Expanding Freedom and Democracy
Freedom on the Net 2023

Italy

Free
75
100
A Obstacles to Access 21 25
B Limits on Content 29 35
C Violations of User Rights 25 40
Last Year's Score & Status
75 100 Free
Scores are based on a scale of 0 (least free) to 100 (most free). See the research methodology and report acknowledgements.

header1 Overview

Internet freedom in Italy remained steady during the coverage period. Italian authorities continued to block access to Russian state-owned websites under a European Union (EU) regulation put in place following Russia’s brutal invasion of Ukraine. The data protection authority was active, temporarily banning US-based OpenAI from processing users’ personal data in Italy for several weeks. Online disinformation, including during electoral periods and linked with pro-Kremlin narratives, remains an ongoing concern.

Italy’s parliamentary system features competitive multiparty elections. Civil liberties are generally respected but concerns about the rights of migrants and LGBT+ people persist, and regional inequalities are persistent and substantial. Endemic problems with corruption and organized crime pose an enduring challenge to the rule of law and economic growth.

header2 Key Developments, June 1, 2022 - May 31, 2023

  • Investments to improve the country’s information and communication technology (ICT) infrastructure and reduce the digital divide continued under Italy’s National Recovery and Resilience Plan (PNRR) (see A1 and A2).
  • In March 2023, the data protection authority banned US-based artificial intelligence (AI) company OpenAI from processing the personal data of users in Italy, leading the company to restrict access to its ChatGPT service in Italy for several weeks. Access to ChatGPT in Italy was restored in April, after OpenAI implemented several measures ordered by the data protection body (see A5 and C6).
  • In line with EU regulation following Russia’s full-scale military invasion of Ukraine, Italian authorities continued to block several Russian state-owned websites, including RT and Sputnik (see B1).

A Obstacles to Access

A1 1.00-6.00 pts0-6 pts
Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections? 5.005 6.006

Italy has relatively low internet penetration rates compared to the rest of the EU. Some 91 percent of households had access to the internet at home in 2022.1 According to the EU’s 2022 Digital Economy and Society Index (DESI), 66 percent of Italian households have a fixed-line broadband connection and Italy’s mobile broadband penetration rate is 80 percent—both below the EU averages.2 The share of populated areas in which at least one operator offered fifth-generation (5G) mobile networks reached 99.7 percent in 2021, up from just 8 percent in 2020.3 The country ranks slightly above the EU average on 5G readiness, with 60 percent of the total harmonized 5G spectrum assigned for deployment.4

Several factors have contributed to Italy’s relatively low internet penetration rates, including infrastructural limitations. According to the 2022 DESI, Italy continues to lag significantly behind in fixed-line Very High Capacity Network (VHCN) coverage; these connections were available to only 44 percent of the country’s households in 2021, compared to an EU average of 70 percent.5

The government continues to invest in efforts to improve the country’s telecommunications infrastructure, particularly VHCN infrastructure. In June 2022, the government awarded internet service provider (ISP) Telecom Italia (TIM) a €725 million ($775 million) tender to develop 5G network infrastructure in Italy, as part of broader connectivity initiatives funded by the country’s PNRR (see A2).6

A 2016 government decree reduced the costs for laying cables and established the Networks Register for Infrastructure (SINFI), a dedicated instrument for implementing broadband strategy, managed by the Ministry of Enterprises and Made in Italy.7

According to Ookla’s Speedtest Global Index, the median fixed broadband download speed in May 2023 was 64.55 megabits per second (Mbps), while the median mobile download speed was 44.90 Mbps.8

A2 1.00-3.00 pts0-3 pts
Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons? 2.002 3.003

Internet connections are relatively affordable. According to the International Telecommunication Union (ITU), the cheapest fixed-line broadband plan that provides at least 5 gigabytes (GB) of monthly high-speed data costs 0.98 percent of gross national income (GNI) per capita, while the cheapest plan providing at least 2 GB of high-speed mobile data cost 0.39 percent of GNI per capita.1

Significant geographical differences in internet penetration persist across the country. According to a report published by the United Nations Economic Commission for Europe (UNECE) in April 2023, 79 percent of Italians in northern Italy are regular internet users—defined as those who used the internet at least once per week in the three months before the study—compared to 71 percent in southern Italy. The report also noted that a gender-based digital divide persists in Italy; in 2022, 79 percent of men used the internet regularly compared to 73 percent of women.2 In May 2019, the Ministry of Technological Innovation launched an initiative called Repubblica Digitale to raise digital literacy and increase skills in emerging technologies.3 It aims to reduce various aspects of the digital divide by 2025.

As part of the PNRR, the largest recovery and resilience plan in the EU, also referred to as “Italia Domani” (Italy Tomorrow), the government will further invest in connectivity and digitization. In early 2022, approximately €350 million ($363 million) were made available under the scheme to fund projects for digital innovation and transition.4 Overall, 27 percent of the total €191.5 billion ($198.4 billion) allocated under the PNRR will be dedicated to digital innovation and transformation.5 The "Italia a 1 Giga” (1 Giga Italy) program, which is a component of the broader plan, aims to provide connections of one gigabit per second (Gbps) download speeds and 200 Mbps upload speeds to approximately 7 million street addresses where fast broadband coverage is currently unavailable.6

Prime Minister Giorgia Meloni, who took office in October 2022 at the head of a right-wing coalition government, did not name an innovation minister during the coverage period, raising concerns about the government’s commitment and ability to implement the ambitious targets outlined in the country’s PNRR.7

A3 1.00-6.00 pts0-6 pts
Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity? 6.006 6.006

The government does not impose restrictions on connectivity, nor does it centralize control over ICT infrastructure. In recent years, however, the government has undertaken efforts to create a "single network” (rete unica), a plan that would unite Italy’s entire fixed-line fiber infrastructure under one publicly backed entity.

Efforts to create the rete unica center on plans to merge TIM and the telecommunications provider Open Fiber, which manage Italy’s fiber infrastructure. TIM was privatized in 1997, and Cassa Depositi e Prestiti (CDP)—an investment firm controlled by the Ministry of Economy and Finance—holds only a 9.8 percent stake in the company.1 CDP also controls a 60 percent stake in Open Fiber. Supporters of the rete unica claim that the merger of these two entities will streamline ongoing efforts to improve Italy’s VHCN infrastructure (see A1).2

In November 2022, a landmark deal under which CDP would have assumed control of both TIM and Open Fiber collapsed.3 In the months afterward, TIM considered other offers, including one from CDP,4 for the acquisition of its fixed-line network.5 In June 2023, after the coverage period, TIM announced that it would begin exclusive negotiations with US private equity firm KKR for the sale of its fixed-line network.6

Under a 2012 decree-law, the state enjoys special supervisory authority, or “golden power,” over TIM and other companies in strategic sectors of the economy.7 In 2019, the government approved a decree-law allowing the state to use its “golden power” to veto the purchase and deployment of 5G technology provided by Chinese companies.8

A4 1.00-6.00 pts0-6 pts
Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers? 5.005 6.006

Access to the internet for private users is offered by a range of ISPs, all of which must be authorized by the Ministry of Enterprises and Made in Italy.1 As of September 2022, TIM had the largest share (41.9 percent) of the fixed-line market, followed by Vodafone (16.2 percent), Wind Tre (14.3 percent), Fastweb (14.1 percent), and others.2

TIM, Vodafone, Wind Tre, and Iliad are the major mobile service providers.3 Iliad, a French company, entered the Italian mobile market in May 2018, offering a low-cost option for consumers.4 Later in 2018, Kena Mobile,5 operated by TIM, and Ho. Mobile, managed by Vodafone, entered the low-cost mobile market to compete with Iliad.6 In the residential mobile market, as of September 2022, Wind Tre had 26.4 percent, TIM had 22.8 percent, and Vodafone had 20.8 percent, followed by Iliad at 13.7 percent and other operators with smaller shares.7

In January 2020, Fastweb, TIM, Vodafone, and Wind Tre were fined a total of €228 million ($236 million)8 by the Italian Competition Authority (AGCM).9 However, in July 2021, the fines against the companies were annulled by the Regional Administrative Court of Lazio because AGCM allegedly failed to provide sufficient evidence to justify its claim that operators acted in coordination.10 In February 2018, the police and authorities from the agency had searched the offices of the four providers, and of the industry lobbying firm Asstel.11 Regulators suspected that the companies had overcharged their clients by billing them for their services every four weeks instead of once a month; a 2017 law mandates that phone and internet providers bill customers once per month, instead of once every 28 days.12

In March 2020, AGCM fined TIM €116 million ($138 million) for abusing its dominant market position by “obstructing the entrance of rivals” into the ultrafast broadband market. The fine concerned TIM’s 2018 claim that it would not provide broadband to cities and towns where it could not ensure a return on the investment, which led the government to provide state-subsidized tenders. Then, after losing out in a bid to Open Fiber, TIM reneged on its earlier claim and agreed to provide broadband to rural areas without a state subsidy.13

A5 1.00-4.00 pts0-4 pts
Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner? 3.003 4.004

The main regulatory body for telecommunications is the Communications Regulatory Authority (AGCOM), an independent agency that is accountable to parliament. Its responsibilities also include protecting intellectual property rights, regulating advertisements, and overseeing public broadcasting. The parliamentary majority appoints AGCOM’s president.

Another important player governing the ICT sector is the Italian Data Protection Authority (GPDP), informally known as the “Garante Privacy.” Established in 1997, it is tasked with supervising compliance with data protection laws by both governmental and nongovernmental entities. It also has the authority to ban or block “processing operations that are liable to cause serious harm to individuals.”1 The GPDP is the supervisory authority responsible for monitoring application of the EU’s General Data Protection Regulation (GDPR) in Italy, and in 2022, the GPDP reported providing responses to 9,218 complaints and reports.2

In March 2023, the GPDP opened an investigation into US company OpenAI and its use of personal data to train the large language models that power ChatGPT, a popular chatbot. The GPDP temporarily banned the company from processing the personal data of users in Italy, pending an investigation into whether personal data had been scraped lawfully and in line with the GDPR.3 In response, OpenAI blocked access to ChatGPT in Italy for approximately one month (see C6).4

B Limits on Content

B1 1.00-6.00 pts0-6 pts
Does the state block or filter, or compel service providers to block or filter, internet content, particularly material that is protected by international human rights standards? 4.004 6.006

The government does not typically block or filter content of a political, social, or religious nature; however, during the coverage period, it continued to limit access to Russian state-owned websites in response to an EU regulation. Otherwise, all major websites and communication platforms are freely available. According to data gathered by the Open Observatory of Network Interference (OONI), Italy’s blocking and filtering of the internet is limited and is primarily implemented by means of domain name system (DNS) tampering.1

In early March 2022, following the Russian government’s brutal invasion of Ukraine, the EU Council issued Regulation 2022/350, ordering member states to “urgently suspend the broadcasting activities” of RT, Sputnik, RT France, RT Spanish, RT Germany, and RT UK within the EU and to block their websites because they “engaged in continuous and concerted propaganda actions targeted at civil society.”2 Asstel, the organization representing Italian telecom operators, confirmed that its members had promptly blocked these websites.3 In June 2022, the EU adopted a new package of sanctions, which also included directives for member states to block additional media websites: Rossiya RTR/RTR Planeta, Rossiya 24/Russia 24, and TV Centre International.4 The following month, in July, the EU’s General Court upheld the EU Council’s broadcasting ban on RT, denying an appeal by RT France.5

Websites and other popular digital services are also blocked for hosting copyright-violating content. In a major intervention in February 2021, AGCOM blocked five websites that were used by millions to stream Spanish football matches illegally. The blocking came in response to a request from the Spanish La Liga football organization.6 A law passed by the Chamber of Deputies in March 2023 would expand the powers of AGCOM to block online content that violates copyright (see B3).

In April 2020, the Italian Federation of Newspaper and Periodical Publishers (FIEG) urged AGCOM to restrict access to the Telegram messaging application, citing the existence of some Telegram channels that violated copyright by distributing digital copies of Italian newspapers.7 After two ensuing investigations led authorities to order 19 Telegram channels and 28 websites to be blocked, Telegram itself removed the relevant channels.8

One of the sites that was targeted for blocking as part of the Telegram investigation in May 2020 was that of Project Gutenberg, a prominent online distributor of public-domain e-books.9 Project Gutenberg appears on a list of websites put under investigation for the distribution of copyright-protected content published in the United States, where Project Gutenberg is based. The site continued to present signs of blocking by some Italian ISPs during the current coverage period.10

Illegal gambling sites are frequently blocked by the Customs and Monopolies Agency (ADM), an administrative body under the Ministry of Finance, In March 2021, ADM blocked the popular content-sharing platform Medium in Italy because of posts that allegedly shared illegal gambling links. Following inquiries from the press, the block was lifted later the same day.11 ADM’s public blacklist contained over 9,500 illegal gambling websites as of March 2023.12

Websites hosting content related to terrorism or child sexual abuse images may also be subject to blocking. Through a June 2019 decree, the government gave the National Companies and Exchange Commission (CONSOB), the public authority responsible for regulating the Italian securities market, the mandate to order service providers to block websites offering unauthorized financial services. In May 2023, the overall number of websites blocked by the CONSOB rose to 898, the majority of which were fraudulent online financial and trading services.13

B2 1.00-4.00 pts0-4 pts
Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content, particularly material that is protected by international human rights standards? 3.003 4.004

Authorities and courts sometimes request the removal of specific content.

From January to June 2022, Meta removed 825 comments, 127 pages and groups, and 37 posts from Facebook, while 252 media items and 50 accounts were removed from Instagram based on requests originating from Italy Meta also restricted 14 pieces of content globally. According to Meta, 1,107 of the removals were in response to private reports of defamation, 162 items violated EU sanctions on Russian state-controlled media, seven items violated local privacy laws, and one item violated hate speech laws.1 According to Google’s transparency report, the company received 166 government requests to remove content between July and December 2022, including 53 for defamatory content and 9 for privacy and security reasons. Google removed more than 80 percent of all requested items.2

In May 2021, during the previous coverage period, the Supreme Court of Cassation ruled that the popular television show “Le Lene” must remove a segment allegedly defaming Roberto Burioni, a scientist and public figure. Burioni had sued Mediaset, which airs “La Lene,” for defamation, claiming reputational damages from a segment of an episode that alleged that Burioni had promoted pharmaceutical products for his own financial benefit. The May 2021 ruling upheld an earlier decision in which a court ruled in favor of Burioni and imposed the restriction of the allegedly defamatory segment on Le Lene’s website. The Supreme Court’s ruling also confirmed that a court can order the restriction of an entire journalistic piece in a defamation suit, rather than only the parts of the piece considered defamatory. Various observers have warned of the negative impact the case could have on free expression.3

Italian courts have ruled in favor of the so-called right to be forgotten (RTBF) established by the Court of Justice of the European Union (CJEU) in 2014. In December 2015, a civil court in Rome upheld the CJEU’s reasoning on the RTBF but rejected the plaintiff’s request, seeking to balance such a right with the right to information in the public interest.4 In a problematic move in 2016, the Supreme Court upheld a 2013 court decision ordering the removal of an article that damaged a restaurant’s reputation from a website’s archives after two years, finding that the time elapsed between the publication date and the request for removal did not satisfy the public interest.5 Google reported that, between May 2014 and the end of May 2023, the company removed some 178,122 URLs in Italy (41.3 percent of the total requested) following RTBF complaints from users.6

According to IRPI Media, the newsroom of the nongovernmental organization (NGO) Investigative Reporting Project Italy, dozens of Italians have hired the services of Eliminalia, a Spain-based reputation-management agency.7 A February 2023 report from Forbidden Stories noted that the company uses several deceptive tactics to help well-connected clients remove negative articles from search results and news websites, including bogus legal actions meant to intimidate journalists to remove articles, or requests, often under the US Digital Millennium Copyright Act (DMCA) or the GDPR, to deindex search results. 8

B3 1.00-4.00 pts0-4 pts
Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process? 3.003 4.004

Websites related to child sexual abuse images, copyright infringement, illegal gambling, and terrorism may be subject to blocking or targeted with content removal orders generally issued by the courts. An antiterrorism decree-law passed by parliament in 2015 allows the public prosecutor to order the blocking or removal of websites affiliated with terrorist groups.1 In a system similar to those used to block child sexual abuse images and illegal gambling sites, the Ministry of the Interior compiles a blacklist of terrorist websites for ISPs to block.2

A controversial resolution on online copyright enforcement enacted in 2014 enables AGCOM to issue administrative blocking orders to ISPs for specific websites that infringe on copyright, even those that only contain links for downloading copyright-protected content. The regulation also gives AGCOM the power to remove content upon review by an internal panel, but without prior judicial approval, if a copyright violation is detected.3 AGCOM’s blocking orders are publicly available on its website.4

In March 2023, the Chamber of Deputies passed a bill that would expand the powers of AGCOM to block sites hosting copyright-protected content. The bill became law in July 2023, after the coverage period, following passage in the Senate.5 Under the law, AGCOM can order ISPs to restrict access to illegally disseminated content, including live broadcasts, through DNS blocking and internet protocol (IP) address blocking, and can also block other domains that facilitate access to the same illegal content.6 ISPs must comply within 30 minutes of notification, under the threat of administrative penalties for failure to do so.7

Debate about the 2019 EU Copyright Directive, which holds “online content sharing service providers” liable for copyright violations that take place on their platforms, was lively in Italy, where political parties expressed strong and diverging opinions. The first government headed by Prime Minister Giuseppe Conte expressed opposition to the new directive, while the Democratic Party, which formed the second Conte government, favored the measure.8 The 2019 EU Copyright Directive was officially adopted by Italy in December 2021, under the Mario Draghi government.9

The EU’s Digital Services Act (DSA),10 which seeks to harmonize member states’ legislation regarding illegal content and introduce transparency measures for large platforms, entered into force in November 2022. Full implementation of the DSA will not take place until February 2024.11

Under a 2017 cyberbullying law, minors over the age of 14 or their parents can demand that content-hosting sites remove damaging material within 48 hours.12 If no action is taken, the victims can refer their case to the GPDP, which can order the damaging content to be blocked or taken down.13 Critics of the law said it gave users too much latitude to force the removal of content from social media sites.14

ISPs are not generally liable for illegal third-party content, but they must inform authorities of such content should they become aware of it, and they face civil penalties if they do not comply with official requests to restrict access to it.15

B4 1.00-4.00 pts0-4 pts
Do online journalists, commentators, and ordinary users practice self-censorship? 3.003 4.004

Content creators and hosts may exercise some self-censorship regarding content that could prove controversial or create friction with powerful entities or individuals. Online writers also exercise caution to avoid libel suits by public officials, whose litigation—even when unsuccessful—can take a significant financial toll. Individuals writing about the activities of organized crime in some parts of the country may be especially at risk of extralegal reprisals.

In March 2018, the magazine Famiglia Cristiana deleted an article about the seizure by Italian authorities of a Spanish nongovernmental rescue ship carrying asylum seekers, following a confrontation at sea that may have violated international law.1 After 24 hours, an altered version of the article was published online,2 and the original author withdrew his name from it. Mention of the Italian navy was dropped from the title, and descriptions of the navy’s involvement in the incident were modified.

B5 1.00-4.00 pts0-4 pts
Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest? 3.003 4.004

Manipulated online content has become more prevalent in Italy since the COVID-19 pandemic and following the Russian invasion of Ukraine. In recent years, political parties have also engaged in online manipulation surrounding elections.

The February 2022 full-scale Russian military invasion of Ukraine led to a wave of foreign disinformation campaigns targeting the Italian public. In April 2022, shortly after the full-scale invasion, Italian fact-checking organization Facta reported on a network of at least five Facebook pages with around 40,000 followers supporting Vladimir Putin and echoing Russian disinformation.1 According to figures published by daily La Repubblica, around 50 Facebook profiles were removed in Italy for spreading Russian disinformation.2 In May 2022, the Italian parliament’s security committee opened a probe into pro-Putin disinformation being spread through news outlets.3

A September 2022 Meta report noted that a Russian influence operation created more than 60 websites impersonating prominent publications in the EU, including Italy’s National Associated Press Agency (ANSA), to disseminate Russian disinformation to Facebook and Twitter users in Italy and throughout the EU. The campaign spent around $100,000 on Facebook advertisements and sponsored pages to spread narratives about the potential energy crisis in Europe and false claims about the war crimes committed by the Russian military in Ukraine, which have been widely documented by journalists and human rights groups. Falsified ANSA articles were also used to denounce Ukraine’s storage of grain. Meta determined that the network had little influence on people on its platforms.4

The prevalence of pro-Kremlin disinformation in Italy could affect how Italians view the Russian invasion of Ukraine. Polling data published by the European Council on Foreign Relations (ECFR) in June 2022 found that 27 percent of Italians blamed either Ukraine, the EU, or the US for the outbreak of the war, the highest proportion of the 10 European countries surveyed. Additionally, 35 percent of Italian respondents believed that either Ukraine, the EU, or the US were the biggest obstacle to peace in the war, compared to 39 percent who said the same of Russia.5

Reporting ahead of Italy’s September 2022 general election identified some efforts to manipulate the online environment, including with Russian disinformation. One pro-Kremlin manipulation campaign, for example, encouraged abstentionism in the election through the hashtag #IoNonVoto (#IDontVote).6 Other online content about the election was intentionally altered to weaken political opponents. One September 2022 Facebook post, for example, contained an image of polling data from an ostensibly credible source manipulated to represent the Five Star Movement as closely trailing the far-right Brothers of Italy, the election’s frontrunner and eventual winner.7 These efforts were part of a wave of false information that muddied the online information landscape in Italy in the final weeks before the election (see B7).

B6 1.00-3.00 pts0-3 pts
Are there economic or regulatory constraints that negatively affect users’ ability to publish content online? 3.003 3.003

In practice, Italians do not face special economic or regulatory obstacles to publishing content online.

Italy’s Declaration of Internet Rights (see C1) expresses the country’s commitment to the net neutrality principle. However, the declaration is nonbinding, and net neutrality is not enshrined in national law, though a 2015 EU-level regulation empowers AGCOM to supervise and enforce the principle.1

B7 1.00-4.00 pts0-4 pts
Does the online information landscape lack diversity and reliability? 4.004 4.004

The online information landscape in Italy is representative and relatively unrestricted, though misinformation sometimes undermines the reliability of available information. In more recent years, social media platforms have become a more popular forum for online expression. Facebook, YouTube and Instagram in particular are among the most-visited websites in the country.1 Twitter is particularly popular among journalists and politicians.

NewsGuard’s Italian National Elections Misinformation Tracking Center documented several false claims that circulated online in the weeks before Italy’s September 2022 general election, including many that were intentionally manipulated (see B5). According to NewsGuard, the false information circulating online included inaccurate claims about Italy’s voting processes and the security of elections, as well as false statements about particular candidates.2

Misinformation related to the COVID-19 pandemic was also prevalent in the online environment. NewsGuard’s Coronavirus Disinformation Monitoring Center found that 73 websites—including conspiracist blogs, alternative websites, and popular news outlets—published COVID-19 misinformation in Italy as of May 2023.3 Among the outlets were right-wing daily La Verità and Il Primato Nazionale, a website with ties to the neofascist CasaPound movement.

Observers have frequently raised the problem of inadequate or flawed representation of immigrants, migrants, and refugees in media coverage as well as in newsrooms, and have noted that efforts to address such concerns are often underdiscussed in Italy.4 A January 2020 report by Voci Globali,5 the Italian chapter of Global Voices, noted that despite the central place that migration has in the public and social debate in the country, foreign-born journalists are still very rare in Italian newsrooms. Such journalists often create forms of alternative journalism that find space online or work in what are called “ethnic media.” The latter, while important, could potentially lead to isolation from the mainstream debate.6

B8 1.00-6.00 pts0-6 pts
Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues? 6.006 6.006

In Italy, social media platforms, especially Facebook, have emerged as crucial tools for organizing protests and other mass gatherings such as parties or political rallies. There are no restrictions on their use.

In October 2022, the outgoing government of then prime minister Draghi launched a national platform for citizen initiatives, as announced by the Ministry of Technological Innovation.1 However, as of March 2023, the platform had not been activated by the Meloni government, despite indications that it was ready for public use.2

In the spring of 2021, a social media campaign emerged around a bill to establish penalties for discrimination on the basis of sexual orientation and gender identity, commonly referred to as “DDL Zan” (the Zan bill) in reference to Alessandro Zan, the parliamentarian and LGBT+ activist who introduced the bill. As activists denounced the bill’s slow progress in parliament, the magazine Vanity Fair Italy asked people to share photos on social media of the slogan “DDL ZAN” written on a hand, along with the hashtag #DiamociUnaMano (#LetsGiveEachOtherAHand).3 Many celebrities joined the campaign, which became widely popular on social media.

In November 2020, civil society, activists, and media organizations joined forces for the #DatiBeneComune (#DataForTheCommonGood) campaign, pressuring Italian institutions to release all pandemic-related data in open and machine-readable formats and advocating for greater transparency. The campaign was launched by the open data group OnData and the corresponding Change.org petition gathered over 50,000 signatures. Over 200 organizations joined the campaign, including ActionAid, Transparency International, and Wikimedia.4 The campaign remained active during the current coverage period, shifting its focus to promote government transparency surrounding the PNRR.5

C Violations of User Rights

C1 1.00-6.00 pts0-6 pts
Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence? 4.004 6.006

Italy is a signatory to the European Convention on Human Rights and other relevant international treaties, and its constitutional guarantees regarding freedoms of speech and the press, as well as the confidentiality of correspondence,1 are supported by an independent judiciary. Italy became the first European country to adopt a crowdsourced Declaration of Internet Rights in July 2015.2 The nonbinding document includes provisions that promote net neutrality and establish internet access as a fundamental right. While generally seen as a positive development, the text has also raised some criticism for failing to outline adequate protections for anonymity, encryption, and data retention.3

Some restrictions on journalism, including online journalism, that are uncommon in other EU member states remain in place in Italy. Drawing on a 1948 law against the “clandestine press,” a regulation issued in 2001 holds that anyone providing a news service must be a “chartered” journalist with the Communication Workers’ Registry (ROC) and hold membership in the Italian National Press Federation.4 With the exception of one case from the late 2000s, these rules have generally not been applied to bloggers, and in practice thousands of blogs are published in Italy without repercussions.

Italy approved a Freedom of Information Act (FOIA) only in 2016, recognizing the right to access data and documents from public administrations.5 Journalists in the country increasingly use the law to conduct investigations. According to Transparency International Italia, which assists Italian journalists in submitting FOIA requests, 75 percent of the requests submitted through their service in 2019 facilitated the release of relevant information and documents.6

C2 1.00-4.00 pts0-4 pts
Are there laws that assign criminal penalties or civil liability for online activities, particularly those that are protected under international human rights standards? 2.002 4.004

Several laws present a threat to internet freedom in the country. A 2015 antiterrorism law expanded language in the criminal code on terrorist recruitment, as well as the endorsement or incitement of terrorism, to include online activities.1 Critics argued that the law could be applied broadly and would sanction legitimate instances of free expression that fall within international norms on protected speech.2

Defamation is a criminal offense in Italy. According to the criminal code, “aggravated defamation” is punishable by prison terms ranging from six months to three years and a minimum fine of €516 ($617). In cases of libel through the press, television, or other public means, there is no prescribed maximum fine.3 Though these criminal provisions are rarely applied, civil libel suits against journalists, including by public officials and politicians, are a common occurrence, and the financial burden of lengthy legal proceedings may have chilling effects on reporters and their editors (see B4).4

C3 1.00-6.00 pts0-6 pts
Are individuals penalized for online activities, particularly those that are protected under international human rights standards? 5.005 6.006

Defamation suits against journalists, including those operating online, remain common. Drawn-out legal proceedings, whatever their result, can entail serious financial costs for defendants. Oxygen for Information (Ossigeno per l'informazione), an organization that tracks threats to journalists in Italy, has reported hundreds of “frivolous defamation suits” against media defendants since 2011, including cases about online media. The organization’s most recent report notes that in 2022, 721 journalists were subject to different forms of threats—up from 384 in 2021—and that 39 percent of cases were civil defamation suits or other legal actions.1

According to a survey from the Italian National Institute of Statistics presented in October 2019, some 70 percent of all libel cases against journalists between 2011 and 2016 did not lead to a full investigation, a sign of the frivolous grounds of most of these complaints. However, overall convictions for defamation, whether or not the defendants were journalists, rose from 182 in 2014 to 435 in 2017, and the number of prison sentences imposed for the offense, most of them between three and six months, rose from 35 in 2014 to 64 in 2017.2 In a representative incident reported in April 2019, the online news outlet Estense was presented with a €100,000 ($104,000) lawsuit by a regional Lega politician after publishing a story in which interviewees accused the plaintiff of stopping suspected immigrants and asking for their residency papers.3

C4 1.00-4.00 pts0-4 pts
Does the government place restrictions on anonymous communication or encryption? 3.003 4.004

The government places few restrictions on anonymous communication or encryption. Italian law does require mobile service providers to obtain customers’ personal and identification data in order to register a SIM card, citing counterterrorism purposes.1

In the past, lawmakers have attempted to propose laws that would require users to present identification to sign up for social media accounts, but they have not gained traction.2

C5 1.00-6.00 pts0-6 pts
Does state surveillance of internet activities infringe on users’ right to privacy? 3.003 6.006

Italian courts and lawmakers have sought in recent years to better define the legal boundaries of state surveillance, whether for law enforcement, intelligence, or public health purposes, with mixed success.

The use of trojans, a type of malicious software, for criminal investigations remained an ongoing controversy in Italy during the current coverage period, with calls continuing for more well-defined regulations.1 An anticorruption law approved in February 2020 included provisions and a further decree that extended the authorized use of trojans to investigations of crimes against the public administration committed by public officials, if the crimes are punishable with at least five years of imprisonment. In addition, the changes allow for the interception to take place at “the target’s private home,” even if a crime is not occurring at the moment, as long as it has been authorized.2

Authorities are widely perceived to be engaged in regular wiretapping, and the news media often publicizes information that is obtained from wiretaps and subsequently leaked to journalists. According to IRPI Media, wiretapping operations quadrupled between 2010 and 2020, and there were almost 2,900 wiretap operations in 2021 alone.3

In April 2021, the newspaper Domani reported that prosecutors and other officials in Trapani, a Sicilian city, had wiretapped journalists’ phone calls with sea rescue NGOs.4 The officials were investigating the NGOs for their alleged involvement in human trafficking. Authorities later exposed the journalists’ sources. As subsequently reported by the Guardian, the recorded conversations included information about travel itineraries and a conversation between a reporter and her lawyer. The officials also used geolocation data to track the journalists.5

Lawmakers have made several attempts to regulate surveillance operations in recent years. A new wiretapping law came into effect in September 2020, implementing Decree Law 161 of 2019. 6 According to Wired, the new law “[restructures] the management of intercepted data and, above all, expands the categories of crime for which computer detectors can be used.”7 The law includes some privacy safeguards; for example, companies that supply these surveillance systems are compelled to use encrypted systems and securely delete files, according to journalist Carola Frediani.8 However, there are concerns that these safeguards will be applied inconsistently.9 MPs also raised concerns about the broadening of wiretaps in March 2021, during the discussion of a bill to establish expenses and quality standards related to wiretapping, which includes the storage and management of sensitive data by companies.10

In December 2022, after more than five years of delays, the Ministry of Justice published a national interception price list, setting the prices that prosecutors pay to private companies for wiretapping and interception services.11 Some experts raised concerns that the standardized price list does not account for the nuances of different interception operations and could merely incentivize those conducting intelligence to maximize profits.12

A November 2018 ruling by the Supreme Court was expected to effectively place limits on authorities’ ability to conduct hacking as part of a criminal investigation. The case involved the installation of malware on a suspect’s mobile phone; the Supreme Court instructed a lower court to reexamine whether police practices were consistent with articles of the European Convention of Human Rights and the Italian constitution that protect the freedom and confidentiality of correspondence and other forms of communication.13

Awareness of Italian involvement in the international cyberweapons market has grown, and Italian companies, including the now-defunct Hacking Team, have faced increased scrutiny over sales of surveillance software to government agencies and repressive regimes.14 Experts have raised concerns that Italian authorities are ill-prepared to mitigate the harms posed by such technologies—and in many cases, the Italian government’s spending on spyware has incentivized Italian commercial spyware companies to market their products to more lucrative and repressive markets.15 In June 2021, a joint investigation by IRPI Media, the newspaper il Domani, and Dutch investigative nonprofit Lighthouse Reports reported that European companies, including the Italian company SecurCube, provided cell-tower surveillance technology to Myanmar’s military, despite the EU embargo on the export of these tools. The company claimed that it had not directly sold the technology to Myanmar’s military, but it acknowledged that BTS could have been resold by third parties.16

In November 2022, cybersecurity researchers at Google reported that an unspecified number of Italian people were targeted with a zero-click exploit—a security vulnerability that remains undetected before it is exploited by malicious actors—that could track the location of their devices. The campaign, which also targeted people in Malaysia and Kazakhstan, was not publicly attributed to a specific actor or purpose.17

The use of facial recognition continues to be a hotly debated topic in Italy. In April 2021, the GPDP rejected the use by the police of the SARI Real Time facial recognition system—which was an advanced version of the existing Italian National Police facial recognition system—arguing that the system lacks a legal basis for live facial recognition and that, as designed, it would implement a form of mass surveillance.18 In December 2021, the Italian parliament approved a two-year moratorium on the installation of new facial recognition systems in public places or private property that is open to the public, such as stadiums.19 In June 2023, after the coverage period, parliament voted to extend the moratorium through the end of 2025.20

Advanced technologies are used on vulnerable populations without transparency and appropriate oversight: in December 2021, the Hermes Center for Transparency and Digital Human Rights published a report detailing the use of facial recognition and biometric technologies on migrants fleeing persecution and arriving to Italy by boat.21 According to the report, migrants’ biometric data is included in a database that also contains suspects of crimes, and the government uses biometric authentication, including through facial recognition, to see if any of the migrants have committed crimes.

C6 1.00-6.00 pts0-6 pts
Does monitoring and collection of user data by service providers and other technology companies infringe on users’ right to privacy? 3.003 6.006

Service providers are required to comply with law enforcement requests for users’ activity records, known as metadata, under a variety of circumstances, including in the course of a criminal investigation or “for the purpose of preventing crimes by criminal associations and international terrorism organizations.”1

Although the CJEU struck down a 2006 EU directive on the retention of data, Italy has extended the period for which ISPs must keep users’ metadata. In November 2017, parliament swiftly approved a regulation on data retention that requires telecommunications companies to store telephone and internet data for up to six years. Despite civil society protests, there was virtually no public or parliamentary debate on the measure, which had been added to unrelated legislation following a European Council directive before passage.2 The GPDP expressed its objection to the bill, citing the measure's incompatibility with EU law and case law.3 At the time, then European Data Protection Supervisor Giovanni Buttarelli commented that the new regulation allowed too much data to be collected and did not reflect the European approach to data retention.4

The GPDP has launched investigations into companies that have potentially abused user data, issuing fines and other penalties in some cases. In late March 2023, the GPDP opened an investigation into OpenAI’s handling of personal data and issued an order that temporarily banned the company from processing users’ personal data in Italy.5 As a result of the GPDP’s order, OpenAI restricted access to ChatGPT in Italy on March 31.6 OpenAI restored full access to ChatGPT in Italy on April 28 after implementing several measures to satisfy the GPDP, including greater measures about how peoples’ data is used by the company and an easier process to object to the processing of personal data.7 Additionally, the GPDP ordered OpenAI to implement an age verification system—preventing children under 13 from accessing the chatbot without parental consent—by the fall of 2023.8

During the previous coverage period, in February 2022, the GPDP fined the US-based facial recognition company Clearview AI €20 million ($23.9 million),9 the maximum penalty under the GDPR, after discovering that the company monitored and processed biometric data of individuals on Italian territory without a legal basis. The GPDP started its investigation following several complaints by journalists, civil society organizations, and researchers.10 Additionally, the GPDP ordered the company to erase all personal data relating to individuals in Italy and banned further collection and processing of personal data relating to individuals in Italy through Clearview AI’s facial recognition system. The GPDP also ordered Clearview AI to designate a representative in the EU.

In September 2021, the GPDP fined Luigi Bocconi University €200,000 ($239,000) for using Respondus, a proctoring software, without sufficiently informing students of the processing of their personal data and, among other violations, for processing their biometric data without a legal basis. Bocconi is a private University based in Milan and during the COVID-19 pandemic it introduced Respondus tools to monitor students during remote exams.11

In December 2022, Italy began initial operations of the National Strategic Hub (PSN), a centralized cloud-computing infrastructure system to store user data from public services developed as part of the PNRR. Though the PSN was created to store public administration data more securely, lawmakers raised concerns that US-based cloud service providers that signed agreements to help develop the project, such as Google Cloud and Amazon Web Services, could be compelled by US authorities to turn over Italians’ data stored on their servers.12

C7 1.00-5.00 pts0-5 pts
Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in relation to their online activities? 3.003 5.005

While cases of intimidation or physical violence in response to online activities are reported only sporadically, individuals who expose organized crime activities in some parts of the country may be especially at risk of reprisals.

The Interior Ministry recorded 28 episodes of violence and intimidation against journalists in the first three months of 2023, amounting to a 36 percent decrease compared to the first quarter of 2022.1 Of the reported 111 cases in 2022, 27 percent involved online intimidation, particularly on Facebook and Instagram.2 Separately, Ossigeno per l'informazione documented 721 cases of threats and intimidation against Italian journalists and bloggers in 2022, a figure that includes legal actions for defamation (see C3).3

In May 2023, the director of the Etruria News blog was allegedly beaten by Emiliano Clementi, the director of a local property management company. The incident was reportedly in response to a series of critical articles about Clementi posted by Etruria News.4

Women journalists and politicians in particular are subject to virulent online harassment. In 2018, journalist Annalisa Camilli received derogatory and threatening anonymous emails after publishing an online story about a migrant rescued at sea by the NGO Open Arms.5 Other women journalists have reported experiencing similar harassment, frequently for their coverage of the migration crisis.6 Independent lawmaker Laura Boldrini was harassed, including by prominent politicians such as Matteo Salvini, the leader of the right-wing Lega, whose posts about her elicited death and rape threats from his online supporters.7

In 2021, several journalists were attacked while reporting on anti-vaccination protests or gatherings; for example, in August 2021, two separate instances of verbal and physical assault were reported.8

The non-consensual sharing of intimate images appears to be a widespread phenomenon in Italy. The nonprofit PermissionDenied (PermessoNegato) estimates some two million Italians have had their intimate images shared online without their permission, based on a sample of 2,000 people. The PermissionDenied research found that 70 percent of victims in the sample were heterosexual women, and only 50 percent of victims in the study reported the abuse to the authorities.9

C8 1.00-3.00 pts0-3 pts
Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack? 2.002 3.003

Cyberattacks have constituted a problem in Italy in recent years, through the defacement of or distributed denial-of-service (DDoS) attacks against the websites of political figures or institutional websites.

Cyberattacks have increased in recent years, according to some sources. In its 2023 report, the Italian Association for Information Security (CLUSIT) recorded 188 serious cyberattacks in Italy, an increase of 169 percent compared to the previous year.1 The overwhelming majority of cyber incidents in Italy were conducted for cybercrime purposes, at 93 percent.2

Hacks of public and private institutions continued to occur during the coverage period. In September 2022, the Italian Ministry of Ecological Transition's Twitter account was hacked by cryptocurrency scammers. The hackers attempted to impersonate Ethereum blockchain founder Vitalik Buterin using the ministry’s account.3 In August 2022, the city of Turin’s Local Health Authority suffered an infrastructure cyberattack that disrupted the normal operation of some services for at least several days.4

In June 2022, the public administration of the Sardinia region admitted they had been targeted by a massive ransomware attack in February 2022,5 following several reports by Italian journalists.6 The hackers allegedly obtained 155 GB of personal and sensitive data, including identification cards and passwords. It is considered the largest data breach to impact a public institution in Italy to date.

Russia-linked DDoS attacks against Italian institutions continued during the current coverage period. In March 2023, it was reported that the pro-Russian “NoName057” hacking group had targeted the websites of the Chamber of Deputies, the Ministry of Defense, and the Bologna airport, among others. Some of the websites reportedly remained operational during the attacks.7

In May 2022, the news agency AGI reported that a DDoS attack hit seven Italian websites, including the Senate, the Higher Institute of Health, and the Italian Automobile Club. A pro-Russian hacking group called "Killnet" claimed responsibility for the attack and stated it was retaliation for Italy’s support of Ukraine. 8

On Italy

See all data, scores & information on this country or territory.

See More

Country Facts

  • Global Freedom Score

    90 100 free

  • Internet Freedom Score

    75 100 free

  • Freedom in the World Status

    Free

  • Networks Restricted

    No

  • Websites Blocked

    Yes

  • Pro-government Commentators

    No

  • Users Arrested

    No