The Italian Parliament approved on November 8 a regulation on data retention that allows telecommunication operators to save telephone and internet data for up to 6 years.

A grave threat to privacy

This measure is a threat to the privacy of all citizens, and one which underwent an extremely scant amount of scrutiny and debate despite the extremely heavy consequences for all of us. The regulation has been denounced by the Italian Coalition for Civil Liberties and Rights, a Liberties member, and the Hermes Centre for Transparency and Digital Human Rights.

The two organisations have been voicing concerns since July, when the provision was inserted into a transposition law following a European Council directive on the safety of lifts.

In particular, the regulation is completely opposed to the indications recently handed down by the EU Court of Justice and results in a clear conflict of law with active Italian privacy regulations, as pointed out last month by Antonello Soro, president of the Italian Data Protection Authority. Many experts say that it could be soon challenged in court.

Previous retention limits

Data retention in Italy was fixed by existing privacy regulations up until 2015: Up to two years' retention for telephone traffic, one year for telematic and 30 days for unanswered calls.

These limits were later extended by the Counterterrorism Decree of 2015, which, until June 30, 2017, required the retention of data relating to telephone or telematic traffic. This excluded any communications content, including unquoted call data, that was temporarily handled by publicly accessible electronic communications service providers.

On June 30, however, the extension that allowed the storage of such data expired, without any intervention of the government to renew it.