03/02/2020
CURIA - Documents
conferred on individuals, the data on whom are the subject of processing, to be informed that processing is taking
place, to consult the data, to request corrections and even to object to processing in certain circumstances’.
Article 2 of Directive 95/46 provides:
‘For the purpose of this Directive:
“personal data” mean any information relating to an identified or identifiable natural person (data subject),
whereby an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an
identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or
social identity;
“processing of personal data” (“processing”) shall mean any operation or set of operations which is performed
upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making
available, alignment or combination, blocking, erasure or destruction;
…
“controller” shall mean the natural or legal person, public authority, agency or any other body which alone or
jointly with others determines the purposes and means of the processing of personal data; where the purposes and
means of processing are determined by national or Community laws or regulations, the controller or the specific
criteria for his nomination may be designated by national or Community law;
…’
Article 3 of that directive, entitled ‘Scope’, states, in paragraph 1:
‘This Directive applies to the processing of personal data wholly or partly by automated means, and to the
processing other than by automated means of personal data which form part of a filing system or are intended to
form part of a filing system.’
In Section I (entitled ‘Principles relating to data quality’) of Chapter II of Directive 95/46, Article 6 is worded as
follows:
‘1.
Member States shall provide that personal data must be:
processed fairly and lawfully;
collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those
purposes. Further processing of data for historical, statistical or scientific purposes is not to be considered as
incompatible provided that Member States provide appropriate safeguards.
adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further
processed;
accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which
are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are
further processed, are erased or rectified;
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for
which the data were collected or for which they are further processed. Member States must lay down appropriate
safeguards for personal data stored for longer periods for historical, statistical or scientific use.
2.
It shall be for the controller to ensure that paragraph 1 is complied with.’
In Section II (entitled ‘Criteria for making data processing legitimate’) of Chapter II of Directive 95/46, Article 7
provides:
‘Member States shall provide that personal data may be processed only if:
…
processing is necessary for compliance with a legal obligation to which the controller is subject;
…
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official
authority vested in the controller or in a third party to whom the data are disclosed;
processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party
or parties to whom the data are disclosed, except where such interests are overridden by the interests for
fundamental rights and freedoms of the data subject which require protection under Article 1(1).’
Article 12 of that directive, entitled ‘Rights of access’, provides:
‘Member States shall guarantee every data subject the right to obtain from the controller:
…
as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the
provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data;
…’
Article 14 of Directive 95/46, entitled ‘The data subject’s right to object’, provides:
‘Member States shall grant the data subject the right:
at least in the cases referred to in Article 7(e) and (f), to object at any time on compelling legitimate grounds
relating to his particular situation to the processing of data relating to him, save where otherwise provided by
national legislation. Where there is a justified objection, the processing instigated by the controller may no longer
involve those data;
…’
Article 28 of Directive 95/46 provides for the establishment by the Member States of a supervisory authority
responsible for supervising the application of the provisions adopted pursuant to that directive.
Italian law
Article 2188 of the codice civil (Civil Code) provides:
‘A companies register shall be established for entries in the register required by law.
curia.europa.eu/juris/document/document.jsf?text=&docid=188750&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1151671
3/8