The Italian Data Protection Authority: functions and composition in 2025

The Italian Data Protection Authority is the independent administrative agency in charge of protecting fundamental rights and freedoms, guaranteeing respect for dignity in personal data processing operations. Established in 1996 by the so-called Privacy Act (Law No. 675 of 31 December 1996) and subsequently regulated by the Personal Data Protection Code (Legislative Decree No. 196 of 30 June 2003), the Authority’s main task is to ensure that the processing of personal data complies with Regulation (EU) 2016/679 (GDPR) and national legislation. In this context, it may prescribe measures to data owners or managers to ensure that the fundamental rights and freedoms of individuals are respected.
The Authority actively cooperates with other European supervisory agencies, offering mutual support to ensure the correct and uniform application of the Regulation. It also has the mandate to examine citizens' complaints and to intervene in the event of infringements, issuing warnings, orders to comply, provisional or definitive restrictions on processing, and provisions for the rectification or deletion of data.
Among its tasks are also the adoption of measures provided for in the legislation on the protection of personal data and the power to report, also on its own initiative, to Parliament and other bodies on the need to introduce new legislative or administrative measures. The Authority also takes an active role in the debate on legislative proposals, providing opinions and participating in parliamentary hearings.
Furthermore, every year the Authority draws up a report on the activities carried out and on the state of implementation of the relevant legislation, which is forwarded to the Parliament and the Government.
The Data Protection Authority is a collegial body, composed of four members elected by the Parliament, who remain in office for a seven-year non-renewable term. The current board, elected on 14 July 2020 and in office since 29 July 2020, consists of the following members:
- Pasquale Stanzione, President: jurist and scholar with a long academic and institutional career, specialised in the protection of fundamental rights;
- Ginevra Cerrina Feroni, Vice President: lawyer with relevant experience in the academic and institutional spheres, active on the issues of privacy, fundamental rights and new technologies;
- Agostino Ghiglia, Member: jurist, former member of the Parliament and senior civil servant with experience in the public and private sectors, active on the issues of privacy and digital rights;
- Guido Scorza, Member: lawyer, journalist and university lecturer, expert in new technology law and privacy.