The right to respect for private life and the requirement of transparency of Public Administration in the Italian legal system
Premessa: tale scritto, a cura di Aniello Formisano, fa parte del Legal Research Group di ELSA Napoli intitolato “Right to private life: challenges and perspectives” organizzato da ELSA Napoli e curato da Francesco De Santis (professore di diritto processuale civile e procedure di tutela internazionale dei diritti umani presso il Dipartimento di Giurisprudenza dell’Università di Napoli “Federico II”).
Summary: 1. Legal evolution of transparency in the Italian legal system ‒ 1.1. From transparency as a publication requirement to transparency as freedom of access to data and documents: the generalized civic access ‒ 2. Privacy and transparency: a difficult coexistence ‒ 2.1.Risks and consequences of the uncontrolled dissemination of data on constitutional rights: data mining and algorithmic governance ‒ 3. The role of Italian Regulatory Authorities in the balance of privacy and transparency: the relevance of its guidelines.
-
Legal evolution of transparency in the Italian legal system
Before analysing the relationship between transparency and privacy, we need to bring attention on the evolution of transparency regulation in the Italian legal system[1]. The evolution of transparency involves a series of difficulties in defining its boundaries and providing an univocal definition of the same boundaries. Transparency is often linked to publicity, which is essential to disseminate acts, documents and information to citizens, that is now possible and easier through Internet. Nevertheless, as it has been opportunely noted[2], this is not the only element that characterizes transparency. The Administration must, in fact, guarantee citizens access to information through tools for access to administrative documentation or through direct publication of data on websites that should be inserted in website section not hidden and easily accessible. In addition to these characteristics, transparency is linked to clarity and comprehensibility of information. If these requirements are not met, the citizens’ legitimate expectation would be harmed by access to incomprehensible and “equivocal” information which would generate an erroneous conviction regarding the behaviours to be kept[3].
Based on what has been just mentioned, the analysis of transparency cannot be separated from the analysis of its evolution. Before the reforms of the ‘90s on the administrative procedure, the administrative activity was characterized by secrecy[4]. Public authorities were bound by the official secret and administration had a very wide discretionary space to decide arbitrarily what documentation was covered by such secret[5]. Therefore, the previously transparency regulation was not able to achieve the aims set forth in our Constitution.
The evolution of transparency regulation has implemented constitutional principles to prevent corruption and maladministration, and also tends to achieve the effective participation of citizens in decision-making control over public powers: it aims at becoming a real instrument of democratic participation. In this scenario, citizens do not assume a position of mere expectation, but acquire awareness and actively participate in the public decision-making processes[6].
In light of this, a non-static notion of transparency emerges in the Italian legal system: it is a dynamic one that evolves and changes over time. In fact, there is a change from an originally vertical interpretation of transparency[7], founded within a ministerial pyramid, to a horizontal vision of Administration, as elaborated by Filippo Turati. This paradigm shift is confirmed by the possibility for all citizens to access information except for the limits fixed by the public law[8], «whose legitimacy ultimately lies precisely in the vote expressed by the same administered as voters».
The 1948 Italian Constitution does not expressly provide the notion of transparency, but it shares Turati’s reconstruction, hence constitutionalizing the aspects that characterize it: advertising and accessibility. These can be derived from the interpretation of the general principle of good administration, enshrined in Article 97 of Constitution. This gives rise to a notion of transparency in which advertising and accessibility are strictly inter-linked. A different interpretation would undermine one of the aims pursued by transparency ‒ e.g., the repression of corruption phenomena. For example, we can consider the publication of a call for tenders on the notice board or on a website, in a holiday period, which has been cleverly concealed becoming «equivocal, obscure and therefore non understandable to the citizens»[9].
It seems appropriate to outline the legal regime that has been introduced in the Italian legal system.
The epochal turning point is represented by Law no. 241 of 1990, which introduced in the institution of administrative procedure as a general rule of public action and the right to access to public administration documents. It has been observed that with this law «the wall of impenetrability towards the outside has begun to gradually crumble»[10]. The foundations have been laid for creating a notion of transparency that tends to approach the glass house, theorized by Filippo Turati.
As already mentioned, the internet’s future brings a change of transparency that is no longer seen in the one-to-one or peer-to-peer relationship between citizen and administration, because administration expresses the interest that actions become visible to all, through an open data dissemination[11]. Thus, the transparency paradigm changes. The ultimate aim is to ensure freedom of access to information in order to pursue a number of different interests, all aimed at achieving the good performance of Public Administration (e.g., the prevention of corruption phenomena; the repression of abusive practices; the resolution of interest conflicts; an immediately access guarantee to those who are in a difficult situations to the data of their interest). All these interests have an ultimate common purpose, namely to guarantee the principle of good administration through a citizen participation in policy-making
- From transparency as a publication requirement to transparency as freedom of access to data and documents: the generalized civic access
The legislator’s goal is to create a freedom of access to information was pursued with the Madia Reform, announced as the “Italian Foia“[12]. The legislator limited himself to introduce a series of publication requirement for the Public Administration. On this point, it has been observed that this reform is far from giving citizens full access to information, being compared to an embryonic version of the American FOIA[13] and not to the recent developments that have taken place[14].
The main innovation of Legislative Decree No. 97 of 25 May 2016 is represented by the introduction of a third form of access ‒ the generalized civic access. This the two already existing were the access to the simple acts ‒ governed by the already mentioned Law no. 241 of 1990 ‒ and the simple civic access, introduced by Article 5 of Legislative Decree No. 33 of 2013[15]. The latter, in particular, assumes a sanctioning nature by guaranteeing to those who request it acts, documents and information subject to the obligation of publication.
The generalized civic access is a new type of access that becomes autonomous and disconnected from a publication requirement, placing on the citizen the obligation to request access to closed data, i.e. those data on which there is no obligation to publish by the public administration. Therefore, the Madia Reform has undoubtedly represented an improvement on the active side of transparency because it has introduced the so-called reactive disclosure, that is the possibility for everyone to request any kind of information to public administration[16]. Such possibility goes beyond the so-called proactive disclosure ‒ i.e. the Administration’s requirement to publish a series of public information considered relevant by the Legislator.
However, authoritative scholars have highlighted the various obscure points of the Madia Reform, especially the lack of widespread access to information. In this regard, the private accessibility to the so-called closed data requires an access request that the citizen must submit from time to time (i.e. a qualified interest). Therefore, the Administration will not make ex-officio data available to citizens, since there is no general administrative requirement to make data available to citizens. This means that this reform moves away from an administration model aimed to create an Open Data Policy, expression of the highest form of democracy.
For the reasons analysed above, it emerges that the regulatory evolution of transparency appears unable to guarantee the citizens right to be adequately informed. However, the question that underlies all the reasoning so far carried out is the following: does our Constitution recognize a «right to administrative information?»[17].
On this point, some scholars have observed[18] how the right to information is recognized under the active aspect ‒ i.e. the freedom of expression ‒ but not for the passive aspect ‒ i.e. being informed or anxious to inform oneself. The latter is not set forth in the Italian Constitution. Article 21 of the Italian Constitution only provides that “everyone has the right to freely express their thoughts by speech, in writing and by any other means of communication“. With reference to the passive aspect, the Constitutional Court with judgment No. 105/1972 has highlighted the link between freedom of expression and freedom of enterprise and democratic state form.
The approach adopted by our Constitution cannot allow the notion of transparency to be one-dimensional, since it would be very limited and would clash with the Universal Declaration of Human Rights. Hence, the passive aspect of the right to information deserves protection as strong as the active one[19].
The absence of an explicit recognition of the right to be informed does not concern other legal systems. For example, the Spanish Constitutional Charter of 1978, much more “recent” and modern than the Italian Constitution, not only states the right “to freely communicate or receive truthful information by any means of communication” (Article 20), but explicitly recognizes the “right of citizens to access the archives and administrative registers, except in matters concerning the security and defence of the State, investigation into crimes and the privacy of persons” (article 105).
A notion of transparency emerges from the Madia Reform. Such notion is un-linked to the right to be informed, which does not encourage the formation of a critical awareness of citizens as they will not have a full access to administration data. Making the glass house, of which Turati spoke, means that the Administration should provide as much information as possible to the citizens without placing conditions or constraints to access it. Nevertheless, even an unconditional access to news poses a series of risks, especially the right to respect for private life, such as the possibility of providing the authorities with great opportunities for surveillance does not produce a more democratic system without an adequate explanation regarding the content of specify[20].
The expansion of the right to transparency, also due to the new technological capabilities, raises the question of how this right can be reconciled with the right to a private life, since it is necessary to achieve a correct balance between such two interests.
The solution of this problem can be derived from the analysis of European Union law, especially Article 4 of EU Regulation No. 679/2016 which states that privacy “is not an absolute prerogative, but it must be considered in the light of its social function and must be reconciled with other fundamental rights, in compliance with the principle of proportionality”, while transparency must be ensured consistently with the personal data protection[21]. In particular, we move from a model based on the right to propriety to one based on right to privacy in the technological scenario, as proposed by Rodotà[22], where privacy is attracted in the area of fundamental freedoms in which the development of technology unfolds and spreads outwards in an increasing quantity of data.
In the technological era, data dissemination requires the need to find the right tools to guarantee and protect the personal data held by citizens. The right to privacy has the status of individual fundamental right and it is protected by Articles 2, 3, 13, 14 15 of Italian Constitution and by Article 8 of the ECHR.
The internal framework for the processing of personal data derives from that of the European Union[23], substantially contained in the Regulation No. 679/2016 of the European Parliament[24], that from 2018 has taken the place of Directive No. 46/95/EC on personal data protection. In the Eu system, the right to private life is constructed as an “informational self-determination” in which citizens are given a full right to check their information tending not to forget them (i.e. the right to be forgotten)[25]. The individual choice to make his/her data available takes place through a contract by which they decide to give a specific consent to the data processing, subject to informative without prejudice to the right of access to him/her information well as rectification and erasure right in case of errors and breaches.
The right to privacy evolves as an inviolable and essential right for the development of an individual personality, establishing a bilateral relationship between data subject and data controller. The relationship covers subjective legal situations where each individual is the owner of his/her data.
However, when a citizen makes a huge amount of data available, he or she does so without giving free and informed consent before sharing his or her data. In this way a situation of obscure uncertainty realises where consensus tends to turn into a “non-consensus“[26], which, especially in economic relations, becomes and remains indispensable for access to the essential services of everyday life. In this way, the protection of privacy, originally based on consent and assisted by the guarantee of autonomy and awareness, can no longer be invoked.
On this point, a number of doubts have been highlighted about the purpose to use these data from those who collect them in massive form. As these data are anonymous, the data controller is not required to indicate the reasons to collect them and nothing would prevent their use for different reasons from the initial ones. Neither a similar risk is avoided by the rules of privacy that in Article 35 of Italian Data Protection Code guarantees the privacy protection through an ex ante assessment of the risks that would involve the aggregation of data “for the interests and freedoms of individuals“. On this aspect, some critically highlighted that such a well-conceived system could work in the case of data referable to a data controller, but not in the case of Big Data ‒ which are anonymous ‒, as in the latter case no one is able to sue the alleged perpetrators of the data breach due to the lack of legal bases for grievance and the impossibility of identifying the perpetrators, except through cross-checks[27]. The same impact assessment would appear to be a completely inadequate remedy and would lead to unsuccessful results, as the approval of Privacy Guarantor entails a semi-legal immunity[28].
2.1. Risks and consequences of uncontrolled data dissemination on the Constitutional rights: data mining and algorithmic governance
The problem of balancing privacy and transparency is also intertwined with the methods concerning the use of data and the consequences that an uncontrolled dissemination of the same can entail.
Data could be used as a starting point for predictive analyses (i.e., all predictive activities carried out in order to anticipate the behaviour of entire categories of subjects that presumably will assume in according to the projections of algorithm models, so-called data mining[29]). In particular, this form of processing is made possible through the use of current technologies which have a computing power such as to allow not to work on samples but on a whole mass of information. This is precisely one of the aspects for which the need to provide adequate privacy protection arises: in order to avoid not only the right to privacy to be breached, but also discrimination and violation of other constitutional rights.
The problem of algorithmic governance is linked to the danger of discrimination inherent in data mining which, if it occurs, can have repercussions on society as a whole, especially concerning the possible violation of fundamental rights[30]. For example, the predictive model has been applied during investigations on jihadist terrorism: if it turns out that the terrorists are mostly young men, coming from certain countries, anyone who presents these characteristics will be under special surveillance, automatically, on the base of what is revealed by the algorithm[31].
At this point it becomes necessary to guarantee the knowability of algorithm operation in order to evaluate the predictive investigations, since the algorithm may present errors that can have detrimental effects for the subjects involved[32].
Another case is represented by sensitive health data collected anonymously about a serious incapacitating disease spread in a specific area of the country. Therefore, persons may be are discriminated against due to the error of the algorithms[33]. These technologies make possible to exploit the power of Big Data to increase the data base on which one performs his or her own analyses, profiling the habits, preferences, trends of the insured in order to determine the relative insurance risk. This could occur when the assessment is carried out not by a human, but by an algorithm, that is to say to a fully automated procedure, which, in a more efficient and faster way, will assess: the insurance risk relating to a specific person; the convenience or otherwise the assumption of the risk; the amount of insurance premium; other elements of the insurance contract. Therefore, it becomes necessary that the algorithm operations are knowable, at least the source code of the algorithm, in order to check on its functioning. In this regard, the need to reveal how algorithms work becomes instrumental to its justice. Administrative jurisprudence regarding the use of authoritative acts based on algorithms has deemed it appropriate to accept the use of administrative acts for algorithmic errors[34]
-
The role of the Italian Regulatory Authorities in balancing privacy and transparency: the relevance of the guidelines
After analysing the difficulty of guaranteeing an effective balance between transparency and privacy, and the risks deriving from an uncontrolled dissemination of data, it is necessary to analyse how to bring together two regulatory systems: the first is the national regulatory discipline of privacy and the new EU regulation, characterized by the presence of a sector Authority (Privacy Guarantor) and various organizational models; the second is a transparency system that presents its own rules[35], in which the role of the National Anti-corruption Authority (ANAC) tends to build up a model aimed to prevent and reduce the risk of maladministration.
But is it possible to create a coexistence between these two systems?
This balance must be achieved by the legislator, who should define the methods for achieving this objective. Therefore, the legislator enjoys a great discretion which should, however, be assessed in accordance with EU rules[36]. Especially, it is necessary that the privacy restriction represents “a necessary and proportionate measure” considering the other public interests[37].
A violation of citizens’ right to privacy is one of the risks stemming from the publication of an enormous amount of data on the public administration websites, according to modalities that allow indexing and traceability through search engines. Indeed, it will be enough to type on Google the name and surname of the interested party to find all the published data of the Administration that can be linked with them[38].
The danger of the various models of transparency would therefore result in emptying the concept of privacy, which will also undermine the right to be forgotten. Therefore, it will be necessary to identify the various strategies that can be adopted by legislators to achieve an adequate balance between these two constitutional values[39]. Several proposals have been made on this issue[40].
In order to achieve this balance, the guidelines of Privacy Regulatory Authority in the transparency field assumes primary importance. Through such guidelines, the Guarantor tends to achieve the principles of minimization, relevance, and not excess[41]. The Privacy Code specifies the task entrusted to the Guarantor, namely: “to take care of the knowledge among the relevant public discipline concerning the processing of personal data and related purposes as well as data security measures[42]”. However, this provision indicates the aim to be pursued but not the means to achieve it.
The Guarantor’s guidelines, however, establish a first unitary framework regarding the devices that public subjects must employ in the activity of spreading personal data in order to maintain balance between privacy and transparency[43]. First, it is established that the administrations must only make available the exact personal data that are updated and contextually evaluating the purpose envisaged by the sector discipline for which there is a requirement to publish.
Therefore, even if the legislator is required to publish a series of data, he must assess, case by case, which data may be published, and which ones must be obscured. The identification work of the legislator must be inspired by an interaction of a series of principles including the necessity and relevance established by the Code, the indispensability to prohibit the data publication which reveals the state of health[44].
As regards the realization of this balance, an important role is also played by the ANAC, which is called to monitor compliance with the publication requirement. The competence of the ANAC is automatically intertwined with that of the Privacy Guarantor, as it plays a fundamental role in the implementation of a good coordination between the two Authorities. This coordination can be appreciated by Article 3, paragraph 1-bis that recognizes the possibility for ANAC, after having “heard the Privacy Guarantor about the events that personal data are involved”, even “for the exclusive purpose to reduce charges“, to “identify the data, information and documents subject to mandatory publication pursuant to the regulations in force for which publication in its entirety is replaced by that of summary information, processed by aggregation“.
ANAC guidelines regarding generalized civic access, approved on 29 December of 2016, seek to achieve this balance as well.
First, the Administration, before proving the existence of a prejudice to confidentiality, must demonstrate the existence of a specific causal link between access and damage. It must also provide that such prejudice has been caused by the dissemination of the requested information. The assessment, therefore, becomes a form of prognostic evaluation which brings the damage in a causal link, understood as a high probability of the prejudice deriving from the publication of the documents[45]. In assessing the existence of such prejudice, which will have to be evaluated concretely, the role of the procedure in which the administration will have to involve the counterparts, whenever the data minimization and anonymization techniques will be ineffective, and so it will gain particular importance. In such a scenario, the dialogue with the other parties will be necessary, becoming an index from which to infer the existence or not of a concrete prejudice.
But what are the limits of the current system and how would it be possible to achieve a balance between the two rights?
It has been observed that the Italian legal system needs to strengthen the role of the regulatory authorities[46]. It highlights that there are still serious doubts to assign regulatory powers to the independent Administrative Authorities, for the lack of a legal basis[47]. On this point, we must mention the two main orientations: the first strictly applies the rule of law, and therefore denies the regulatory power of Administrative Authorities to the extent that these powers can only be granted by law; the second enhances, instead, the theory of implicit powers according to which although there are powers not contemplated by the law. These powers must however be conferred as long as they are instrumental to the achievement of the assigned institutional aims. In this way, a real blank cheque would be given to the Authorities[48].
Administrative jurisprudence has shared the first orientation, rejecting a weak interpretation of the rule of law. In this regard, we quote the judgment of the Council of State No. 4874/2014 in the part where it states that:
«in the areas characterized by particular technicality […] the sector laws attribute to the individual independent administrative Authorities […], to ensure the pursuit of the legislative objectives set, not only individual administrative powers but also regulatory powers in the broad sense».
A corollary of the legal uncertainty framework is represented by the value to be assigned to the guidelines and, more in general, to the exercise of regulatory power – i.e, if they can be assimilated to soft law or hard law instruments[49]. From the framework outlined above, it emerges that the Italian legal system lacks a single control system, endowed with autonomy and independence, on civic access as well as powers of regulation and supervision. The Italian scenario differs from the other European realities where we find specific Authorities, also endowed with decision-making powers, in the matter to solve disputes regarding civic access. It is possible to mention the UK, where an Information Commissioner was established; Spain, which set up the Comisión de Transparencia y Buen Gobierno in 2013; Germany which, in 2006, chose to grant the Bundesbeauftragter für den Datenschutz und die Informationsfreiheit supervisory powers on transparency.
Some indication in the perspective of an intervention by the Italian legislator is provided by the judgment of the Constitutional Court No. 20/2019 concerning the constitutional illegitimacy of Article 1-bis, paragraph 14 of Legislative Decree No. 33/2013, that provides Administration’s requirement to publish data indicated in Article 14, paragraph 1, letter f) for all holders of managerial positions[50]. The Constitutional Court observed that the publication of a such large quantity of data must pass a proportionality test, since it does not facilitate the implementation of anti-corruption purposes, but rather creates an “opacity due to confusion” which hinders an effective control by individual citizens on administrative action.
With reference to the implementation of a balance between privacy and transparency, the judges pointed out what might be the legislator’s solutions for compliance with the proportionality test: the predefinition of income thresholds (the exceeding of which is a necessary condition to trigger the requirement to publish); the dissemination of data covered by anonymity; publication in nominative form of information following predefined scales; the simple lodging of personal declarations with the competent supervisory authority. The Court emphasizes, however, that it is for the legislature, in view of its wide discretion, to choose the most appropriate remedy[51].
Another indication provided by the Constitutional Court in judgment No. 20/2019 is the need to ensure an adequate protection of personal data. So, it must be ensured by indexing or by easily retrieving through search engines[52]. Therefore, although the objective is to ensure a freedom of access to information we should consider the risk of a “crystallization” of information in the network. For this reason, we have a duty to find a valid balance between indexation of data and privacy[53].
***
[1] The scientific literature on the evolution of transparency in the Italian legal system is extensive. Without claiming to be exhaustive, on the constitutional basis of the principle of transparency, see G. De Minico, Towards an “Algorithm Constitutional by Design”, in www.bio-diritto.org, 1/2021, 391 ff.; A. Patroni Griffi, Il fondamento costituzionale della legislazione in tema di trasparenza e di lotta alla corruzione: alcune riflessioni, in www.forumcostituzionale.it, 29 March 2016; S. Foa, La nuova trasparenza amministrativa, in Dir. amm., 1/2018; M. Orefice, I big data e gli effetti su privacy, trasparenza e iniziativa economica, Rome, 2018; G. Arena, Trasparenza amministrativa (ad vocem), in Enc. Giur., XXXI (1995), 1 ff.; P. Tanda, La trasparenza nel moderno sistema amministrativo, in Nuove auton., 1/2008, 161-166; G. Abbamonte, La funzione amministrativa tra riservatezza e trasparenza, Introduzione al tema, in AA.VV., L’amministrazione pubblica tra riservatezza e trasparenza. Atti del XXXV Convegno di Studi di Scienza dell’Amministrazione – Varenna 1989, Milan, 1991, 8 ff.; P. Barile, Il dovere di imparzialità della pubblica amministrazione, in AA. VV., Scritti di diritto costituzionale, Padua, 1967, 198 ff.; S. Cognetti, Profili sostanziali della legalità amministrativa, Milan, 1993; C. D’Agostino, L’attività della pubblica amministrazione fra trasparenza e riservatezza nella legge n. 241/1990, in Nuova legislativa dottrinale e giurisprudenziale, 1996, 879 ff.; A. D’Antonio Castiello, La L. n. 241/1990 sul procedimento amministrativo e le sue disposizioni di principio, Rome, 1993, 32; M. Luciani, Nuovi diritti fondamentali e nuovi rapporti fra cittadino e pubblica amministrazione, in Riv. Crit. Dir. Priv., 1985, 61 ff.; P. Marsocci, Gli obblighi di diffusione delle informazioni e il d.lgs. 33/2013 nell’interpretazione del modello costituzionale di amministrazione, in Ist. Fed., 2013, 700-704; R. Carrida, Principi costituzionali e pubblica amministrazione, in www.giurcost.org, 2014, 22 ff.
[2] R. Marrama, La pubblica amministrazione tra trasparenza e riservatezza nell’organizzazione e nel procedimento amministrativo, in Dir. proc. amm., 1989, 418.
[3] On the issue of comprehensibility of administrative language to ensure citizen understanding, there have been a number of legislative actions such as the Code of Style, created by the Ministry of Public Administration in 1993 and 1997. See also the Directive of the same Ministry on the simplification of the language of administrative texts of May 2002. On this point, G. Arena (edited by), La comunicazione di interesse generale, Bologna, 1995; A. Fioritto (edited by), Manuale di stile, Bologna 1997; G. Arena, Comunicazione e amministrazione condivisa, in S. Rolando (edited by), Teoria e tecniche della comunicazione pubblica. Dallo Stato sovraordinato alla sussidiarietà, Milan, 2002, 45 ff.; M. Viale, Studi e ricerche sul linguaggio amministrativo, Padua, 2008.
[4] Article 15 of Presidential Decree 10 January 1957, foresaw that “The employee must maintain the secrecy of office and may not give to anyone who does not have the right to do so, even if they are not secret documents, information or communications relating to administrative measures or operations of any nature and news of which he has become aware because of his office, when damage may result to the Administration or third parties. Within the scope of his duties, the employee assigned to an office issues, to those who are interested, copies and extracts of official acts and documents in cases not prohibited by law, regulations or the head of the department“.
For an accurate reconstruction about the discipline of official secrecy obbligation, see G. Arena, Il segreto amministrativo, Padua, 1984; M. Clarich, Diritto di accesso e tutela della riservatezza: regole sostanziali e tutela processuale, in Dir. proc. amm, 3/1996; S. Vaccari, L’evoluzione del rapporto tra la Pubblica Amministrazione e le persone nel prisma dello sviluppo della «trasparenza amministrativa», in Jus-online, 3/2015.
[5] On the configuration of transparency as a “regime of visible power”, see N. Bobbio, La democrazia e il potere invisibile, in Riv. trim. sc. pol., 1980, 181 ff.
[6] G. Terracciano, La trasparenza amministrativa da valore funzionale alla democrazia partecipativa a mero (utile?) strumento di contrasto della corruzione, in www.amministrativamente.com, 11-12/2014, 9.
[7] The concept of vertical transparency is due to H. Chardon, L’Administration de la France: les fonctionaires, Paris, 1908.
[8] In this regard G. Arena, Trasparenza amministrativa, cit., 5946-5947, according to which the transition from a vertical concept to a horizontal concept of transparency and therefore open to the citizens draws its own «legitimization precisely in the vote expressed by the same administrators as voters». According to the Author «the administration understood as servant apparatus of political power is not necessary to be transparent to the eyes of public opinion, indeed from the point of view of certain governed it is better that it is not at all; hence the long persistence in our system of official secrecy».
[9] R. Marrama, La pubblica amministrazione, cit., 421.
[10] Expression used by L. Califano, Trasparenza e privacy nell’evoluzione dell’ordinamento costituzionale, in Giorn. stor. cost., 31/2006, 80.
[11] On this point we see M. Orefice, Gli open data tra principio e azione: lo stato di avanzamento, in www.forumcostituzionale.it, 25 May 2015.
[12] The Freedom of Information Act (FOIA) was born in USA in 1966 to give effect to “the right to know” (expression used for the first time by K. Cooper, The Right to Know: An Exposi1ion of the Evils of News Suppression and Propaganda, New York, 1956), which stems from free speech and, more importantly, freedom of information. It claimed the right to contest «arbitrary political power, preparing the way for the revolutionary concepts of popular sovereignty and the people’s right to know, which were eventually embodied in the American Constitution» (H.N. Foerstel, Freedom of information and the right to know, Greenwood press, Westport, Connecticut, 1999, 8). For a valid historical excursus on American FOIA, see M. Orefice, I Big Data, cit., 39-45.
About Italian FOIA see the Explanatory Report attached to the Legislative Decree revising and simplifying the provisions on the prevention of corruption, publicity and transparency correcting the Law of 6 November 2012 no. 190 and the Legislative Decree of 14 March 2013 no. 33, pursuant to article 7 of the law of 7 August 2015 no. 124, on the reorganization of Public Administrations.
For an in-depth study of Legislative Decree no. 33/2013, see F. Lombardi, La problematica definizione dell’ambito soggettivo di applicazione degli obblighi di pubblicità, trasparenza e diffusione di dati, informazioni e documenti previsti dal d.lgs. 33/2013, in www.federalismi.it, 15/2019; M. Avvisati, L’accesso civico universale nell’emergenza: dal bilanciamento fra diritti alla mission di servizio pubblico, in www.astrid-online.it, 4 November 2020; S. Milazzo, Trasparenza nella Pubblica amministrazione e accesso civico: analisi degli elementi di innovazione e di criticità della disciplina del FOIA italiano, di cui al D.lgs. 25 maggio 2016, n. 97, in http://www.ildirittoamministrativo.it/archivio/allegati/FOIA%20a%20cura%20di%20SALVATORE%20MILAZZO.pdf; P. Canaparo, L’ampliamento dell’ambito soggettivo di applicazione della trasparenza e l’introduzione del limite generale della compatibilità della disciplina, in ID. (edited by), La trasparenza della pubblica amministrazione dopo la Riforma Madia, Rome, 2016; M. Savino, Il FOIA italiano. La fine della trasparenza di Bertoldo, in Gior. dir. amm., 5/2016; F. Giglioni, I soggetti obbligati alla disciplina sulla trasparenza, in B. Ponti (edited by), Nuova trasparenza amministrativa, cit., 69 ff.; P. Adami, Specificità, progressi e limiti delle autorità indipendenti verso un’amministrazione più aperta, in A. Natalini – G. Vesperini (edited by), Il Big Bang della Trasparenza, Naples, 2015; D.U. Galetta, Accesso civico e trasparenza della Pubblica Amministrazione alle luce delle (previste) modifiche alle disposizioni del Decreto legislativo n. 33/2013, in www.federalismi.it, 5/2016.
[13] G. De Minico, La trasparenza della P.A. costruita sull’asimmetria, in Il Sole 24 ore, 21 maggio 2017, 13 «[…] Internet time has suggested to Americans the more advanced philosophy of open data. With it, the information, created by the administration with the data provided by the citizens, is acquired to the concept of common good: a good shared and sharable between citizens and administration. Therefore, its legal regime no longer follows the Foia model, and therefore does not repeat the drawback of tyrannical and singularly privileged information. It translates into a simple obligation for the administration to publish every piece of data in its possession, and to this generalized duty for object and addressee corresponds a real right of anyone to the knowledge of the informative patrimony of the public subject, with the exception of the various state secrets and similar». See also L. Califano, Trasparenza e privacy, cit., 93.
[14] The literature on the subject of FOIA is broad, among the various contributions on the subject especially in a comparative key see M. Orefice, I Big Data, cit.; R. Tarchi, Il diritto d’accesso nella prospettiva comparata, in C. Colapietro (edited by), The right of access and the Commission for access to administrative documents twenty years after the law n. 241 of 1990 , Naples, 2012, 141 ff.; R. Vleugels , Overview of all FOI laws, 30 September 2012, 2 ( www.right2info.org ), in which, in 2012, Zimbabwe and Italy are also included among the 93 FOIA systems in the world, specifying, however, that the respective laws are less advanced; G. Sgueo, L’accessibilità ad atti e informazioni nell’Unione europea: un percorso in divenire, in A. Natalini ‒ G. Vesperini (edited by), Il big bang della trasparenza, Naples, 2015, 163 ff.
[15] Article 5, paragraph 1 of Legislative Decree no. 33/2013 establishes: “The requirement established by the current legislation for public administrations to publish documents, information or data entails the right of anyone to request the same, in cases where their publication has been omitted Article 5, paragraph 1provides, that ” anyone has the right to access the data and documents held by the public administrations, other than those subject to publication pursuant to this decree, in compliance with the protection limits of legally relevant interests in accordance with article 5-bis “. With regard to the limits of this institute, see D. U. Galetta, Accesso civico, cit.,: «[The] civic access is limited in two ways: firstly, it is limited only to documents, information and data subject to the publication obligations imposed on the administrations by the Decree; secondly, it is not identified as an autonomous right, but as a sanction with respect to failure to comply with publication obligations».
[16] A. Porporto, Il “nuovo” accesso civico “generalizzato” introdotto dal d.lgs. 25 maggio 2016, n. 97 attuativo della riforma Madia e i modelli di riferimento, in www.federalismi.it, 12/2017. It is worthwhile to recall the judgment no. 515/2016, 77, rendered by Italian Council of State on the Madia Reform, that highlights the positive aspects of the reform. In fact, it underlines that «The passage from the need to know to the right to know (from need to right to know, in the English definition FOIA) is for the national law a kind of Copernican revolution, being able to really evoke a familiar image, dear to Filippo Turati, Public Administration transparent as a glass house?».
[17] G. Gardini, “La nuova trasparenza amministrativa: un bilancio a due anni dal “FOIA Italia”, in www.federalismi.it, 19/2018.
[18] G. Gardini, “La nuova trasparenza, cit.
[19] In this regard see G. Gardini, La nuova trasparenza, cit.
[20] F. Merloni, Trasparenza delle istituzioni e principio democratico, Milan, 2008, 8.
[21] Article 1, paragraph 2 of Legislative Decree no. 33 of 2013, which solemnly affirms the numerous constitutional references of transparency principle. It states that this must be ensured “in compliance with the provisions regarding the protection of personal data”.
[22] S. Rodotà, Tecnologia e diritti, Bologna, 1995.
[23] The reference text in our system is the “Codice in materia dei dati personali”, the legislative decree no. 196/2003, which transposes the European Union legislation.
[24] Regulation (eu) 2016/679 of the European Parliament and of the Council of 27 April 2016 about the protection of natural persons concerning the processing of personal data, as well as the free circulation of such data and repealing Directive 95/46/EC.
[25] This evolution was achieved through a progressive evolution of the case law of the Italian Supreme Court. See for example: Cass. civ., section I, no. 2129/1975; Cass. civ., section I, no. 8889/2001; Italian constitutional Court, no. 81/1993. In this regard, see among the various contributions on the subject S. Rodotà, Technologies and Rights, Bologna, 1995; A. Cerri, Riservatezza (right to), III, Constitutional Law (item), in the Legal Encyclopedia, Rome, 1995, 1-4; S, Rodotà, Tecnologie e diritti, cit., 18-27; G. Famiglietti, Il diritto alla riservatezza o la riservatezza come diritto. Appunti in tema di riservatezza ed intimidad sulla scorta della giurisprudenza della Corte costituzionale e del Tribunal Constitucional. Intervento al seminario Bio-tecnologie e valori costituzionali: il contributo della giustizia costituzionale, Parma, 19 March 2004.
[26] W. Kerber, Digital markets, data and privacy: competition law, consumer law and data protection, in GRUN int, 2016, 641 ff.
[27] In this regard see. G. De Minico, Libertà in Rete e Libertà dalla rete, Turin, 2020, 235 ff.
[28] Always see G. De Minico, Big data e la debole resistenza delle categorie giuridiche. Privacy e lex mercatoria, in Dir. pubbl., 1/2019, 96, which in this regard states that an «oxymoron of impact assessment» would be realized.
[29] Federal Trade Commission, Big Data. A Tool for Inclusion or Exclusion? Understanding the Issues, ftc Report, January 2016, in rpt.pdf.
[30] C. Narducci, Intelligenza artificiale e discriminazione, in www.gruppodipisa.it, 3/2021.
[31] F. Bignami, European Versus American Liberty: A Comparative Privacy Analysis of Anti-Terrorism Data-Mining, in Boston College Law Review, 48/2007, 637; B. Goold, Privacy, Identity, cit., 12-25; A. Mantelero, Personal data for Decisional Purposes in the age of Analytics: From an individual to a Collective Dimension of Data Protection, in Computer Law & Security Review: The International Journal of Technology Law and Practice, 2/2016, 10-11; S. Rodotà, Tecnologie e diritti, cit., 90-91.
[32] In this regard, WP29 itself considers that: “profiling and automated decision-making can entail significant risks for the rights and freedoms of natural persons, who require adequate guarantees. These processes may be non-transparent. Individuals may not know that they are profiled or do not understand the consequences. Profiling can perpetuate stereotypes and social segregation. It can also confine a person to a specific category and limit it to the preferences suggested for that category. This can undermine people’s freedom to choose, for example, certain products or services such as books, music or newsfeeds. In some cases, profiling can lead to inaccurate forecasts, in others to the denial of services and assets and unjustified discrimination“, in Guidelines on automated decision-making concerning individuals and profiling for the purposes of regulation 2016/679, WP 251 rev .01, 6; see also A. Moretti, Algoritmi e Diritti fondamentali della persona. Il contributo del regolamento (UE) 2016/697, in Dir. inform., 4/2018, 802 ff.
[33] This issue is part of the broad concept of “risk score“, i.e., the tendency to assign a score to the citizen on the basis of which to provide or not a certain service. Again, we are in the area of discriminations operated by algorithms, starting from the so-called predictive police to the calculation of creditworthiness, or the risk of using algorithms from Public Administration for the performance of restricted activities. In this regard see A. Bonfanti, Big data e polizia predittiva: riflessioni in tema di protezione del diritto alla privacy e dei dati personali, in www.medialaws.eu, 3/2018, 206 ff.
A further example can also be represented by the use of algorithms in the field of Banking-Financial Law. On the point see M.T. Paracampo, FinTech tra algoritmi, trasparenza e algo-governance, in Diritto della banca e del mercato finanziario, 2/2019, 213 ff.; G. Biferali, Big data e valutazione del merito creditizio per l’accesso al peer to peer lending, in Dir. inform, n3/2018, 487 ff.; C. Alvisi, I trattamenti nel settore bancario, finanziario e assicurativo, in L. Califano-C. Colapietro (edited by), Innovazione tecnologica e valore della persona. Il diritto alla protezione dei dati personali nel Regolamento UE 2016/679, Naples, 2017.
[34] The judge makes an assessment that will not be of merit, but a review of the technical discretion that also concerns the accuracy of the selected parameter. The administrative judgment, in this case, will not be based on a mere review of discretion, but it will be possible to review the correctness of the chosen parameter. In this way, the judge will carry out an assessment which will not be one of merit, but a review of technical discretion which also concerns the correctness of the chosen parameter. He will not go into the merits of the case, but will be able to reveal whether the algorithm has discriminatory aspects that must be eliminated. So, in this way, the Administration proceeds to correct the algorithm and create a new one.
In this sense, see the judgment Cons. State, section VI, 8 April 2019, no. 2270, relating to one of the first Italian disputes relating to the use of an algorithm by an administration ‒ in this case the Ministry of Education ‒ for the management of an administrative procedure aimed at the assignment of positions to tenured Professors. This judgment addresses the delicate problem of the automation of administrative procedures, establishing key principles regarding the interpretation and declination of the measures adopted through them and the consequent administrative responsibility. This sentence established that the result deriving from the application of the algorithm implies that the administrative act is considered as an IT administrative act. In particular, the judgment states that: «the absence of human intervention in some administrative procedures, totally delegated to Artificial Intelligence, is not only legitimate but also desirable, because it strengthens good performance and impartiality. However, the computerized administrative procedure must use algorithms that are transparent, to admit the union by the administrative judge». From this judgment it emerges, therefore, that in any case the algorithms must be submitted to the full review of the administrative judge. The judgment in question overcomes the dictum that emerged from the judgment of Regional Admnistrative Tribunal (judgment no. 9227/2018), in which the need of a human procedure to the administrative procedure was affirmed. The reform of the administrative process, among other things, has expanded the means of technical evidence, so it is possible not only to verify the reliability but also challenge the legitimacy of the algorithm.
From this analysis, it emerges the critical point of the new Privacy regulation choose secrecy over visibility. This interpretation derives from Article 34, paragraph 9, establishing only the faculty, not the obligation of the holder to collect the opinions of the interested parties “if appropriate”. Therefore, the author is free to grant or deny access to the algorithm. Therefore, there is a degradation of the right to know the algorithm, given the situation of digital darkness (G. De Minico, Towards an Algorithm, cit., 393-398; Id., Fundamental rights, European digital regulation and algorithmic challenge, in www. medialaws.eu, 1/2021, 28 ff.).
Another problem is the form of algorithm accountability where the predictive analytics error can only be understood after accessing the algorithm code. A possible solution is offered by G. De Minico, Big data e la debole resistenza delle categorie giuridiche. Privacy e lex mercatoria, cit., 96, that brings the algorithm back into the dangerous activities and the danger is not considered in the activity but in relation to the effects that it produces towards third parties, applying the normative discipline foreseen by Article 2050 Italian civil code, which is a form of objective responsibility that does not depend on malice and guilt.
[35] Legislative Decree no. 33/2013 is currently also known as the “code of transparency“. See G. Gardini, Il codice della trasparenza: un primo passo verso il diritto all’informazione amministrativa?, in Giorn. dir. amm, 2014, 875 ff.; on the Code of Transparency after Legislative Decree no. 97/2016 see B. Ponti (edited by), Nuova trasparenza amministrativa e libertà di accesso alle informazioni, Rimini, 2016.
[36] E. Carloni ‒ M. Falcone, L’equilibrio necessario. Principi e modelli di bilanciamento tra trasparenza e privacy, in Dir. pubbl., 3/2017, 737 ff.
[37] On this point, reference is made to art. 23 of the EU Regulation 2016/679.
[38] In this regard, see the reports to the Privacy Guarantor concerning the subjecting of some persons to mandatory medical treatment (ex multis Prov. Guarantor 21 February 2013, in www.garanteprivacy.it, doc. web no. 2355041), or in the case of data (names, surnames and results expressed in numerical terms) relating to the intermediate tests taken by participants not admitted to the oral examination of a competition (Prov. Guarantor 6 December 2012, in www.garanteprivacy.it, doc web no. 2223278).
[39] The need to avoid a conflict between “transparency and privacy” is well recognized by M. Viggiano, I limiti alla pubblicità dell’azione amministrativa per finalità di trasparenza, in L. Califano ‒ C. Colapietro (edited by), Le nuove frontiere della trasparenza, Naples, 2014, 241.
[40] Among the various strategies and models to be used, see E. Carloni ‒ M. Falcone, L’equilibrio necessario, cit, 741 ff.
[41] L. Califano, Trasparenza e privacy, cit.
[42] Legislative Decree no. 196/2003, article 154, paragraph 1, lett. h).
[43] Guidelines on the treatment of personal data which also acts and administrative documents, made for aim of advertising and transparency on the web from public and other entities obliged subjects (Prov. Guarantor 15 May 2014 in www.garanteprivacy.it, web document no. 3134436).
[44] In this sense, you see. L. Califano, Trasparenza e privacy, cit.
[45] In this regard, reference is made to the Foia Guidelines, pt. 5.2, 11, which states: “The administration, is required to verify, once ascertained the absence of absolute exceptions, if the exposition of the acts can determine a concrete and probable prejudice to the interests indicated by the legislator. In order for access to be refused, the prejudice against the interests considered by paragraphs 1 and 2 must be concrete, therefore there must be a precise causal link between access and injury.
The administration, in other words, cannot limit itself to prefiguring the risk of a bias in a generic and abstract way, but will have to:
- a) clearly indicate which – among the interests listed in art. 5 bis, co. 1 and 2 – is affected;
- b) to assess whether the (concrete) prejudice envisaged depends directly on the disclosure of the information requested;
- c) assess whether the prejudice resulting from the disclosure is a highly probable event, and not only possible”.
[46] For a precise analysis on the limits of generalized civic access, see G. Gardini, La nuova trasparenza, cit.
[47] The literature on the subject is extensive, among all see M. Foglia, I poteri normativi delle Autorità amministrative indipendenti, in Quaderni reg., 2008, 569.
[48] S. Foa, I regolamenti delle autorità amministrative indipendenti, Turin, 2002, 119.
[49] On this point see E. Grosso, Autorità indipendente o autorità onnipotente?, Bari, 2002, 159, with reference to the publication of codes of ethics, reproaches the guarantor of playing a role in the rules of production; P. Bilancia, Riflessi del potere normativo delle Autorità indipendenti sul sistema delle fonti, in Dir. soc., 1999; S. Morettini, Il soft law nelle Autorità indipendenti: procedure oscure e assenza di garanzie? I paper dell’Osservatorio sull’Autorità di impatto della Regolazione, in www.osservatorioair.it, 4/2011.
It should be noted that the power exercised by the Administrative Authorities, in particular the Privacy Guarantor, takes on a normative value according to the type of act adopted, which may or may not have normative value. On the normative value of the guidelines of the Guarantor of Privacy of June 25 2009 on the publication of health data on websites, see A. Rubino, Nota alle linee guida del Garante per la protezione dei dati personali “in tema di trattamento di dati personali per finalità di pubblicazione e diffusione nei siti web esclusivamente dedicati alla salute“, in www.osservatoriosullefonti.it, 1/2012, 3, according to which the Guarantor exercises «a power comparable to the regulatory one. However, there have been occasions when the same jurisprudence of merit has denied the preceptive value of the acts posed by the Guarantor, in particular on the point we can see Trib. Civ. Rome, section I, 2 October 2009, with reference to the value of the guidelines of the Privacy Guarantor regarding the data carried out by experts and technical consultants, issued on 31 July 2008, according to which “these are indications peacefully devoid of a preceptive value”».
[50] O. Pollicino ‒ F. Resta, Trasparenza amministrativa e riservatezza, in Agenda digitale, 25 febbraio 2019; O. Pollicino ‒ G. Repetto, Not to be pushed aside. The Italian Constitutional Court and the European Court of Justice, in Verfassungsblog, 27 febbraio 2019; A. Corrado, Gli obblighi di pubblicazione dei dati patrimoniali dei dirigenti alla luce delle indicazioni della Corte costituzionale, in www.federalismi.it, 27 febbraio 2019; G. Bronzini, La sentenza n. 20/2019 della Corte costituzionale italiana verso un riavvicinamento all’orientamento della Corte di Giustizia?, in Questione giustizia, febbraio 2019; A. Ruggeri, La Consulta rimette a punto i rapporti tra diritto eurounitario e diritto interno con una pronunzia in chiaroscuro (a prima lettura), in www.giurcost.org, 1/2019, 113 ss.; R. Conti, Giudice comune e diritti protetti dalla Carta UE: questo matrimonio s’ha da fare o no?, in Giustizia insieme, 4 marzo 2019; G. Vitale, I recenti approdi della Consulta tra Carte e Corti. Brevi considerazioni sulle sentenze nn. 20 e 63 del 2019 della Corte costituzionale, in www.federalismi.it, 22 maggio 2019; S. Catalano, Doppia pregiudizialità: una svolta opportuna della Corte costituzionale, in www.federalismi.it, 22 maggio 2019.
[51] Point of law no. 5.3.2., Costitutional Court judgment no. 20/2019.
[52] Point of law no. 5.3.1., Costitutional Court judgment no. 20/2019.
[53] To achieve this goal, a solution envisaged could be those of the guidelines of Privacy Guarantor no. 243/2017, which allows a consultation of data published on-line not through external search engines, but through search features inserted within the sites where personal datas are stored. In this regard M. Macchia ‒ C. Figliolia, Autorità per la privacy e Comitato europeo nel quadro del General Data Protection Regulation, in Gior. dir. amm., 4/2018, 423; A. Patroni Griffi, L’indipendenza del garante, in www.federalismi.it, 4/2018.
The enhancement of the principle of proportionality and the need to achieve a balance between privacy and data indexing led the legislator, with Decree Law No. 162/2019, converted into Law No. 8/2020, to undertake a legislative intervention linked to the criterion of proportionality stemming from EU law. In this way, proportionality becomes a tool to achieve further reforms in the field of administrative transparency in implementation of the judgment No. 20/2019 with reference to holders of executive positions. The hope is that the legislator will take action to implement interventions aimed at providing a clear and sufficiently decisive framework in the field of transparency (V. Fanti, La trasparenza amministrativa tra principi costituzionali e valori dell’ordinamento europeo: a margine di una recente sentenza della Corte Costituzionale (n. 20/2019), in www.federalismi.it, 5/2020, 57).