Protection of Personal Data: It's All About Europe
A step towards technology and step away from politics. This is the principle that guided the established independent authorities in the 1990s. In 1997 the Authority for the Protection of Personal Data was born. Its arduous task was to keep pace with a shifting notion of the right of privacy, i.e. the right of everyone to have control on one's own personal data, online and offline. This right finds its origin in the 1995 European Directive on Privacy.
The Italian Authority thus had a European imprinting from the start, and as such it was conceived as the national component of a supranational system for the protection of privacy, which linked the Authorities of member states. In the article 29 of the 1995 Directive the Working party was established, and it has since contributed to the diffusion of a European culture about the protection of privacy. In spite of its European vocation, in its first years of activity the Italian Authority was more perceived as an agency for the protection of individual citizens, either in litigation or in informing about developments in the privacy of personal data. The link between territory and regulation was strong.
Since 9/11 something has changed and the Europeanization of the Authority has accelerated due to the new obsession: security from terrorist attack, which clashes against the notion of permanent control of individuals on their data, and transcends national boundaries. Since that moment, national security agencies have started exchanging personal data, sometimes in breach of norms regulating their transmission, so that the importance of the protection of personal data has increased in judiciary cooperation in penal matters. In such a context, the coordination of the Italian Authority with its European sisters and with parallel agencies on the other side of the Atlantic has intensified in order to meet the security imperative.
But it is with the coming into being of the Lisbon Treaty (2009) that the European rationale for the Italian Autority for Data Protection becomes overwhelming. The Charter of Nice puts the right to data protection, as well as the obligation of member states to establish protection Authorities, at the level of constitutional source for the Union, because, as the former Authority president Franco Pizzetti has noted, the role in overseeing government actions to protect citizens, which had hitherto been its institutional mission, has changed for the need of stricter transnational coordination in protecting the European way of life. In this sense, the Italian Authority will have to play a more proactive role, in prevention, discipline and regulation in a supranational context, in addition to act against the illicit treatment of citizens' data as it has always done. A new board of the Authority is now in place. We'll see whether it will be able, as the previous board proved able to, to face the numerous challenges that lie in store.