The dissemination of sensitive data for defensive purposes doesn’t violate privacy without actual damages, Italian Supreme Court held


Corte di Cassazione. Author: FGC

On May 20, 2019, the Corte di Cassazione, the Italian Supreme Court, clarified that if the damage is not proven, there is no crime for the violation of privacy under the Italian Privacy Code (Article 167, Legislative Decree 196/2003).

In this case, a father and a son were involved in a civil proceeding. The father produced health documentation relating to a serious psychiatric illness of the son to prove that his monetary claim was groundless.

According to the son, the diffusion of the data determined non-patrimonial damages because his data were made public without consent as well as patrimonial damages because it forced him to settle at conditions he wouldn’t have accepted.

The lower court rejected the son’s claim and deemed that the crime wasn’t committed because the son did not suffer any actual damage.

The Supreme Court agreed with the lower court and rejected the son’s recourse. According to the Court, the violation of the right to privacy is not actual when personal data are communicated in a civil proceeding, considering that the individuals to whom the data was disclosed are limited to professionals involved in the proceeding itself and are bounded by a duty of confidentiality. The lack of actual damages persists even though the communication of personal data is in excess of the right of defense.


The judgement of III criminal section of the Supreme Court dated May 20, 2019 n. 23808 (III sezione penale della Cassazione sentenza 20 maggio 2019 n. 23808) is available in Italian here


For more information on how to make your privacy policy compliant with EU data protection, contact Francesca Giannoni-Crystal and Federica Romanelli