On 12 September 2016, the Italian Deputy Chamber has begun the discussion of the Bill no. 3139 (“Bill“), aimed at contrasting cyber-bullying. This would impose significant duties on web-site operators (as defined within the same Bill). You can find here the text of the Bill and below a summary of its main contents.

Definition of Cyber-Bullying

Cyber-bullying is defined as:

(i) any repeated aggression / harassment;

(ii) aimed at causing anxiety / fear;

(iii) through, inter alia, psychic violence / pressure, threat of personal injury, etc.;

(iv) by means of any telematics platform including telephone, internet, social network, instant messaging.

Whilst the previous text of the Bill (as approved by the Senate) linked expressly the cyber-bullying to injured minors, the Bill currently under scrutiny (as amended by the Standing Committees of the Italian Deputy Chamber) refers cyber-bullying also to adult (i.e., 18-years old or above) as injured persons.

This may cause a significant increase of the original scope of application of the Bill. In particular, as the relevant (unlawful) conducts may concern also injured adults, it is difficult to ascertain differences between cyber-bullying and “stalking” as a crime.

This is also due to the fact that the Bill would specifically amend the provision of the Italian Criminal Code concerning stalking, setting forth an increased sanction (from 1 to 6 years) if the crime is committed by means of telematics networks. On the other hand, the Bill states that the notice and take-down procedure (see below) may be activated even if the conducts are not sanctioned as crimes and, in particular, as unlawful processing of personal data.

Definition of Web-Site Operator

Web-site operator is defined as any ISP not included in the categories of mere conduit – access, caching and hosting providers as per the E-Commerce Decree (Legislative Decree no. 70/2003). Therefore, the Bill would apply (only) to content providers.

Among others, the main legal issues in connection to such definition are as follows:

  1. Instant messaging through any communications network. Providers of such services are expressly included within the scope of application of the Bill. However, one may argue that instant messaging should be exempted, because it could be by analogy classified as a service provided by an access and/or caching ISP.
  2. Social networks / User Generated Content Platforms. Providers of such services / platforms should (according to most commentators) be generally regarded as hosting providers, so that the Bill should not apply to such ISPs; however, the notice and take-down procedure could be activated also before them.

The Notice and Take-Down Procedure. The Role of the Italian DPA

As said above, any injured person (including minors over 14’s) may activate before the website operator a notice and take-down procedure, requesting the deletion and the block of the “communications related to the injured persons” and the specific conducts implying cyber-bullying.

Web-site operators shall implement a notice and take-down procedure and host in their home-page clear reference to such procedure, within 30 days from the entering into force of the Bill.

The Italian DPA shall assess the compliance of the website operator with the take-down duty within 24 hours from the notice. If the notice is not patently irrelevant (manifestamente infondata), the DPA may impose the take-down / block of the processing.

Such provisions raise, inter alia, the following issues:

  1. the procedure, even when the Italian DPA is involved, could not ensure an adequate assessment of the lawfulness of the conducts;
  2. the notice and take-down procedure regarding the “communications related to the injured persons” does not imply that a conduct of cyber-bullying took place. This is the reason why, according to certain commentators, the Bill could restrict – allegedly groundless – the freedom of expression on the web.