On 19 July 2017, the Chamber of Deputies of the Italian Parliament approved two amendments to existing laws. One of the amendments aims at extending telecommunications data retention to six years, while the other gives Agcom, the communications regulator, powers to order takedown and blocking of online content without judicial oversight.
Data retention in Italy is governed by Art. 132 of the Privacy Law – 24 months for phone communications metadata, 12 months for Internet metadata, 30 days unanswered phone calls. The amendment will extend the retention period for all categories of the above data to six years.
The Data Retention Amendment (Art. 12-Ter of DDL 4505-A) was written by Walter Verini (Democratic Party, PD), and Giuseppe Berretta (Democratic Party, PD) as an amendment to a law that regulates the safety of lifts, which led to many members of Parliament (MPs) voting it without even reading the amendment. Later, several MPs issued public statements of regret, admitting their mistake.
After the public criticism, one of the co-signatories of the Data Retention Amendment, Ms Mara Mucci (Mixed Group) acknowledged that she had not really realised the sensitivity of the issue and that she is now available to foster a wider debate to change the law in the Senate.
Antonello Soro, the President of the Italian Data Protection Authority, condemned Mr Verini’s amendment arguing that it does not clearly guarantee the principles of proportionality as defined by the EU regulatory framework and the rulings of the Court of Justice of the European Union (CJEU) – there have been two separate CJEU rulings against indiscriminate telecommunications data retention.
The Italian Association of Internet Providers (AIIP) also criticised the Data Retention amendment as too broad and as being in contradiction with EU case law. It also criticised the fact that the amendment was introduced without involving the key stakeholders impacted by the bill for contribution and opinions.
With regard to the “Takedown Power” amendment, currently in Italy only a court order can mandate Internet Service Providers (ISPs) to takedown a website or restrict access to specific content, by IP address or domain name. Under the new law, an administrative authority Agcom will be given the power do so without any kind of judicial oversight.
The Takedown Power Amendment (Amendment n. 1022 published in Annex A of parliamentary sitting 19/07/2017) sparkled an immediate reaction again by AIIP, which sharply criticised it due to the excessive powers it gives to the Agcom.
The amendment further gives Agcom the mandate to issue a technical regulation that will define the requirements for the implementation of permanent blocking infrastructure to be implemented by ISPs, de-facto requiring the deployments of Deep Packet Inspection system.
These amendments have been approved by the Chamber of Deputies of the Italian Parliament in the context of the process to implement European Union legislation, “Disposizioni per l’adempimento degli obblighi derivanti dall’appartenenza dell’Italia all’Unione europea — Legge europea 2017 (DDL 4505-A)”.
The two amendments had a total amount of parliamentary debate of less than 2 minutes (video).
The Law, including the two amendments, still has to be approved by the Senate, likely to happen in early September.
Indiscriminate Retention of data for 6 years – keeping updated track on all resources on the topic (only in Italian 23.07.2017)
Data retention: President Soro, 6 years data retention term for telephony metadata are too much (only in Italian, 26.07.2017)
From elevators to Massive Surveillance (only in Italian, 22.07.2017)
6 years as terms of data retention on all phone and internet data just approved in a directive on elevator’s safety (only in Italian, 21.07.2017)
Italian ISPs say new copyright amendment infringes human rights (28.07.2017)
The full text sent to the Senate
(Contribution by Fabio Pietrosanti, EDRi observer Hermes Center, Italy)