ITU Home Page International Telecommunication Union Franšais | Espa˝ol 
Print Version 
ITU Home Page
Home : Office of the Secretary-General : CSD
Back to home  

Back to Anti-Spam Laws and Authorities


Italy - Garante per la protezione dei dati personali- (Italian Data Protection Authority)

Italy has enacted a tough anti-spam law that makes spamming a criminal offence and is punishable by up to three years' imprisonment. The fight against spam, with respect to the protection of personal data, falls within the competence of The Italian Data Protection Authority ("the Authority") under the terms laid down in the Personal Data Protection Code (legislative decree no. 196/2003 - Sections 121-132, in particular 130). The Authority, which is an independent agency specifically created to ensure the protection of personal data and to deal with spam problems, may receive complaints and/or reports from alleged spam victims and impose administrative fines on offenders. It has the power to carry out on-the-spot inspections, search premises and to seize records and any other items considered to be relevant; it may block unlawful processing operations and will refer information to the judicial authorities. The Authority cooperates with national and international authorities in the fight against spam; in particular, it is a member of the Contact Network of Spam Authorities set up at EU level, and cooperates with Italy's Ministry of Communications in implementing the relevant laws and regulations.

Competent authority Garante per la Protezione dei dati personali
Regime: Opt- in
Contact person 
Il garante per la protezione dei dati personali
Piazza di Monte Citorio n. 121 00186 ROMA
Fax: +39 06.69677.785
Tel: +39 06.69677.1  
Relevant legislation in place Laws: 
  • DL 196/2003 Personal Data Protection Code - The Code transposed EC Directive 95/46 on the protection of personal data and EC Directive 2002/58 on privacy in electronic communications; it consolidated all Italian pre-existing laws and regulations in this sector.
  • DL 675/1996 on privacy protection states, inter alia, that a company must have authorization from each user whose personal data (such as e-mail) they want to use. 
  • DL 171/1998 (deriving from the European Community directive 97/66/CE) on telecommunications privacy protection: this put outlaws all automatic systems to call a user and says that all the expenses of an advertising must be paid by the company and not the user (faxes and e-mails are instead paid also by the user) 
  • DL 185/1999 (deriving from the European Community directive 97/7/CE) on customer protection in respect of long-distance contracts: this obliges companies to seek the permission of the user for virtual or telephone sales. 
International Cooperation
  • EU's Contact Network of Spam Enforcement Authorities (CNSA)
  • OECD's Task Force on Spam 
News and information

Back to the top


Top -  Feedback -  Contact Us -  Copyright ę ITU 2011 All Rights Reserved
Contact for this page : Strategy and Policy Unit
Updated : 2011-04-04