The Italian Data Protection Authority (Garante) has recently made available the results of the first half 2014 activities: 196 inspections, fines issued in the range of 2,5M Euro (already collected).

The overall assessment of the Garante can be summarized as follows:

  • poor information to users on data processing both from public and private entities;
  • many data processing activities are not carried out in compliance with the law;
  • security measures is still an issue to address.

The Garante, as announced at the beginning of the year, has focused the following areas: mobile payment, medical apps, tele-marketing activities carried out by call centers located abroad, real estate brokerage, hospitality activities, e-commerce, internet exchange points (IXP) activities, tlc and internet security measures, data transfer to non-EU countries.

In the first half year, 299 proceedings have been commenced, in particular for omitted information notice and unlawful data processing.

It is worth noting that for the first time a phone company has been challenged for not having timely noticed the Garante/data breach which is one of the new measures recently introduced in the Italian Data Protection Code.

What else could happen during 2014? The Garante announced to carry on monitoring the areas already focused but it intends to extend controls in other fields: data processings carried out by general practitioners, pediatrician (with specific reference to storage of sensitive data by service providers), banks, credit collection companies, public entities providing for free Wi-fi access, security measures in the framework of processing of sensitive data.

200 inspections are planned (carried out in cooperation with data protection body within the Italian tax police).

In Italy, attention by the relevant authorities on data processing is ever more increasing.