The recent publication of the ruling of the Italian Supreme Court (17 February-1 June 2011, No 21839) offers much food for thoughts.
The facts behind the decision seem, in their essence, very simple: one person published on the Internet the mobile phone number of another person without his consent.
Such conduct, according to the decision, falls within the crime of unlawful processing of personal data, governed by art. 167 of the Italian Code for the protection of personal data.
That the elements that constitute this kind of crime are three:
1) the process should be in violation of some specific provisions of the Code
2) there should be a specific intent, such as the will to cause harm or make a profit
3) the damage (harm) should have actually been caused.
Now, from what is stated in the decision, the data process was definitely illegal. The personal information (the phone number) had been processed, more precisely, via Internet, without consent.
This conduct, as it follows, was put in place by the offender in order to cause harm to the person and the damage was actually produced. On this point, it should be noted that the Supreme Court seems to favor the recognition of harm in re ipsa, but we’re not deepening this aspect here.
For such reasons the Supreme Court confirmed the sentence of criminal conviction.
However, while the decision seems to be correct, within the limits of the meager facts reported in the published ruling, there was an error.
Contrary to what the Court stated, the number of mobile phone is certainly not a sensitive personal data.
The two definitions of Art. 4 of the Italian Code for the protection of personal data are very clear and do not give rise to misunderstandings.
The personal data is, in short, an information attributable to an individual: thus the number of users fixed telephone, mobile telephone and the number of users.
However, “sensitive” data are only expressly and exhaustively listed in Article. 4, paragraph 1, lett. d), namely “personal data revealing racial or ethnic, religious, philosophical or other beliefs, political opinions, membership of political parties, unions, associations or organizations of a religious, philosophical, political or trade union, as well as personal data disclosing health and sex life.” Among these there is not the number of mobile phone users.
“Sensitive data” is not, in legal terms, synonymous with “confidential data”. The confidential data does not exist in the Italian law, while sensitive data is only what is listed above.
The number of mobile phone is a personal data but not sensitive one. This is a mistake that is frequently committed by non-experts.
However, this does not mean that the number of mobile phone can be treated and distributed freely by anyone: it is a personal and then for its treatment it is necessary to obtain the consent of the person involved.
If it had been sensitive data, then it would also need the authorization of the Italian Authority for the protection of personal data and the offense would be aggravated.
This error of the Supreme Court shows that the so-called privacy law is still far from being known and that the level of awareness and legal culture regarding this subject is still very low.
Add comment