Antonino Battaglia : 2 September 2025 07:42
Every day we hear about privacy in every aspect of our lives, so much so that the term has entered common parlance. But what does it really mean? What happens when we sign up for a social network or when we request a banking transaction? Even without realizing it, every day we leave personal data everywhere—traces that reveal who we are and our preferences.
In our legal system, however, the word privacy does not have a generally accepted definition; in fact, it indicates a changing concept linked to the evolution of the legal and social context. Very often, the term privacy is translated into common parlance as the word confidentiality. In reality, privacy and confidentiality are two different notions. While confidentiality represents the right to one’s private sphere and personal data, privacy is an extension of that right, as it focuses on all the elements that define an individual’s identity, history, habits, and status.
When linked to data protection, privacy extends the concept of protection, moving it from the private sphere to the social dimension. It is therefore clear that the right to privacy includes the right to confidentiality, granting the individual who holds it the power to prevent the disclosure of personal information, as well as to control the collection and processing of that information.
Approaching the issue from a historical perspective, the Universal Declaration of Human Rights of 1948, in Article 1, states: Article 12, although not explicitly stated, prohibits any arbitrary interference with individual privacy, while ensuring legislative protection against any such interference.
Even within the European Union, legislators have intervened to regulate this matter, first with Directive 95/46/EC on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and then with the Charter of Fundamental Rights of the European Union, where Article 12 provides: Article 8 grants everyone the right to the protection of their personal data.
However, it is necessary to wait for Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR), to establish a uniform regulatory framework on this matter. Within our legal system, the relevant provisions were first incorporated into the Personal Data Protection Code, pursuant to Legislative Decree 196 of 2003 (Privacy Code). This code was subsequently amended by Legislative Decree 101 of 2018, which harmonized domestic legislation with supranational legislation.
Unlike in the past, the new privacy legislation is based on the combination of accountability and awareness. Accountability falls on those who manage and process personal data on the one hand, and on greater awareness on the part of data controllers on the other.
But in the end, what is meant by personal data? The GDPR expressly defines personal data as any information relating to an identified or identifiable natural person, directly or indirectly (e.g., a tax code). While in the past we referred to sensitive data and judicial data, with the regulation, this term is no longer correct; instead, reference must be made to Articles 15 and 16. Articles 9 and 10 of the European regulation replace them.
In particular, according to Article 9 of the Regulation, the category of personal data includes not only data revealing racial origin or political opinion, but also genetic and biometric data intended to uniquely identify a natural person. Article 10 of the European Regulation, however, identifies personal data relating to criminal convictions and offenses, as well as security measures.
Basically, personal data is considered processed when it is subjected to any operation or set of operations, whether performed by automated means or not. Specifically, pursuant to Article 5 of the GDPR, data must be processed lawfully, fairly, and transparently. They must be collected for specific purposes, minimizing the amount of processing necessary, and must be stored in a form that permits identification of data subjects for no longer than is necessary to achieve those purposes.
Equally important is the requirement that data must ensure adequate security, including appropriate technical and organizational measures, to ensure integrity and confidentiality from unauthorized, unlawful, or accidental processing.
But when will data processing be lawful? This will only be the case if the data subject has given consent to the processing for one or more specific purposes, or if the processing is necessary for the performance of a contract, for compliance with a legal obligation, for the pursuit of a legitimate interest of the data controller or a third party, or to protect the vital interests of the data subject.
As we can see, the appropriate choice of legal basis for processing is of fundamental importance for the data controller, considering that they are responsible for the fairness of the processing.
To protect themselves in a context where privacy is increasingly at risk, people can adopt various strategies. First, it is essential to be aware of the personal information they share online. This includes reviewing privacy settings on social networks and limiting the sharing of sensitive data, such as addresses, phone numbers, and financial information. Furthermore, it is advisable to use strong, unique passwords for each account, enable two-factor authentication, and regularly monitor your online activity for unauthorized access. Finally, it is important to understand your rights under the GDPR, such as the right to access and the right to rectification, so you can exercise active control over your data.
Publishing other people’s data without their consent can have serious legal and moral consequences. First, it violates the right to privacy and personal data protection, exposing the perpetrator to sanctions under the GDPR, which can include significant fines. Furthermore, the unauthorized dissemination of personal information can damage the reputation and privacy of the individuals involved, leading to psychological and social consequences. It is therefore essential to respect the privacy of others and consider the ethical implications of our actions in the digital world.
In an age where technology permeates every aspect of our lives, awareness of privacy and personal data protection is more crucial than ever. Responsibility falls not only on institutions and companies, but also on each of us as individuals. Adopting proactive behaviors to protect our information and respect the privacy of others is not only a legal obligation, but a moral duty. Only through greater awareness and responsibility can we build a safer and more respectful digital environment, where everyone’s privacy is protected and valued.
Antonino Battaglia