italian institutions to release all pandemic-related data in open and machine-readable formats and advocating for greater transparency. The campaign was launched by the open data group OnData and the corresponding Change.org petition gathered over 50,000 signatures. Over 170 organizations joined the campaign, including ActionAid, Transparency International, and Wikimedia.2
- 1“Vanity Fair scende in campo in favore del ddl Zan,” Wired Italy, April 14, 2021, https://www.wired.it/attualita/media/2021/04/14/vanity-fair-copertina-d…
- 2“Data for the Common Good,” accessed March 2021, https://www.datibenecomune.it/
Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence? | 4.004 6.006 |
Italy is a signatory to the European Convention on Human Rights and other relevant international treaties, and its constitutional guarantees regarding freedoms of speech and the press, as well as the confidentiality of correspondence,1 are supported by an independent judiciary. Italy became the first European country to adopt a crowdsourced Declaration of Internet Rights in July 2015.2 The nonbinding document includes provisions that promote net neutrality and establish internet access as a fundamental right. While generally seen as a positive development, the text has also raised some criticism for failing to outline adequate protections for anonymity, encryption, and data retention.3
Some restrictions on journalism, including online journalism, that are uncommon in other EU member states remain in place in Italy. Drawing on a 1948 law against the “clandestine press,” a regulation issued in 2001 holds that anyone providing a news service must be a “chartered” journalist with the Communication Workers’ Registry (ROC) and hold membership in the Italian National Press Federation.4 With the exception of one case from the late 2000s, these rules have generally not been applied to bloggers, and in practice thousands of blogs are published in Italy without repercussions.
Italy approved a Freedom of Information Act (FOIA) only in 2016, recognizing the right to access data and documents from public administrations.5 Journalists in the country increasingly use the law to conduct investigations. According to Transparency International Italia, which assists Italian journalists in submitting FOIA requests, 75 percent of the requests submitted through their service in 2019 facilitated the release of relevant information and documents.6
Two March 2020 decrees, passed early in the COVID-19 pandemic, suspended FOIA requests and all nonurgent “administrative proceedings” until mid-April. In May 2020, FOIA request processing was resumed.7
- 1Senate of the Republic, “Constitution of the Italian Republic,” http://www.senato.it/documenti/repository/istituzione/costituzione_ingl…
- 2Chamber of Deputies, “Declaration of Internet Rights,” http://www.camera.it/application/xmanager/projects/leg17/commissione_in…
- 3Elisabetta Ferrari, “Italy Issues A Declaration Of Internet Rights – Now Let’s Improve It,” Center For Global Communication Studies, August 4, 2015 https://global.asc.upenn.edu/italy-issues-a-declaration-of-internet-rig…
- 4Diritto Tecnologia Informazione, “New rules on publishing and editorial products and amendments to Law no. 416 [Nuove norme sull’editoria e sui prodotti editoriali e modifiche alla legge 5 agosto],” March 7, 2001, https://www.camera.it/parlam/leggi/01062l.htm
- 5Ministro per la Pubblica Amministrazione, “FOIA: Freedom of Information Act,” August 7, 2015, http://www.funzionepubblica.gov.it/foia-7
- 6Transparency International Italia, “Foia4Journalists: tutti i dati del 2019,” accessed June 2021, https://www.transparency.it/informati/news/foia4journalists-tutti-i-dat…
- 7Transparency International Italia, “Sospensione del diritto d’accesso alle informazioni. Chiediamo che il diritto sia tutelato”, https://transparency.it/informati/news/sospensione-del-diritto-d-access…
Are there laws that assign criminal penalties or civil liability for online activities, particularly those that are protected under international human rights standards? | 2.002 4.004 |
Several laws present a threat to internet freedom in the country. A 2015 antiterrorism law expanded language in the criminal code on terrorist recruitment, as well as the endorsement or incitement of terrorism, to include online activities.1 Critics argued that the law could be applied broadly and would sanction legitimate instances of free expression that fall within international norms on protected speech.2
Defamation is a criminal offense in Italy. According to the criminal code, “aggravated defamation” is punishable by prison terms ranging from six months to three years and a minimum fine of €516 ($584). In cases of libel through the press, television, or other public means, there is no prescribed maximum fine.3 Though these criminal provisions are rarely applied, civil libel suits against journalists, including by public officials and politicians, are a common occurrence, and the financial burden of lengthy legal proceedings may have chilling effects on reporters and their editors.4
- 1“Italy: Anti-terrorism decree to strengthen government surveillance,” EDRi: European Digital Rights, April 22, 2015, https://edri.org/italy-anti-terrorism-decree-strengthen-government-surv…
- 2“The amendment on computers has been removed from the anti-terrorism decree [Tolto dal decreto antiterrorismo l’emendamento sui computer],” Internazionale, March 26, 2015, https://www.internazionale.it/notizie/2015/03/26/antiterrorismo-decreto…
- 3Organization for Security and Cooperation in Europe Representative on Freedom of the Media, “Libel and Insult Laws: A matrix on where we stand and what we would like to achieve,” March 9, 2005, http://www.osce.org/fom/41958
- 4United Nations, Human Rights Committee, “Concluding observations on the sixth periodic report of Italy,” March 2017, http://tbinternet.ohchr.org/_layouts/treatybodyexternal/Download.aspx?s…
Are individuals penalized for online activities, particularly those that are protected under international human rights standards? | 5.005 6.006 |
Defamation suits against journalists, including those operating online, remain common. Drawn-out legal proceedings, whatever their result, can entail serious financial costs for defendants. Ossigeno per l’Informazione, an organization that tracks threats to journalists in Italy, has reported hundreds of “frivolous defamation suits” against media defendants since 2011, including cases about online media. The organization’s most recent report notes that in 2021, 384 journalists were subject to different forms of threats, 48 percent of which were defamation suits.1
According to a survey from the Italian National Institute of Statistics presented in October 2019, some 70 percent of all libel cases against journalists between 2011 and 2016 did not lead to a full investigation, a sign of the frivolous grounds of most of these complaints. However, overall convictions for defamation, whether or not the defendants were journalists, rose from 182 in 2014 to 435 in 2017, and the number of prison sentences imposed for the offense, most of them between three and six months, rose from 35 in 2014 to 64 in 2017.2 In a representative incident reported in April 2019, the online news outlet Estense was presented with a €100,000 ($113,000) lawsuit by a regional Lega politician after publishing a story in which interviewees accused the plaintiff of stopping suspected immigrants and asking for their residency papers.3
- 1Ossigeno per l’Informazione, “In Italia 384 giornalisti minacciati nel 2021. Ossigeno aggiorna I dati di dicembre,” May 3, 2022, https://www.ossigeno.info/in-italia-384-giornalisti-minacciati-nel-2021…
- 2Prima Online, “Defamation lawsuits against journalists doubled in 5 uears. Ossigeno: Intimidation Impunity rate is 96.7% [Querele per diffamazione contro giornalisti raddoppiate i 5 anni. Ossigeno: tasso impunità intimidazioni è 96,7%],” October 26, 2019, https://www.primaonline.it/2019/10/26/296460/querele-per-diffamazione-c…
- 3Ossigeno per l'informazione, “Judge decides on Lega lawsuit at Estense.com [Guidice decide su Querela lega a Estense.com],” April 2, 2019, https://www.ossigeno.info/giudice-decide-su-querela-lega-a-estense-com/
Does the government place restrictions on anonymous communication or encryption? | 3.003 4.004 |
The government places few restrictions on anonymous communication or encryption. Italian law does require mobile service providers to obtain customers’ personal and identification data in order to register a SIM card, citing counterterrorism purposes.1
In the past, lawmakers have attempted to propose laws that would require users to present identification to sign up for social media accounts, but they have not gained traction.2
- 1Italian Parliament, "Conversion into law, with amendments, of Decree-Law no. 144 of 27 July 2005, containing urgent measures to combat international terrorism," July 31, 2005, https://www.camera.it/parlam/leggi/05155l.htm
- 2Luigi Marattin, @marattin, “lo penso abbia ragione, e lavorerò in parlamento per questo. Chi mi aiuta?,” Retweet of @GabrieleMuccino Tweet, October 28, 2019, https://twitter.com/marattin/status/1188911950132064259?ref_src=twsrc%5…; “Forza Italia: The use of the tax code is mandatory against trolls on social networks [Forza Italia: the use of the tax code is mandatory against trolls on social networks],” La Stampa, May 5, 2019, https://www.lastampa.it/2019/05/05/tecnologia/forza-italia-contro-i-tro….
Does state surveillance of internet activities infringe on users’ right to privacy? | 3.003 6.006 |
Italian courts and lawmakers have sought in recent years to better define the legal boundaries of state surveillance, whether for law enforcement, intelligence, or public health purposes, with mixed success.
In April 2021, the DPA criticized a government decree to implement the EU-wide domestic vaccine passport, known as the “green pass.” The DPA said that the Italian government’s implementation was not provided for under Italian law, did not sufficiently disclose the purposes of the collection of Italians’ health data, and failed to adequately minimize the data collected.1 In June, the DPA stated that its criticisms had been sufficiently addressed by the Ministry of Health.2
In June 2020, officials introduced an open-source COVID-19 contact-tracing mobile app known as Immuni (the immune ones), which had been selected after a March 2020 open call coordinated by the ministers of health and innovation and the National Institute of Health (ISS).3 After originally planning to have the app store information externally in a government-managed database, Bending Spoons, the company that developed Immuni, later switched to a decentralized model, but there was also a lack of clarity as to whether the app would be mandatory.4 The government-led process for selecting the app was frequently criticized for a lack of transparency.5
An anticorruption law approved in February 2020 included provisions and a further decree that extend the authorized use of trojans, a type of malicious software, to investigations of crimes against the public administration committed by public officials, if the crimes are punishable with at least five years of imprisonment. In addition, the changes allow for the interception to take place at “the target’s private home,” even if a crime is not occurring at the moment, as long as it has been authorized.6
Authorities are widely perceived to be engaged in regular wiretapping, and the news media often publicizes wiretap information that is leaked to them.
In April 2021, the newspaper Domani reported that prosecutors and other officials in Trapani, a Sicilian city, had wiretapped journalists’ phone calls with sea rescue NGOs.7 The officials were investigating the NGOs for their alleged involvement in human trafficking. Authorities later exposed the journalists’ sources. As subsequently reported by the Guardian, the recorded conversations included information about travel itineraries and a conversation between a reporter and her lawyer. The officials also used geolocation data to track the journalists.8
A new wiretapping law came into effect in September 2020, implementing Decree Law 161 of 2019. 9 According to Wired, the new law “[restructures] the management of intercepted data and, above all, expands the categories of crime for which computer detectors can be used.”10 The law includes some privacy safeguards; for example, companies that supply these surveillance systems are compelled to use encrypted systems and securely delete files, according to journalist Carola Frediani.11 However, there are concerns that these safeguards will be applied inconsistently.12 MPs also raised concerns about the broadening of wiretaps in March 2021, during the discussion of a bill to establish expenses and quality standards related to wiretapping, which includes the storage and management of sensitive data by companies.13
The use of hacking by Italian law enforcement agencies has been documented, and in May 2017, the UN Human Rights Committee raised concerns that intelligence agencies can intercept personal communications with limited safeguards.14 In July 2016, however, the Supreme Court had ruled that hacking by law enforcement authorities under certain circumstances was constitutional and in accordance with human rights law.15
Lawmakers have made several attempts to regulate hacking in recent years.16 A criminal justice reform law approved in June 2017 calls on the government to regulate hacking for the purpose of criminal investigations.17 Organizations such as Privacy International have contended that the law fails to meet the standard of legality, necessity, and proportionality, and does not establish sufficient minimization procedures, effective oversight, or safeguards from abuse.18 Another proposal known as the Trojan Bill sought to establish a more robust system for authorizing remote and covert hacking.19 The bill was ultimately withdrawn in the aftermath of the March 2018 general elections.
A November 2018 ruling by the Supreme Court was expected to effectively place limits on authorities’ ability to conduct hacking as part of a criminal investigation. The case involved the installation of malware on a suspect’s mobile phone; the Supreme Court instructed a lower court to reexamine whether police practices were consistent with articles of the European Convention of Human Rights and the Italian constitution that protect the freedom and confidentiality of correspondence and other forms of communication.20
Awareness of Italian involvement in the international cyberweapons market has grown, and Italian companies, including the now-defunct Hacking Team, have faced increased scrutiny over sales of surveillance software to government agencies and repressive regimes.21 In June 2021, a joint investigation by IRPI Media, the newsroom of the NGO Investigative Reporting Project Italy; the newspaper il Domani; and Dutch investigative nonprofit Lighthouse Reports reported that European companies, including the Italian company SecurCube, provided cell-tower surveillance technology to Myanmar’s military, despite the EU embargo on the export of these tools. The company claimed that it had not directly sold the technology to Myanmar’s military, but it acknowledged that BTS could have been resold by third parties.22
The use of facial recognition continued to be a hotly debated topic in Italy. In April 2021, the DPA rejected the use by the police of the SARI Real Time facial recognition system,—which was an advanced version of the existing Italian National Police facial recognition system—arguing that the system lacks a legal basis for live facial recognition and that, as designed, it would implement a form of mass surveillance.23 In December 2021, the Italian parliament approved a two-year moratorium on facial recognition systems.24
Advanced technologies are used on vulnerable populations without transparency and appropriate oversight: in December 2021, the Hermes Center for Transparency and Digital Human Rights published a report detailing the use of facial recognition and biometric technologies on migrants fleeing persecution and arriving to Italy by boat.25 According to the report, migrants’ biometric data is included in a database that also contains suspects of crimes, and the government uses biometric authentication, including through facial recognition, to see if any of the migrants have committed crimes.
- 1Garante per la Protezione dei Dati Personali, ‘Italy reopens’ decree: major criticalities for vaccination pass Italian SA issues warning to Government,” April 23, 2021, https://garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb…
- 2“Italian DPA: Green light from the Italian SA subject to adequate safeguards,” European Data Protection Board, June 10, 2021, https://edpb.europa.eu/news/national-news/2021/italian-dpa-green-light-….
- 3Martina Pennisi, “Tracing of infections, the government opens the call: three days to find the best application [Tracciamento dei contagi, il governo apre la call” tre giorni per trovare l’applicazione migliore],” March 23, 2020, https://www.corriere.it/tecnologia/20_marzo_23/tracciamento-contagi-gov…
- 4Federico Guerrini, “After Weeks of Debate, Italy’s COVID-19 Contact Tracing App Almost Ready To Debut,” Forbes, May 19, 2020, https://www.forbes.com/sites/federicoguerrini/2020/05/19/after-weeks-of…
- 5Raffaele Angius and Luca Zorloni, “Here’s where the government has lost track of contact tracing [Ecco dove il governo ha perso traccia del contact tracing],” Wired, May 1, 2020, https://www.wired.it/internet/web/2020/05/01/app-immuni-contact-tracing…
- 6Claudia Morelli, “State Trojan, the news of the conversion law on wiretapping DL [Trojan di stato, le novità della legge di conversione sul DL intercettazioni],” Altalex, February 28, 2020, https://www.altalex.com/documents/news/2020/02/28/trojan-di-stato-novit…
- 7“Intercettazioni e indagini contro i giornalisti che scrivono di Libia e migrant,” Domani, April 2, 2021, https://www.editorialedomani.it/fatti/inchiesta-contro-ong-intercettati…
- 8Lorenzo Tondo, “Italy investigates claims of wiretapping linked to migration reporting,” The Guardian, April 6, 2021, https://www.theguardian.com/world/2021/apr/06/italy-investigates-call-w…
- 9“DECRETO-LEGGE 30 dicembre 2019, n. 161 Modifiche urgenti alla disciplina delle intercettazioni di conversazioni o comunicazioni,” Gazzetta Ufficiale della Repubblica Italiana, https://www.gazzettaufficiale.it/eli/id/2019/12/31/19G00169/sg
- 10“Come il ministero della Giustizia gestirà le nuove intercettazioni,” Wired Italia, September 16, 2020, https://www.wired.it/internet/regole/2020/09/16/intercettazioni-ministe…
- 11Riccardo Coluccini, “Ecco la nuova cyber diplomazia USA,” Guerre di Rete, March 21, 2021, https://guerredirete.substack.com/p/guerre-di-rete-ecco-la-nuova-cyber; Frediani also points out that “in the last five years in Italy about 130 thousand targets have had their communications intercepted every year,” noting that 85 percent are through wiretaps, 12 percent through environmental bugs and 3 percent through telematic systems.
- 12Luca Zorloni, “Il ministero della Giustizia deve decidere quanto pagare per le intercettazioni,” Wired Italia, March 19, 2021, https://www.wired.it/attualita/politica/2021/03/19/intercettazioni-troj…
- 13“Trojan super-arma per le indagini, il compromesso tra garantisti e giustizialist,i” Agenda Digitale, April 7, 2021, https://www.agendadigitale.eu/sicurezza/privacy/trojan-super-arma-per-l…
- 14United Nations, Human Rights Committee, “Concluding observations on the sixth periodic report of Italy,” May 1, 2017, http://tbinternet.ohchr.org/_layouts/treatybodyexternal/Download.aspx?s…
- 15Corte di Cassazione, supra note 3, Reasons for the Decision, para. 11 (“limited exclusively to proceedings relating to offences of organized crimes, the Court allows the real-time interception of conversations or communications by installing a “computerized sensor” in portable electronic devices (e.g. personal computer, tablet, smartphone, etc.) also in private homes under Art. 614 of the Code of Criminal Procedure, even if those dwelling are not identified in the warrant or if it is not determined that they were used to conduct criminal activity”). Privacy International Blog, “Italy's Supreme Court decision limits hacking powers and applies safeguards,” November 2, 2018, https://privacyinternational.org/blog/2423/italys-supreme-court-decisio…
- 16Carola Frediani, “Wiretapping with Trojans, here is the bill [Intercettazioni col trojan, ecco la proposta di legge],” La Stampa, January 31 2017, http://www.lastampa.it/2017/01/31/italia/cronache/intercettazioni-col-t…
- 17Official Gazette, “Amendments to the Criminal Code, the Criminal Procedure Code and the Penitentiary System [Modifiche al codice penale, al codice di procedura penale e all'ordinamento penitenziario],” June 23, 2017, https://www.gazzettaufficiale.it/eli/id/2017/07/4/17G00116/sg
- 18Privacy International, “Privacy International’s Analysis of the Italian Hacking Reform, under DDL Orlando,” March 5, 2017 https://www.privacyinternational.org/press-release/1263/privacy-interna…
- 19Proposta di Legge, Disciplina dell’uso dei Captatori legali nel rispetto delle garanzie individuali. The text of the bill (in Italian) is available here: https://www.camera.it/_dati/leg17/lavori/stampati/pdf/17PDL0050160.pdf
- 20Penale Sent. Sez. 6 Num. 45486 Anno 2018 http://www.italgiure.giustizia.it/xway/application/nif/clean/hc.dll?ver…; See also: “Italy's Supreme Court decision limits hacking powers and applies safeguards,” Privacy International, November 2, 2018, https://privacyinternational.org/news-analysis/2423/italys-supreme-cour…
- 21Wikileaks, “Hacking Team,” July 8, 2015, https://wikileaks.org/hackingteam/emails/; Lorenzo Franceschi-Bicchierai, “Hacking Team Has Lost Its License to Export Spyware,” Motherboard Vice, April 6, 2016, https://www.vice.com/en_us/article/78k8dq/hacking-team-has-lost-its-lic…; Lorenzo Franceschi-Bicchierai, “Hacking Team Has Lost Its License to Export Spyware,” Motherboard Vice, April 6, 2016, https://www.vice.com/en_us/article/78k8dq/hacking-team-has-lost-its-lic…; Privacy International, “Privacy International launches the Surveillance Industry Index & New Accompanying Report,” August 1, 2016, https://web.archive.org/web/20161015020646/https://www.privacyinternati…; Italian Coalition for Civil Liberties and Rights, “Italy urged to act as Internet surveillance systems are exported to Egypt,” January 23, 2017, https://cild.eu/en/2017/01/23/italy-urged-to-act-internet-surveillance-…
- 22Riccardo Coluccini, “Myanmar, lo Stato di sorveglianza che aggira l’embargo UE,” IRPImedia, June 14, 2021, https://irpimedia.irpi.eu/euarms-armi-dual-use-birmania/
- 23Garante Nazionale per la Protezione dei Dati Personali, “Riconoscimento facciale: Sari Real Time non è conforme alla normativa sulla privacy,” April 16, 2021, https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/do…
- 24“Cosa cambia con la moratoria sui sistemi di riconoscimento facciale,” Il Post, December 7, 2021, https://www.ilpost.it/2021/12/07/moratoria-riconoscimento-facciale/.
- 25Hermes Center for Transparency and Digital Human Rights, “Technologies for Border Surveillance and Control in Italy. Identification, Facial Recognition, and European Union Funding”, December 2021, https://www.documentcloud.org/documents/21200979-technologies-for-borde…
Does monitoring and collection of user data by service providers and other technology companies infringe on users’ right to privacy? | 3.003 6.006 |
Service providers are required to comply with law enforcement requests for users’ activity records, known as metadata, under a variety of circumstances, including in the course of a criminal investigation or “for the purpose of preventing crimes by criminal associations and international terrorism organizations.”1
Although the CJEU struck down a 2006 EU directive on the retention of data, Italy has extended the period for which ISPs must keep users’ metadata. In November 2017, parliament swiftly approved a regulation on data retention that requires telecommunications companies to store telephone and internet data for up to six years. Despite civil society protests, there was virtually no public or parliamentary debate on the measure, which had been added to unrelated legislation following a European Council directive before passage.2 The DPA expressed its objection to the bill, citing the measure's incompatibility with EU law and case law.3 European Data Protection Supervisor Giovanni Buttarelli commented that the new regulation allowed too much data to be collected and did not reflect the European approach to data retention.4
In March 2020, in response to the COVID-19 pandemic, a Ministry of Innovation task force collaborated with the University of Pavia to create a program that compiles and analyzes anonymized data drawn from Facebook and telecommunications firms such as TIM, Vodafone, Wind Tre, and Fastweb. According to Wired Italy, the datasets “aggregate users' movements to help with contact tracing or other forms of monitoring.”5 The system is apparently used by health researchers and nonprofit organizations that have signed licensing agreements with Facebook. The president of the Italian Privacy Institute warned that while EU regulators allow for a loosening of data protection rules in a public emergency, the Italian program lacked provisions for the restoration of ordinary safeguards and the deletion of the data after the crisis passed.6
The Italian DPA has launched investigations into companies that have abused user data, issuing fines in some cases. For example, in February 2022, the authority fined the US-based facial recognition company Clearview AI €20 million ($22.6 million),7 the maximum penalty under the General Data Protection Regulation, after discovering that the company monitored and processed biometric data of individuals on Italian territory without a legal basis. The DPA started its investigation following several complaints by journalists, civil society organizations, and researchers.8 Additionally, the DPA ordered the company to erase all personal data relating to individuals in Italy and banned further collection and processing of personal data relating to individuals in Italy through Clearview AI’s facial recognition system. The DPA also ordered Clearview AI to designate a representative in the EU.
In September 2021, the DPA fined Luigi Bocconi University €200,000 ($226,000) for using Respondus, a proctoring software, without sufficiently informing students of the processing of their personal data and, among other violations, for processing their biometric data without a legal basis. Bocconi is a private University based in Milan and during the COVID-19 pandemic it introduced Respondus tools to monitor students during remote exams.9
The 2018 Cambridge Analytica scandal, in which the United Kingdom–based political consultancy was found to have improperly harvested Facebook data on US voters, also had an impact on Italy. The DPA conducted an inquiry into the case in order to establish how Italians’ data could have been misused, and investigators met with Facebook representatives in April 2018.10 The inquiry was closed in February 2019, when the DPA declared that Italians’ data were processed unlawfully and informed Cambridge Analytica that it might be fined.11 In June 2019, Italy fined Facebook $1.1 million because Cambridge Analytica accessed the data of around 214,000 Italian users through the platform.12
- 1Global Network Initiative, “Provision of Real-time Lawful Interception Assistance,” accessed June 2021, https://globalnetworkinitiative.org/clfr-italy/
- 2Hermes Center, “Italy extends data retention to six years,” EDRi: European Digital Rights, November 29, 2017, https://edri.org/italy-extends-data-retention-to-six-years/
- 3Garante Per la Protezione Dei Dati Personali, “Data retention: [Data retention: Soro, troppi 6 anni conservazione dati Tlc e Internet],” July 25, 2017, http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/doc…
- 4Carola Frediani, “EU Privacy Guarantor: “Europe is a leader on data protection [Sulla protezione dei dati l’Europa è leader],” La Stampa, November 13 2017, http://www.lastampa.it/2017/11/13/esteri/garante-privacy-ue-sulla-prote…
- 5Luca Zorloni, “The government will use big data in the coronavirus emergency, starting with Facebook [Il governo userà i big data nell’emergenza coronavirus. A partire da quelli di Facebook],” Wired, March 17, 2020, https://www.wired.it/internet/regole/2020/03/17/coronavirus-dati-facebo…
- 6Privacy International, “Italy: Telcos turn over anonymised location data to aid contact tracing,” March 17, 2020, https://privacyinternational.org/examples/3422/italy-telcos-turn-over-a…
- 7“Facial recognition: Italian SA fines Clearview AI EUR 20 million,” EDPB, March 10, 2022, https://edpb.europa.eu/news/national-news/2022/facial-recognition-itali…
- 8I:talian DPA fines Clearview AI for illegally monitoring and processing biometric data of Italian citizens,” EDRi, March 23, 2022, https://edri.org/our-work/italian-dpa-fines-clearview-ai-for-illegally-…
- 9Hermes Center and Reclaim Your Face, “No biometric surveillance for Italian students during exams,“ EDRi , November 17, 2021 https://edri.org/our-work/no-biometric-surveillance-for-italian-student…
- 10Garante Per la Protezione Dei Dati Personali, “Cambridge Analytica - The Privacy Guarantor meets Facebook and asks for clarifications on possible violations committed in Italy [Cambridge Analytica – Il Garante privacy incontra Facebook e Chiede Chiarimenti sulle possibili violazioni commesse in Italia],” April 24, 2018, https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/do…
- 11Garante Per la Protezione Dei Dati Personali, “Cambridge Analytica: Fact-finding over, Italian SA ready to impose sanctions,” July 2, 2019, https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/do…
- 12Natasha Lomas, “Italy stings Facebook with $1.1M fine for Cambridge Analytica data misuse,” TechCrunch, June 20, 2019, https://techcrunch.com/2019/06/28/italy-stings-facebook-with-1-1m-fine-….
Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in relation to their online activities? | 3.003 5.005 |
While cases of intimidation or physical violence in response to online activity are reported only sporadically, individuals who expose organized crime activities in some parts of the country may be especially at risk of reprisals. For example, in May 2019, journalist Gaetano Scariolo’s car was set on fire by unknown assailants. Scariolo, who covers criminal justice and whose work appears online, said, “I am sure that the intimidation has to do with my professional activity.”1
The Interior Ministry recorded 44 episodes of violence and intimidation against journalists in the first three months of 2022, amounting to a small decrease compared to the first quarter of 2021.2 Of all the reported 232 cases in 2021, 44 percent involved online intimidation; 53 of these episodes were related to journalistic coverage of the pandemic. Compared to 2019, harassment of journalists increased by 87 percent. Ossigeno per l’Informazione documented 384 cases of threats and intimidation against Italian journalists and bloggers in 2021.3
Women journalists and politicians in particular are subject to virulent online harassment. In 2018, journalist Annalisa Camilli received derogatory and threatening anonymous emails after publishing an online story about a migrant rescued at sea by the NGO Open Arms.4 Other women journalists have reported experiencing similar harassment, frequently for their coverage of the migration crisis.5 Independent lawmaker Laura Boldrini was harassed, including by prominent politicians such as Matteo Salvini, the leader of the right-wing Lega, whose posts about her elicited death and rape threats from his online supporters.6
In 2021, several journalists were attacked while reporting on antivaccination protests or gatherings; for example, in August 2021, two separate instances of verbal and physical assault were reported.7
- 1“Journalist Gaetano Scariolo’s car is set on fire [Incendiata l’auto del giornalista Gaetano Scariolo],” Giornalisti Itali, May 10, 2019, https://www.giornalistitalia.it/incendiata-lauto-del-giornalista-gaetan…
- 2Ministero dell’Interno, “Atti intimidatori contro i giornalisti”Linguaggio d'odio e minacce in rete ai giornalisti: i dati sul fenomeno,” April 23, 2021, https://www.interno.gov.it/it/stampa-e-comunicazione/dati-e-statistiche…
- 3Ossigeno per l’informazione, “In Italia 384 giornalisti minacciati nel 2021. Ossigeno ha aggiornato i dati di dicembre,” May 5, 2022, https://www.ossigeno.info/in-italia-384-giornalisti-minacciati-nel-2021….
- 4Cristiana Bedei, “How the harassment of journalists impacts the news,” International Journalists Network, June 4, 2019, https://ijnet.org/en/story/how-harassment-journalists-impacts-news
- 5Sarah Guinee, “Italy's migrant beat beset with smear campaigns, harassment,” Committee to Protect Journalists, April 2, 2019, https://cpj.org/blog/2019/04/italy-journalists-harassed-trolls-migratio…
- 6Irene Caselli, “Bullets, threats of rape and disinformation in Italy,” Coda Story, August 30, 2019, https://codastory.com/disinformation/bullets-threats-rape-disinformatio…
- 7Ossigeno per l’informazione, “Due aggressioni ai cronisti che hanno destato particolare allarme,” September 16, 2021 https://www.ossigeno.info/agosto-2021-due-aggressioni-ai-cronisti-che-h….
Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack? | 2.002 3.003 |
Cyberattacks have constituted a problem in Italy in recent years, through the defacement of or distributed denial-of-service (DDoS) attacks against the websites of political figures or institutional websites.
Though cyberattacks declined during the first year of the pandemic, they have increased in recent years, according to some sources. In its 2021 report, the Italian Association on Cybersecurity (CLUSIT) recorded 2,049 serious cyberattacks, an increase of almost ten percent compared to the previous year. Additionally, there was a monthly average of 171 attacks, the highest number ever recorded.1 The 2021 CLUSIT data, gathered by Fastweb’s Security Operations Center (SOC), signals a 58 percent increase of servers targeted via malware or botnets. The same report also underlines an increase in phishing via email and SMS. When it comes to DDoS attacks, Fastweb has recorded 2,500 instances of attacks against its clients in 2021, 50 percent of which targeted financial institutions or public agencies.2
Hacks of public and private institutions continued to occur in the coverage period, including attacks against hospitals.3 For example, in May 2022, the news agency AGI reported4 that a DDoS attack hit seven Italian websites, including the Senate, the Higher Institute of Health, and the Italian Automobile Club. The hacking attack was claimed on Telegram by a pro-Russian IT group called "Killnet," and was allegedly in retaliation for Italy’s support of Ukraine.
In June 2022, after the coverage period, the public administration of the Sardinia region admitted they had been targeted by a massive ransomware attack,5 following several reports by local and national journalists.6 The hackers allegedly obtained 155 GB of personal and sensitive data, including ID cards and passwords. If confirmed, this would be the largest data breach to impact a public institution in Italy.
In March 2021, Wired reported that the Ministry for Economic Development (MISE) suffered a data breach the previous year and had failed to report it.7 The breach jeopardized the personal information of employees at the ministry.
In March 2019, Vice reported that hackers working for an Italian surveillance company had infected hundreds of people’s devices with several malicious mobile apps that were hosted on the official Google Play store for months.8 Experts said that the operation may have ensnared innocent victims, as the spyware appears to have been faulty and poorly targeted. The DPA announced an investigation into the matter, with the head of the authority declaring that such tools posed a serious risk to citizens’ freedoms if deployed without the necessary safeguards. Prosecutors in turn launched an investigation into eSurv,9 the company that made the spyware, seizing its computers and shutting down the program’s infrastructure.
- 1Associazione Italiana per la Sicurezza Informatica (CLUSIT), “Clusit: la mano della criminalità organizzata sul cybercrime; nel 2021 a livello mondiale stimati danni pari a 4 volte il PIL italiano,” March 7, 2022, https://clusit.it/wp-content/uploads/area_stampa/2022/Rapporto-Clusit-2….
- 2Associazione Italiana per la Sicurezza Informatica (CLUSIT), “Clusit: la mano della criminalità organizzata sul cybercrime; nel 2021 a livello mondiale stimati danni pari a 4 volte il PIL italiano,” March 7, 2022, https://clusit.it/wp-content/uploads/area_stampa/2022/Rapporto-Clusit-2….
- 3Angius R.,“Reparto ransomware: quando viene attaccato un ospedale,” Guerre di Rete, April 6, 2022, https://www.guerredirete.it/reparto-ransomware-quando-viene-attaccato-u….
- 4Benfenati S.,I, “Attacco di hacker russi manda in tilt sette siti italiani,” AGI, May 11, 2022, https://www.agi.it/cronaca/news/2022-05-11/probabile-attacco-hacker-rus….
- 5Di Corinto A., “La Regione Sardegna conferma il databreach di 170mila file,”, la Repubblica, June 23, 2022, https://www.repubblica.it/tecnologia/2022/06/21/news/regione_sardegna_d…
- 6Angius R. “La Regione attaccata dagli hacker,” Indip.it, February 2022 https://indip.it/la-regione-sardegna-attaccata-dagli-hacker/
- 7“Il Mise ha nascosto un furto di dati dai suoi sistemi per mesi,” Wired Italia, March 16, 2021, https://www.wired.it/internet/web/2021/03/16/furto-dati-mise-hackerato-…
- 8Lorenzo Franceschi-Bicchierai and Riccardo Coluccini, “Researchers Find Google Play Store Apps Were Actually Government Malware,” Vice, March 29, 2019, https://www.vice.com/en_us/article/43z93g/hackers-hid-android-malware-i…
- 9Lorenzo Franceschi-Bicchierai, “Prosecutors Launch Investigation Into Company That Put Malware on Google Play Store,” Vice, April 1, 2019, https://www.vice.com/en_us/article/eveeq4/prosecutors-investigation-esu…


Country Facts
-
Global Freedom Score
90 100 free -
Internet Freedom Score
75 100 free -
Freedom in the World Status
Free -
Networks Restricted
No -
Websites Blocked
Yes -
Pro-government Commentators
No -
Users Arrested
No